Contenuto principale della pagina Menu di navigazione Modulo di ricerca su uniPi Modulo di ricerca su uniPi

CYBERSECURITY

Corso di laurea magistrale

Piano di Studi


Primo anno

  • Language-based technology for security (9 cfu)

    • Traditionally, computer security has been largely enforced at the level of operating systems. However, operating-system security policies are low-level (such as access control policies, protecting particular files), while many attacks are high-level, or application-level (such as email worms that pass by access controls pretending to be executed on behalf of a mailer application). The key to defending against application-level attacks is application-level security. Because applications are typically specified and implemented in programming languages, this area is generally known as language-based security. A direct benefit of language-based security is the ability to naturally express security policies and enforcement mechanisms using the developed techniques of programming languages.

      The aim of the course is to allow each student to develop a solid understanding of application level security, along with a more general familiarity with the range of research in the field. In-course discussion will highlight opportunities for cutting-edge research in each area. The course intends to provide a variety of powerful tools for addressing software security issues:
      - To obtain a deeper understanding of programming language-based concepts for computer security.
      - To understand the design and implementation of security mechanisms.
      - To understand and move inside the research in the area of programming languages and security.
      Content - This course combines practical and cutting-edge research material. For the practical part, the dual perspective of attack vs. protection is threaded through the lectures, laboratory assignments, and projects. For the cutting-edge research part, the course's particular emphasis is on the use of formal models of program behaviour for specifying and enforcing security properties.
      Topics include:
      - Certifying Compilers
      - Code obfuscation
      - In-lined Reference Monitors
      - Formal Methods for security
      - Security in web applications
      - Information Flow Control
      After the course, students should be able to apply practical knowledge of security for modern programming languages. This includes the ability to identify application- and language-level security threats, design and argue for application- and language-level security policies, and design and argue for the security, clarity, usability, and efficiency of solutions, as well as implement such solutions in expressive programming languages. Student should be able to demonstrate the critical knowledge of principles behind such application-level attacks as race conditions, buffer overruns, and code injections. You should be able to master the principles behind such language-based protection mechanisms as static security analysis, program transformation, and reference monitoring.

  • Organizational sciences and information and technology law (OL) (12 cfu)

    • The course consists of two modules.
      The module "Organizational sciences" will provide students with basic organizational knowledge with particular regard to the topics of structure, strategy, organizational culture, interorganizational networks, knowledge management and organizational learning. Some knowledge of organizational behavior in terms of team building and leadership will also be provided.
      The course will also provide knowledge about the tools and methodologies for the correct analysis and implementation of information systems in the organizational context. In particular, in-depth knowledge of the Information Technology tools that have the greatest impact on the performance and effectiveness of organizations, such as CRM or ERP systems, will be deepened. Particular attention will be paid to the phenomena of big data and organizational profiles of cybersecurity
      Topics detail:
      - Organizational responses for cybersecurity
      - The organizational structures and their types
      - The strategic process
      - Organizational culture and related typologies
      - Interorganizational networks,
      - Knowledge management
      - Organizational learning
      - Organizational applications of Information Technology, such as systems of:
      - Intranet
      - Enterprise Resource Planning (ERP)
      - Customer Relationship Management (CRM)
      - Decision Supporting (DSS): Management Information, Executive Information
      - Big data and possible organizational structures
      - Supply Chain Management
      The module "Information and technology law" addresses the legal rules applicable to computer technologies and their implementation in cybersecurity systems. Specific attention will be devoted to the legal framework applicable at national and supranational level, and the standards of protection required by law as regards data protection, copyright and the liability regimes applicable. For each topic, the course will provide the legal framework the open issues that still emerge in the practical implementation, and the solutions provided by courts. Specific topics covered are:
      • Legal definition of cybersecurity at national and European level
      • Data protection and data security – privacy by design and risk assessment
      • Data protection and artificial intelligence
      • Digital signatures, certification authorities and other authentication systems.
      • Data breach e Liability regimes
      • Intellectual property and copyright
      • Blockchain technology and its legal aspects


  • Hardware and embedded security (9 cfu)

    • The course Hardware and embedded security aims at providing the required skills to analyze, design and verify dedicated HW solutions or HW/SW embedded systems (e.g. Hardware security modules integrated in general purpose processors) for several cryptographic functions for encryption/decryption, signature and anomaly/intrusion detection. The course will also present application examples of HW security and embedded security to IoT, Automotive or Industry4.0 case studies.
      More in details the course will cover the following subjects:
      • High Level Synthesis & design of accelerators for cryptographic functions in embedded systems. HW/SW co-design for cybersecurity and comparison of SW-based solutions vs HW-based ones in terms of energy efficiency, real-time operating capability, flexibility, cost and size.
      • Examples of HW accelerators for cybersecurity for asymmetric and symmetric cryptography and for signature (e.g. coprocessors for AES, SHA, ECC) and evolution towards post-quantum cryptography
      • Embedded solutions for anomaly/intrusion detection
      • Analysis of cryptographic accelerators embedded in General Purpose processors (e.g. HSM-Hardware Security Modules in Intel and/or ARM and/or Aurix platforms)
      • Correlations among security and safety issues.
      • Technologies and architectures for secure storage of data and keys and Smart cards
      • Technology trends for on-chip generation of random data, Physically Unclonable Functions (PUF), HW Random Number Generation (e.g. TRNG/CSPNRG)
      • Physical levels “side-channel” cybersecurity attacks (by analyzing thermal, power and electrical signals).
      • Examples of application of HW security and embedded security to IoT, Automotive or Industry4.0 case studies

  • Data and system security (9 cfu)

    • The course provides an up-to-date view of the latest developments of cybersecurity in data and system management, with the main reference to operating systems, distributed systems, and mobile systems. The covered topics are the definition of threats to computer systems and the discussion of the countermeasures that can be taken. For each covered topic, the course presents its foundations, the design aspects of secure systems and provides examples from the real world of standards and applications. Specific topics covered are:
      • elements of computer security (threats, attacks, security requirements and defense strategies)
      • elements of authentication and access control
      • security in databases and datacenters
      • attacks (malware, buffer overflow, denial of service,...)
      • operative systems security (virtualization, case studies Linux, Windows, Android)
      • security in mobile and cyber-physical systems
      • aspects of management of computer security

  • Applied cryptography (9 cfu)

    • The Applied Cryptography course provides an updated overview of the most recent developments in applied cryptography and its applications in the field of computer engineering for the design and implementation of products, protocols, services and secure systems. For each covered topic , the course presents the fundamental aspects in terms of security and performance properties. The course will make extensive use of examples taken from real world, standards and applications.
      Topics include:
      • Symmetric ciphers
      • Asymmetric ciphers
      • Secure hash functions: message digest codes and message authentication codes
      • Secure random and pseudo-random bit generators
      • Digital signatures, digital certificates, certification authorities
      • Authentication and identification
      • Key management
      • Passwords
      • Advanced cryptographic algorithms (blind signatures, Merkle tree, etc etc)
      • Employment of cryptographic components in secure protocols, services and products by using the main programming languages
      • Elements of cryptanalysis and side-channel attacks

  • 12 cfu a scelta nel gruppo Gruppo A

    • Insegnamenti affini
    • Electronics and communication technologies (12 cfu)

      • The course consists of two modules. The main objective of the Electronics Systems module is to provide a common Electronics background to perspective students coming from different three years bachelor studies, in which the Electronics topics have been dealt with different views and different depths, and to let the students acquire a common and shared vocabulary on the Electronics Systems domain. As far as the technical contents of the course are concerned, the students will acquire competences on and knowledge about the main electronic platforms used in cybersecurity applications Main topics: • How to make information digital: ADC and DAC description, with emphasis on the architectures, features and performance of the most common converters between the analog and digital domains. General recalls about logic networks and digital electronic circuits. • Electronic Digital Signal Processing: platforms for realizations of functions programmable in software and hardware. Characteristics, performance, applicability scenarios as a function of the targeted application. • Definition and performance comparison of the most common programmable architecture such as FPGA, PLA, PAL, DSP, GPU, FPSOC, ASIC. • Characteristics and performance of an MCU platform (MicroController Unit). Computer peripherals aimed at cybersecurity applications. • Hardware/Software co-design methodologies and Hardware Description Languages (HDL) for the hardware design of complex logic functions. • HDL and design methodologies for digital designs on programmable logic (FPGA, FPSoC) or custom hardware (CMOS standard cells and Intellectual Property cores). The aim of the Communication Technologies module is to provide the necessary background for those coming from three-year degree courses in which studies of digital communication systems and technologies have not already been addressed. The training objective is to provide knowledge of the architectural characteristics and basic technologies of the main communication systems for the transport and access network (also wireless), also presenting specific examples. The course will provide students with i) general knowledge of the basic technologies that allow the design of wired (copper, fiber) and wireless communication systems, ii) a specific knowledge of the main communication standards for transport and access networks, and iii) in-depth knowledge of robust spread spectrum transmission techniques. Topics include: • Basic concepts on digital signals, information theory and Shannon's theorem • Digital modulation and wireless radio propagation models • Generations of cellular networks (2G, 3G, 4G, 5G) and their multiplexing and multiple access technologies with particular attention to CDMA, OFDM and OFDMA • Technologies for the access network on copper twisted pair, with particular reference to the xDSL family. • Technologies for transmission on optical fiber in the transport network (optical backbones) and in the access network, with particular reference to the FTTx family • Safe and robust communications through spread-spectrum technology: Direct-Sequence, Frequency-Hopping, Time-Hopping, and Chirp.
    • Systems and languages for informatics (12 cfu)

      • The course consists of two modules. the module in Systems for informatics : this module is aimed at improving the preparation of students graduated in disciplines different from computer science/engineering in the field of computer systems and networks. The objective is to provide the basic elements about hardware architecture, operating systems, and computer networking as tools for implementing applications and services in the area of cybersecurity. Topics considered in the module include: • Assembly language • Interrupt mechanism • User and System state • Processes and Context Switch • Memory management, virtual memory • Input/Output • File system • Databases • Computer Networks • Distributed applications • Wireless/Mobile Networks The Languages for Informatics module aims at improving the preparation of students graduated in disciplines different from computer science/engineering in the fields of computer programming, languages and algorithms. Specifically, if provides the basic elements of the constructs, functions and data structures of modern programming languages, it introduces the concepts of computational complexity and basic algorithms for typical problems and data structures. Topics considered in the module include: • programming: basic constructs, functions and their mechanisms, data structures • finite state automatons • introduction to computational problems • complexity: models, input and output size, decision trees, lower and upper bounds, bad case and average case • algorithms on sequences, dynamic programming, combinations and permutations, divide et impera • trees, hash tables
  • Secondo anno

  • Tesi (18 cfu)


  • Dependability (6 cfu)

    • The Dependability course provides the theoretical foundations of systems reliability and an updated overview of the methodologies for the design and development of safety-critical reliable applications, with reference also to cyber-security threats.
      Topics include:
      • Dependability attributes: Reliability, Availability, Safety, Confidentiality, Integrity, Maintainability.
      • Definition of faults, errors and failures. A taxonomy of faults. Relation between Reliability and Security: malicious faults.
      • Fault tolerance techniques: Hardware redundancy, Information redundancy and Software redundancy.
      • Concepts of consistency, validity and agreement in distributed systems. Byzantine Agreement.
      • Mathematical models of reliability: probability density function and failure rate. Exponential failure law of the hardware; models for reliability of software. Mathematical models of availability: repair rate.
      • Reliability Block Diagrams, Fault trees/Attack trees, Markov chains.
      • Hazard analysis and Risk analysis, in case of cyber-security threats.
      • Standards for safety-critical systems, with reference to a specific context (e.g., automotive systems).

  • Artificial Intelligence for Cybersecurity (6 cfu)

    • The course aims to introduce the main methods and techniques of artificial intelligence used in information security applications. In particular, the course introduces topics such as data pre-processing, frequent pattern mining and association rules, classification, clustering, anomaly detection. In addition, the course discusses the main attacks against artificial intelligence systems, such as the adversarial classifier evasion and data poisoning, and the related defensive techniques. Finally, the course deals with the main uses of artificial intelligence in information security problems such as the detection of spam/phishing, the detection of intrusions and malware, the detection of online frauds, the analysis of the cyber threat intelligence.
      Details of the topics covered:
      - Data preprocessing
      - Frequent pattern mining
      - Classification
      - Clustering
      - Outlier detection
      - Adversarial machine learning
      - AI applications for spam and phishing detection
      - AI applications for intrusion and malware detection
      - AI applications for fraud detection
      - Cyber threat intelligence analysis

  • Network security (9 cfu)

    • The main goal of the Network Security course is to provide students with skills in security management technologies for wired and wireless networks. The training goals of the course are i) to provide the necessary knowledge on information security technologies most used in the Internet and corporate networks, ii) to provide the skills necessary for the design of secure networks and the evaluation of the security of existing networks, iii) to provide knowledge about specific security problems in wireless networks and iv) to make known the security mechanisms provided in the standards of WLAN networks and mobile systems. Topics include:
      • Network access control: Extensible Authentication Protocol
      • Intrusion Detection Systems and Firewalls
      • IP layer security threats and IPSec protocol
      • DNSSEC
      • Transport layer security protocols: Transport Layer Security
      • Security threats of Web services and HTTPS protocol
      • Security threats of of e.mail services and S/MIME
      • Security issues in wireless networks: threats and countermeasures for improvising the wireless communication security
      • WLAN security issues: the standard IEEE 802.11i
      • Security threats in wireless mobile networks, the countermeasures defined in the 3GPP standards: procedures and protocols for securing GSM/GPRS, UMTS, LTE and 5G systems.

  • Secure Software Engineering (9 cfu)

    • The aim of the course is to introduce security-aware, advanced software engineering techniques. The course includes a 3 ECTS hands-on lab for active learning, and continuous assessment activities during the term.
      Topics include:
      · Agile software development (Agile principles, user stories)
      · Microservices (motivations, definition, properties, case studies)
      · Security in application design (confidentiality, integrity, availability)
      · Static analysis of software security (vulnerability analyses)
      · Secure software deployment (cloud- and container-based)
      · Dynamic analysis of software security (development/release/user testing, monitoring)
      · Security in Edge and Fog computing

  • 12 cfu a scelta nel gruppo Attività a scelta libera

    • Corsi complementari
    • Electromagnetic Security (6 cfu)

      • The main objective of the course is to introduce the problem of security issues due to intentional and unintentional electromagnetic signals as well as countermeasure methods. Specifically, students will acquire the following competences: i. how an information and communication system is vulnerable to radiated and conducted electromagnetic fields; ii. how to design electromagnetic shielding and secure rooms for data protection from electromagnetic threats; iii. which NATO standards and procedures are currently in use for limiting the information leakage through radiated and conducted electromagnetic signals. Main topics - Electromagnetic threats - Vulnerability of information systems to electromagnetic threats - Undesired emissions from non-intentional sources and E.M. signals interception: E.M. propagation fundamentals - Spectrum sensing and monitoring - Radiogonometry systems - Signal demodulations - Omnidirectional and directional antennas - E.M. Shielding and secure rooms: effect of materials, effect of apertures and cable connections. Coupling mechanisms of e.m. signals. Zoning of infrastructures. - Active security and intentional interferences: Radio Jamming - Friendly jamming for secure wireless communications - Standards and measurement procedures: COMSEC and TEMPEST (Transient Electromagnetic Pulse Emanation Standard) - National and international (NATO) standards - TEMPEST equipment and devices
    • Penetration and defence laboratory (6 cfu)

      • The course will give hands-on experience on the most important techniques used in the exploitation of software and hardware vulnerabilities, and the countermeasures adopted to mitigate such attacks. Topics include: - OS (unix/linux): suid/sgid binaries, environment variables, symlink attacks, sandboxing via containers and/or Virtual Machines; - programming: stack and heap overflow, format string vulnerabilities,integer overflow, shellcodes and Return Oriented Programming, side-channels, NX, W^X, ASLR and PIE, binary reversing - hardware: Rowhammer, Meltdown, Spectre and their mitigations - network: network scanning, service scanning, fuzzing - web applications: mapping, authentication vulnerabilities, login bruteforcing, session management vulnerabilities, session hijacking, SQL injection, LDAP injection, cross-site scripting
    • Mobile & Io T security laboratory (6 cfu)

      • The course includes extensive laboratory activity, aimed at learning the application of tools and methodologies for the design and programming of secure applications and services for the Internet of Things, using fixed and mobile terminals, embedded devices and cloud platforms. In particular, the course provides a basic framework on the paradigm of the Internet of Things and its applications; describes the architectures of connected objects and their security models; presents communication technologies for the Internet of Things, and for cloud platforms as well as their security mechanisms; presents design and prototyping tools and methodologies; applies the information imparted in practical laboratory activities. Topic Details: - Wireless and M2M communication technologies and related models and security mechanisms; - Wireless Sensor Network Protocols: ZigBee, 6LowPAN and Bluetooth LE, LPWAN protocols: LoRa, SigFox, NB-IoT. - Cloud platforms and related security mechanisms; - IoT hardware prototyping and programming platforms. - Secure integration of IoT devices within the IPv6 Internet network and with cloud platforms. - Design and implementation of applications and services according to the security-/privacy-by-design paradigm.
    • Biometrics systems (6 cfu)

      • This course provides fundamentals about techniques to verify or recognize the identity of a living person based on the analysis of biological/physiological traits and/or behavioural features. In detail: • Biometrics overview (history of biometrics, applications) • Recognition, identification and verification • Privacy, security and ethics • Overview of image processing • Physiological biometric systems: fingerprint recognition, face recognition, iris recognition, retina recognition, hand recognition, vein patterns • Behavioral biometric systems: keystroke dynamics, signature recognition, voice recognition, gait recognition • Multi-modal biometric systems • Biometric applications

Questo sito utilizza solo cookie tecnici, propri e di terze parti, per il corretto funzionamento delle pagine web e per il miglioramento dei servizi. Se vuoi saperne di più, consulta l'informativa