Security and privacy

A.Y. 2021/2022
Overall hours
Learning objectives
The aim of the course is to introduce the students to the conceptual and practical bases of Information Security and Privacy, placing a certain emphasis on the more implemented aspects of the discipline. The reference domain will be represented by the systems with particular emphasis on the Linux system and networks.
Expected learning outcomes
At the end of the course the student will be able to: evaluate the main vulnerabilities present in a given system; exploit some of these vulnerabilities to gain unauthorized access to information or systems; identifying the best countermeasures to be adopted in the face of the most common attacks, assessing the main threats to privacy deriving from the use of specific IT technologies, designing a computer security system for small realities.
Course syllabus and organization

Single session

Lesson period
First semester
Course syllabus
During the course the following topics will be addressed:
Introduction to cybersecurity and terminology
Main protection tools:
- Introduction to cryptography
- Identification and Authentication
- Access control
- Auditing
Software security
- Buffer overflow
- Malware
- The security of operating systems
The security of the web
- the HTML protocol
- XSS and CSRF
- SQL Injection
Network security
- The TCP / IP protocol
- Some network attacks
- WiFi security
- Cloud security
Organizational Aspects of Cybersecurity
- IT security management
- Security policies
Elements of Ethics and Privacy

Laboratory activities:
- use of cryptographic tools: PGP and main cryptographic algorithms
- Access control system in UNIX
- Passwd Crackers
- Introduction to Metasploit
- Web attacks
Prerequisites for admission
Before attending the course students should give the following exams
- Programming
- Computer architectures
- Operating systems
- Computer networks
Teaching methods
Teaching will be carried out in frontal mode through the projection of slides and the possible commentary of some films.
The laboratory activities will be carried out in the classroom, in order to carry out these activities students are required to have a portable PC on which they can install at least two copies of virtual machines.
Teaching Resources
W. Stallings, L. Brown
Computer Security: Principles and Practices, IVth edition, Global Edition
Pearson ed.
ISBN 10: 1-292-22061-9
ISBN 13: 978-1-292-22061-1
Assessment methods and Criteria
The exam involves passing two tests: a practical test and an oral test.
In the practical test lasting 3 hours, the student must demonstrate to have acquired the skills and dexterity necessary to independently carry out exercises of similar complexity to that of the exercises carried out during classes. The test will be evaluated with the following scale in descending order: A, B, C, D, INSUFFICIENT. The grade of test will be communicated to students via the course web site, within a week.
Passing the practical test is a NECESSARY requirement for admission to the oral exam.
During the oral exam the student must demonstrate that he has assimilated the notions imparted during the theoretical lessons and acquired sufficient autonomy of reasoning that allows him to apply the aforementioned notions to different application contexts. The oral exam will be evaluated out of thirty to which the scores of the laboratory test will be added with the following criterion:
A -> + 3 points
B -> + 2 points
C -> + 1 point
D -> + 0 points
The practical test and the oral test must be taken in the same session. Failure to take the oral exam leads to the remaking of the entire exam.
INF/01 - INFORMATICS - University credits: 6
Laboratories: 24 hours
Lessons: 36 hours
Educational website(s)
send an email to danilo[dot]bruschi[at]unimi[dot]it
Room P115, Via Comelico