System Security (NEW!)

This course aims at introducing basic concepts and techniques for the development of secure systems. It is

This course is part of the Laurea Magistrale in Computer Science and Information Technology at Ca’ Foscari, Venice. It is a blended course of the Ca’ Foscari e-learning program and combines traditional classroom teaching with online classes, tutoring and challenges.

For students that started before 2022: This course is mapped to [CM0493] Security 1  and [CM0475] Security 1 (6 out of 12 CFU).

IMPORTANT NOTE: In this course you will learn some attack techniques. Remember that trying attacks on real systems is against law and you might be prosecuted. Only do experiments with the test hosts and users provided in the labs.

News

  • Course stars on Tuesday 20 September 2022!

Assessment

  • Written exam giving a base score;
  • Challenges giving bonus on the base score.

Course material and books

All of the slides will be made available online here. The course is mainly based on:

  • William Stallings, Lawrie Brown. Computer Security: Principles and Practice, 4th Edition. Pearson, 2018. (chapters 1, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 22, 27)

online resources

  • The official moodle page contains:
    • links to zoom videoconferences
    • recordings of classes (only for eligible students)
    • slides
    • instruction to join the virtual meeting point for the course is in Slack
  • Examples and practical case studies are made available as docker images

Program

  • [20/09/2022] Introduction and basic concepts (slides)
  • [23/09/2022] Security Design Principles (slides), User Authentication 1 (slides)
  • [30/09/2022] Password cracking lab (online class
  • [04/10/2022] User Authentication 2 (slides)
  • [07/10/2022] Access control (slides) 8:45 Aula A
  • [11/10/2022] Unix access control lab (online class)  We meet on slack at 8:45!
  • [14/10/2022] Malware 1 (slides)
  • [18/10/2022] Malware 2 (slides)
  • [21/10/2022] Denial of service (slides)
  • [25/10/2022] Database security (slides)
  • [28/10/2022] SQL injection challenge (online class)
  • [04/11/2022] Intrusion detection (slides)
  • [08/11/2022] Buffer and stack overflow (slides)
  • [11/11/2022] Buffer overflow challenge (online class)
  • [15/11/2022] Software security (slides)
  • [18/11/2022] Software security challenge  (online class)
  • [22/11/2022] Operating system security (slides)
  • [25/11/2022] Trusted computing (slides)
  • [29/11/2022] Security APIs (slides)
  • [02/12/2022] Security API challenge (online class)
  • [06/12/2022] Formal methods for security (slides) (examples)
  • [13/12/2022] Formal analysis lab (online class)
  • [16/12/2022] Side-channel (slides)
  • [20/12/2022] Side-channel lab (online class)