This course deals with advanced protection techniques for modern networked computer systems. The course aims to teach the skills needed to perform both a detailed technical analysis of the security features of IT components and systems and to design solutions to protect them.

Knowledge and critical evaluation of public key infrastructures and digital signature techniques. Knowledge and critical evaluation of advanced solutions for data and communication protection. Knowledge and critical evaluation of advanced aspects of authentication. Ability to analyse the risks of a network application and design a solution for its protection. Ability to harden critical systems. Knowledge of the general concepts and theories from the sociological heritage applied to IT systems security.

Foundations of telecommunication systems. Local and wide area networks, wired and wireless (Ethernet, ADSL, Wifi, GSM, IP, routing, ...). TCP/IP networks and applications. High-level programming (C, C++, or Java) and web programming (HTML, JS, PHP). Operating systems and database. Cryptography, data protection techniques, and security architectures (as provided by the courses "Information System Security" and "Cryptography" that are a prerequisite).

(1.5 CFU) Public-key certificates and PKI: features, benefits, and threats, secure electronic documents. (1 CFU) Secure network channels (TLS, SSH): features, risks and their management. (1 CFU) Hardening: principles and practice for strengthening systems and protocols; application to Linux. (1 CFU) Advanced authentication: biometrics. Federated authentication architectures: SAML and OIDC for distributed authentication and authorisation. (1 CFU) Software security: pitfalls and design principles; trusted computing (TC) and Trusted Execution Environment (TEE). (.5 CFU) Governance: high-level cybersecurity management strategies, security policies. (2 CFU) Social sciences for cybersecurity. The general framework of social sciences (What are social sciences compared to «just» science? What are they for a future technician/engineer?) Risk Society studies (Risk, uncertainty, cognitive biases, (dis)trust in expert systems, Expanding the idea of rationality). Communicating and representing complexity (the role of social representations of risk, uncertainty, trust, and security, tricks and threats of communicating complexity in the digital era).

The course consists of lectures (56 hours), classroom exercises (9 hours), and laboratories (15 hours). The laboratory includes the development and analysis of several security solutions. There will be five laboratory subjects. The classroom exercises will analyse security solutions, including those tested in the laboratory.

Handouts of the instructor's foils and manuals for laboratory coursework. The teachers will also provide and link additional material (parts from textbooks and links to online resources) on the course website. All learning stuff is available at the teaching portal. An auxiliary textbook, covering many but not all the topics, is: - W. Stallings, 'Cryptography and Network Security - principles and practice', Prentice-Hall

Slides; Esercitazioni di laboratorio; Video lezioni dell’anno corrente;

Modalità di esame: Prova scritta (in aula);

Exam: Written test;

... Written test (90 minutes) with up to 10 open- or closed-answer questions about the analysis and design of security solutions. The written test is a "closed book" one.

Gli studenti e le studentesse con disabilità o con Disturbi Specifici di Apprendimento (DSA), oltre alla segnalazione tramite procedura informatizzata, sono invitati a comunicare anche direttamente al/la docente titolare dell'insegnamento, con un preavviso non inferiore ad una settimana dall'avvio della sessione d'esame, gli strumenti compensativi concordati con l'Unità Special Needs, al fine di permettere al/la docente la declinazione più idonea in riferimento alla specifica tipologia di esame.