Security of Data-Intensive Architectures
A.Y. 2025/2026
Learning objectives
The course aims to:
- Introduce the fundamentals of cyber security applied to intelligent systems and distributed architectures.
- Analyze techniques for protecting semi-structured and unstructured data, with a focus on confidentiality, integrity, and authentication.
- Explore standards and authorization languages for secure access to web services and network resources.
- Study AI pipelines and related security risks, including adversarial attacks and vulnerabilities in ML models.
- Deepen the methodologies for assurance and certification of intelligent systems, with a focus on statistical testing and risk assessment.
- Apply threat modeling techniques, such as STRIDE-AI, to evaluate the robustness of AI architectures.
- Introduce the fundamentals of cyber security applied to intelligent systems and distributed architectures.
- Analyze techniques for protecting semi-structured and unstructured data, with a focus on confidentiality, integrity, and authentication.
- Explore standards and authorization languages for secure access to web services and network resources.
- Study AI pipelines and related security risks, including adversarial attacks and vulnerabilities in ML models.
- Deepen the methodologies for assurance and certification of intelligent systems, with a focus on statistical testing and risk assessment.
- Apply threat modeling techniques, such as STRIDE-AI, to evaluate the robustness of AI architectures.
Expected learning outcomes
Upon completion of the course, students will acquire skills in the following areas:
- Secure AI pipeline design
- Ability to design AI pipelines resilient to threats and attacks, with attention to each phase: data collection, training, validation, deployment.
- Vulnerability analysis in ML models
- Identification and mitigation of adversarial attacks, data poisoning, model inversion and membership inference.
- Implementation of security controls
- Application of authentication, authorization and encryption techniques in distributed and cloud-native environments.
- Model testing and assurance
- Use of statistical verification techniques and robustness tests to evaluate the security and reliability of AI models.
- Threat modeling
- Use of frameworks such as STRIDE-AI to analyze and document risks in intelligent architectures.
- Transversal skills in these areas: ability to work in interdisciplinary teams, effective technical communication, drafting technical documentation and presenting results to a technical and non-technical audience, planning, development and evaluation of a real project, with milestones, reviews and final delivery.
- Critical thinking and ethical evaluation
- Secure AI pipeline design
- Ability to design AI pipelines resilient to threats and attacks, with attention to each phase: data collection, training, validation, deployment.
- Vulnerability analysis in ML models
- Identification and mitigation of adversarial attacks, data poisoning, model inversion and membership inference.
- Implementation of security controls
- Application of authentication, authorization and encryption techniques in distributed and cloud-native environments.
- Model testing and assurance
- Use of statistical verification techniques and robustness tests to evaluate the security and reliability of AI models.
- Threat modeling
- Use of frameworks such as STRIDE-AI to analyze and document risks in intelligent architectures.
- Transversal skills in these areas: ability to work in interdisciplinary teams, effective technical communication, drafting technical documentation and presenting results to a technical and non-technical audience, planning, development and evaluation of a real project, with milestones, reviews and final delivery.
- Critical thinking and ethical evaluation
Lesson period: Third four month period
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course can be attended as a single course.
Course syllabus and organization
Single session
Responsible
Lesson period
Third four month period
Course syllabus
The course focuses on the following topics:
Introduction
- Machine Learning (ML) Models
- Centralized and federated learning
- Artificial Intelligence devices and systems
Part I: Artificial Intelligence techniques for security
- Objectives of ML models and security properties
- Representation of attack data
- ML models for the identification and management of attacks: classification, prediction, anomalies detection
- Use of generative adversarial network models (GAN)
- Management of incidents and Large Language Models
Part II: Security of Intelligent Systems
- Security and privacy in ML models
- Attacks taxonomy
- Security of AI pipelines and secure orchestrations
- Threats modeling methodologies: STRIDE-AI
Part III: Test and assurance of Intelligent Systems
- General concepts of assurance and statistical testing
- Testing and verification of ML models
- Risk evaluation
- Certification of ML models
Introduction
- Machine Learning (ML) Models
- Centralized and federated learning
- Artificial Intelligence devices and systems
Part I: Artificial Intelligence techniques for security
- Objectives of ML models and security properties
- Representation of attack data
- ML models for the identification and management of attacks: classification, prediction, anomalies detection
- Use of generative adversarial network models (GAN)
- Management of incidents and Large Language Models
Part II: Security of Intelligent Systems
- Security and privacy in ML models
- Attacks taxonomy
- Security of AI pipelines and secure orchestrations
- Threats modeling methodologies: STRIDE-AI
Part III: Test and assurance of Intelligent Systems
- General concepts of assurance and statistical testing
- Testing and verification of ML models
- Risk evaluation
- Certification of ML models
Prerequisites for admission
Base concepts of systems' security and privacy; base concepts of Artificial Intelligence.
Teaching methods
The theoretical course consists of traditional lectures. During the course practical activities on services will be organized.
Teaching Resources
Web site with course contents and suggested readings:
https://myariel.unimi.it/course/view.php?id=2394
Slides and notes
Additional documentation: C.A. Ardagna, E. Damiani, N. El Ioini "Open Source Systems Security Certification," Springer, 2008.
https://myariel.unimi.it/course/view.php?id=2394
Slides and notes
Additional documentation: C.A. Ardagna, E. Damiani, N. El Ioini "Open Source Systems Security Certification," Springer, 2008.
Assessment methods and Criteria
The exam is composed of a written test and the presentation of a project.
The written test, that will last one hour and half, will include questions and practical exercises based on course syllabus. The project activity, to be agreed with the Professor, will consist in the developing of an application implementing the security protocols studied during the course. The project can be made in groups up to three students.
When the student successfully passes the written test and after the presentation of the project, a final evaluation is computed, expressed in thirtieths, considering: the knowledge of the topics, ability of applying the learned knowledge to the resolution of a practical project, project quality, critical thinking skills, clarity of exposition, and property of language.
The written test, that will last one hour and half, will include questions and practical exercises based on course syllabus. The project activity, to be agreed with the Professor, will consist in the developing of an application implementing the security protocols studied during the course. The project can be made in groups up to three students.
When the student successfully passes the written test and after the presentation of the project, a final evaluation is computed, expressed in thirtieths, considering: the knowledge of the topics, ability of applying the learned knowledge to the resolution of a practical project, project quality, critical thinking skills, clarity of exposition, and property of language.
Professor(s)