Security and Privacy

A.Y. 2026/2027
6
Max ECTS
48
Overall hours
SSD
INFO-01/A
Language
Italian
Learning objectives
The aim of the course is to introduce the students to the conceptual and practical bases of Information Security and Privacy, placing a certain emphasis on the more implemented aspects of the discipline. The reference domain will be represented by the systems with particular emphasis on the Linux system and networks.
Expected learning outcomes
At the end of the course the student will be able to: evaluate the main vulnerabilities present in a given system; exploit some of these vulnerabilities to gain unauthorized access to information or systems; identifying the best countermeasures to be adopted in the face of the most common attacks, assessing the main threats to privacy deriving from the use of specific IT technologies, designing a computer security system for small realities.
Single course

This course cannot be attended as a single course. Please check our list of single courses to find the ones available for enrolment.

Course syllabus and organization

Single session

Responsible
Lesson period
First semester
Course syllabus
The course covers the following topics:

* Introduction to cybersecurity
* Threat Models and TCB (Trusted Computing Base)
* Buffer overflow and defensive techniques
* Isolation techniques: OS, VM, SW, HW
* Privilege separation, mobile security, and Web Security
* Access control systems in UNIX
* Introduction to cryptography
* Symmetric and asymmetric cryptography, HASH functions and related applications, MAC
* Blockchain, PGP, and security protocols
* Certificates and PKI (Public Key Infrastructure)
* Messaging security and anonymous communications
* Malware
* Management and mitigation of buggy code
* Network Security: introduction, attacks, defenses, and tools
Prerequisites for admission
It is highly recommended to have completed the following courses:
- Programming
- Cryptography
- Computer architectures
- Operating systems
Teaching methods
Teaching will be conducted through in-person lectures.Laboratory activities will take place in the classroom. For these activities, students are required to have their own laptop.
Teaching Resources
P. C. van Oorschot, "Computer Security and the Internet", second edition, Springer

Additional supplementary material (specific scientific papers and/or slides prepared by the instructor) will be listed on the course website. The Ariel/MyAriel webpage will simply redirect you here: https://visconti.di.unimi.it/
Assessment methods and Criteria
During the course, homework assignments will be given for students to assess their level of preparation. The final exam consists of two parts: a practical exam and an oral exam.In the practical exam, students must demonstrate that they have acquired the skills and hands-on experience required to solve basic exercises independently. This exam will be graded on a scale from 0 to 5. Passing the practical exam is a MANDATORY requirement for admission to the oral exam.During the oral exam, students must demonstrate that they have assimilated the concepts taught during the lectures and developed sufficient independent reasoning to apply these concepts to various contexts. The final grade will be calculated by adding the points scored in the practical exam (max 5) to those scored in the oral exam (max 25). Both the practical and oral exams must be taken during the same exam session. Failing the oral exam requires retaking the entire examination.
INFO-01/A - Informatics - University credits: 6
Lessons: 48 hours
Professor: Visconti Andrea
Professor(s)
Reception:
By email appointment
Room 5008, 5th Floor, via Celoria 18, Computer Science Department