PORTALE DELLA DIDATTICA

PORTALE DELLA DIDATTICA

PORTALE DELLA DIDATTICA

Elenco notifiche



Security verification and testing

01TYAOV, 01TYASM

A.A. 2020/21

Course Language

Inglese

Degree programme(s)

Master of science-level of the Bologna process in Ingegneria Informatica (Computer Engineering) - Torino
Master of science-level of the Bologna process in Data Science And Engineering - Torino

Course structure
Teaching Hours
Lezioni 45
Esercitazioni in laboratorio 15
Lecturers
Teacher Status SSD h.Les h.Ex h.Lab h.Tut Years teaching
Sisto Riccardo Professore Ordinario IINF-05/A 33 0 6 0 5
Co-lectures
Espandi

Context
SSD CFU Activities Area context
ING-INF/05 6 C - Affini o integrative Attivitą formative affini o integrative
2020/21
The course, taught in English in the first semester of the second year of the Master of Science in Computer Engineering, is one of the characterizing courses of the Cybersecurity track. It aims at presenting the main techniques for assessing the cyber security of IT systems, with particular emphasis on distributed systems. The students are expected to gain the knowledge of such techniques, as well as the ability to apply them by using some of the available tools for verification and testing.
The course, taught in English in the first semester of the second year of the Master of Science in Computer Engineering, is one of the characterizing courses of the Cybersecurity track. It aims at presenting the main techniques for assessing the cyber security of IT systems, with particular emphasis on distributed systems. The students are expected to gain the knowledge of such techniques, as well as the ability to apply them by using some of the available tools for verification and testing.
- Knowledge of the general concepts, practice, and standards for security assessment - Knowledge of the main techniques for security verification - Knowledge of the main techniques for vulnerability assessment and penetration testing - Skill to apply the learned techniques with some of the commonly available tools.
- Knowledge of the general concepts, practice, and standards for security assessment - Knowledge of the main techniques for security verification - Knowledge of the main techniques for vulnerability assessment and penetration testing - Skill to apply the learned techniques with some of the commonly available tools.
Knowledge of procedural and object oriented programming languages, and corresponding programming skills. Basic knowledge of computer network architectures, TCP/IP, HTTP. Basic knowledge of web applications and web programming languages. It is assumed, also, that the students have taken the Information System Security course. The following learning outcomes coming from that course will be exploited: - Knowledge of the main categories of attack against IT systems. - Knowledge of the main concepts (encryption and digest) and technologies (PKI, firewall, VPN, TLS, S/MIME, e-documents) for IT security. - Knowledge of the security architectures for authentication and access control. - Ability to analyze the risks of a network application.
Knowledge of procedural and object oriented programming languages, and corresponding programming skills. Basic knowledge of computer network architectures, TCP/IP, HTTP. Basic knowledge of web applications and web programming languages. It is assumed, also, that the students have taken the Information System Security course. The following learning outcomes coming from that course will be exploited: - Knowledge of the main categories of attack against IT systems. - Knowledge of the main concepts (encryption and digest) and technologies (PKI, firewall, VPN, TLS, S/MIME, e-documents) for IT security. - Knowledge of the security architectures for authentication and access control. - Ability to analyze the risks of a network application.
General concepts and practice for security assessment (1CFU) - Definition and classification of security assessment techniques (static vs dynamic, white box vs black box, vulnerability assessment, penetration testing, formal verification, ethical hacking, etc) - Security assessment and certification standards Security Verification (3CFU) - formal verification techniques and tools (dataflow and controlflow static code analysis, model checking, theorem proving) - formal verification of security protocols and security-aware applications - static code analysis for security verification and vulnerability assessment (taint analysis, symbolic and concolic execution) Vulnerability Assessment and Penetration Testing (VAPT) (2CFU) - information gathering and scanning techniques and tools with various scopes (host, net DB, service) - penetration testing techniques: attack techniques, exploit
General concepts and practice for security assessment (1CFU) - Definition and classification of security assessment techniques (static vs dynamic, white box vs black box, vulnerability assessment, penetration testing, formal verification, ethical hacking, etc) - Security assessment and certification standards Security Verification (3CFU) - formal verification techniques and tools (dataflow and controlflow static code analysis, model checking, theorem proving) - formal verification of security protocols, security-aware applications, networked systems - static code analysis for security verification and vulnerability assessment (taint analysis, symbolic and concolic execution). Vulnerability Assessment and Penetration Testing (VAPT) (2CFU) - information gathering and scanning techniques and tools with various scopes (host, net DB, service) - penetration testing techniques and tools: attack techniques, exploit, password cracking, decompilers.
The course is structured into lectures in classroom (4.5 credits), and laboratories (1.5 credits) consisting of exercises on the experimentation of the techniques and tools presented in the lectures. During the labs the students will discuss with the teachers on their solutions to the assigned exercises.
The course is structured into lectures in classroom (4.5 credits), and laboratories (1.5 credits) consisting of the experimentation of the techniques and tools presented in the lectures. During the labs the students will discuss with the teachers on their solutions to the assigned exercises.
The teachers will provide the material (copy of slides and links to on-line resources) on the website of the course.
The teachers will provide the material (copy of slides and links to on-line resources) on the website of the course.
Modalitą di esame: Prova scritta tramite PC con l'utilizzo della piattaforma di ateneo;
The exam consists of verifying the expected knowledge and skills acquired by the student (see expected learning outcomes). The exam consists in a written test including open-answer or closed-answer questions aiming at checking that the student has acquired the expected knowledge and skills. The questions may also be simple exercises or use cases related to the tools experimented in the laboratories. The test is closed-book, i.e. the student cannot consult any material during the test and cannot use any electronic device, with the exception of the PC used for the online test. An oral exam will be requested only in case of doubts about the evaluation of the test.
Exam: Computer-based written test using the PoliTo platform;
The exam consists of verifying the expected knowledge and skills acquired by the student (see expected learning outcomes). The exam consists in a written test including open-answer or closed-answer questions aiming at checking that the student has acquired the expected knowledge and skills. The questions may also be simple exercises or use cases related to the tools experimented in the laboratories. The test is closed-book, i.e. the student cannot consult any material during the test and cannot use any electronic device, with the exception of the PC used for the online test. An oral exam will be requested only in case of doubts about the evaluation of the test.
Modalitą di esame: Prova scritta (in aula); Prova scritta tramite PC con l'utilizzo della piattaforma di ateneo;
The students can choose to take the exam in one of the two forms: online and onsite. The onsite and online tests are the same (see previous exam mode)
Exam: Written test; Computer-based written test using the PoliTo platform;
The students can choose to take the exam in one of the two forms: online and onsite. The onsite and online tests are the same (see previous exam mode).
Esporta Word