System Security

This course aims at introducing basic concepts and techniques for the development of secure systems. It is

• a standalone 6CFU course  [CM0625] System Security
• part of the 12CFU [CM0631] System and Software Security

This course is part of the Laurea Magistrale in Computer Science and Information Technology at Ca’ Foscari, Venice. It is a blended course of the Ca’ Foscari e-learning program and combines traditional classroom teaching with online classes, tutoring and challenges.

For students that started before 2022: This course is mapped to [CM0493] Security 1  and [CM0475] Security 1 (6 out of 12 CFU).

IMPORTANT NOTE: In this course you will learn some attack techniques. Remember that trying attacks on real systems is against law and you might be prosecuted. Only do experiments with the test hosts and users provided in the labs.

News

• Course stars on Wednesday 20 September 2023!

Assessment

• Written exam giving a base score;
• Challenges giving bonus on the base score.

Course material and books

All of the slides will be made available online here. The course is mainly based on:

• William Stallings, Lawrie Brown. Computer Security: Principles and Practice, 4th Edition. Pearson, 2018. (chapters 1, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 22, 27)

online resources

• The official moodle page contains:
  • recordings of classes (only for eligible students)
  • instruction to join the virtual meeting point for the course in Slack
• Examples and practical case studies are made available as docker images

Program

• [20/09/2023] Introduction and basic concepts (slides)
• [22/09/2023] Security Design Principles (slides), User Authentication 1 (slides)
• [27/09/2023] User Authentication 2 (slides)
• [29/09/2023] Password cracking lab (online class) 
• [04/10/2023] Access control (slides)
• [06/10/2023] Unix access control lab (online class) 
• [11/10/2023] Malware 1 (slides)
• [13/10/2023] Malware 2 (slides)
• [18/10/2023] Denial of service (slides)
• [20/10/2023] Database security (slides)
• [25/10/2023] SQL injection challenge (online class)
• [27/11/2023] Buffer and stack overflow (slides)
• [03/11/2023] Buffer overflow challenge (online class)
• [08/11/2023] Intrusion detection (slides)
• [10/11/2023] Software security (slides)
• [15/11/2023] Software security challenge  (online class)
• [17/11/2023] Operating system security (slides)
• [22/11/2023] Trusted computing (slides)
• [24/11/2023] Security APIs (slides)
• [29/11/2023] Security API challenge (online class)
• [01/12/2023] Formal methods for security (slides) (examples)
• [06/12/2023] Formal analysis lab (online class)
• [13/12/2023] Side-channel (slides)
• [15/12/2023] Side-channel lab (online class)