Syllabus
Topics of lectures [tentative, subject to changes!]
Topics of lectures [tentative, subject to changes!]
Introduction
Introduction
- Overview of basic ideas underlying Computer and Network security, CyberSecurity, and their relationships
- Slides (pdf)
- Additional material
Authentication (I)
Authentication (I)
- Basic principles, passwords, assurance levels, contextual authentication
- Slides (pdf)
- Additional material
Authentication (II)
Authentication (II)
- Single-Sign-On, SAML, OpenID connect, SPID
- Slides (pdf)
- Additional material
Access Control (I)
Access Control (I)
- Basic principles, classic models: Matrix model, Access Control Lists, Capabilities, Discretionary/Mandatory/Role-Based Access Control
- Slides (pdf)
- Additional material
Access Control (II)
Access Control (II)
- Attribute-Based Access Control (ABAC) and XACML
- Slides (pdf)
- Additional material
Wrap-up on Authentication and Authorization: TreC
Wrap-up on Authentication and Authorization: TreC
- E-health solutions: security problems, TreC, Authentication and Access Control in TreC, Sample questions for exams
- Slides (pdf)
- Additional material
- https://en.wikipedia.org/wiki/EHealth
- https://trec.trentinosalute.net/home
- https://www.enisa.europa.eu/publications/security-and-resilience-in-ehealth-infrastructures-and-services
- https://www.researchgate.net/profile/Silvio_Ranise/publication/221406042_Automated_Analysis_of_Semantic-Aware_Access_Control_Policies_A_Logic-Based_Approach/links/00463515d9692562e9000000.pdf (first two sections only)
Cryptography I
Cryptography I
- Basic notions, Symmetric key encryption, hints to key management
- Slides (pdf)
- Additional material
Cryptography II
Cryptography II
- Public key Encryption, RSA, Diffie-Hellmann, Key exchange protocol
- Slides (pdf)
- Additional material
Cryptography at work I
Cryptography at work I
- Digital signatures, Certificates, Public Key Infrastructure
- Slides (pdf)
- Additional material
Cryptography at work II
Cryptography at work II
- SSL/TLS, introduction to automated security analysis of TLS, some flaws of TLS
- Slides (pdf)
- Additional material
Guest Lecture by A. Zorer, President of Trentino Network
Guest Lecture by A. Zorer, President of Trentino Network
- Overview of the activities (especially those relevant for cybersecurity) of Trentino Network
- Slides (pdf)
- Reading list
Web security
Web security
- Browser model, cookies, client vulnerabilities (e.g., cross-site scripting, injection, fishing), server vulnerabilities (e.g., injection, scripting, users)
- Slides (pdf)
- Reading list
Mobile security
Mobile security
- Mobile devices, possible attackers, mobile threats, Android
- Slides (pdf)
- Reading list
- https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10
- blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet
- https://source.android.com/security/
- https://www.usenix.org/legacy/event/sec11/tech/full_papers/Felt.pdf
- http://www.ieee-security.org/TC/SPW2015/MoST/papers/s2p3.pdf
Lectures by Tal Melamed of the Security & Trust Research Unit, FBK: Penetration Testing of Web Applications
Lectures by Tal Melamed of the Security & Trust Research Unit, FBK: Penetration Testing of Web Applications
- Introduction and overview of main tools and techniques to penetration testing of web applications
- Slides (pdf)
- Reading list
Cloud security
Cloud security
- Cloud computing, storage services, security issues
- Slides (pdf)
- Reading list
Guest Lecture by P. Sartori, CSO & SOC Manager of Informatica Trentina
Guest Lecture by P. Sartori, CSO & SOC Manager of Informatica Trentina
- Overview of the cybersecurity issues in handling the data-center of Informatica Trentina
- Slides (pdf)
- Reading list
Guest Lecture by P. Guarda, Lecturer in Information Technologies Law, Faculty of Law, University of Trento
Guest Lecture by P. Guarda, Lecturer in Information Technologies Law, Faculty of Law, University of Trento
- Security vs Privacy, Legal Compliance, European Data Protection Directive (EU DPD), Generalized Data Protection Regulation and compliance (GDPR)
- Slides (pdf)
- Reading list