Syllabus
Topics of lectures [tentative, subject to changes!]
Topics of lectures [tentative, subject to changes!]
Please refer to the page for the academic year of interest for more detailed information.
Please refer to the page for the academic year of interest for more detailed information.
Introduction
Introduction
- Overview of basic ideas underlying Computer and Network security, CyberSecurity, and their relationships
Authentication
Authentication
- Basic principles, passwords, assurance levels, contextual authentication
- Single-Sign-On, SAML, OpenID connect, SPID
Access Control
Access Control
- Basic principles, classic models: Matrix model, Access Control Lists, Capabilities, Discretionary/Mandatory/Role-Based Access Control
- Attribute-Based Access Control (ABAC) and XACML
Cryptography
Cryptography
- Basic notions, Symmetric key encryption, hints to key management
- Public key Encryption, RSA, Diffie-Hellmann, Key exchange protocol
- Digital signatures, Certificates, Public Key Infrastructure
- SSL/TLS, introduction to automated security analysis of TLS, some flaws of TLS
Web security
Web security
- Browser model, cookies, client vulnerabilities (e.g., cross-site scripting, injection, fishing), server vulnerabilities (e.g., injection, scripting, users)
Mobile security
Mobile security
- Mobile devices, possible attackers, mobile threats, Android
Cloud security
Cloud security
- Cloud computing, storage services, security issues