SYSTEM SECURITY

Academic year: 2024/2025 Syllabus of previous years

Official course title: SYSTEM SECURITY

Course code: CM0631 (AF:513750 AR:286778)

Modality: Blended (on campus and online classes)

ECTS credits: 6 out of 12 of SYSTEM AND SOFTWARE SECURITY

Degree level: Master's Degree Programme (DM270)

Educational sector code: INF/01

Period: 1st Semester

Course year: 1

Where: VENEZIA

Moodle: Go to Moodle page

Contribution of the course to the overall degree programme goals

This course aims at introducing basic concepts and techniques for the development of secure systems, providing the necessary skills and concepts for evaluating and increasing the security of applications and systems. In the first part of the course, we will cover security principles and technologies, software and system security, and security management issues.

Expected learning outcomes

- knowledge of basic concepts and techniques for the development of secure systems;
- knowledge of attack and defence techniques related to programs and systems;
- development of skills for the application of concepts to the analysis of real systems;
- development of skills for the management of security.

Pre-requirements

It is required basic knowledge of mathematics, programming (good level of C and basic notions of scripting and PHP), computer architectures, operating systems and computer networks.

1. User authentication
2. Access control
3. Malicious software
4. Database security
5. Denial of service
6. Intrusion detection
7. Software security
8. Operating system security
9. Trusted computing
10. Security API
11. Formal methods for security
12. Side-channels

Referral texts

William Stallings, Lawrie Brown. Computer Security Principles and Practice (Fourth Edition). Pearson Education 2018.

Assessment methods

The exam consists of a written test that aims at verifying the knowledge of the different topics of the course. Assignments are not mandatory and aim at putting into practice the knowledge acquired and at verifying the competence in attacking and securing IT systems. Assignments consist of a problem (challenge) to solve, giving an extra score with respect to the the mark of the written test.

Grading criteria for the written test:

A. Scores in the range of 18-22 will be awarded when there is:
- Sufficient knowledge of the course subjects;
- Limited skills in performing practical exercises related to the course labs;
- Sufficient communication skills, particularly in the use of specific terminology related to system security.
B. Scores in the range of 23-26 will be awarded when there is:
- Reasonable knowledge of the course subjects;
- Reasonable skills in performing practical exercises related to the course labs;
- Fair communication skills, particularly in the use of specific terminology related to system security.
C. Scores in the range of 27-30 will be awarded when there is:
- Good to excellent knowledge of the course subjects;
- Good to excellent skills in performing practical exercises related to the course labs;
- Fully appropriate communication skills, particularly in the use of specific terminology related to system security.
D. Honors will be awarded for excellent knowledge, skills, and communication abilities.

Criteria for Awarding Challenge Bonuses:
A. Score from 0.1 to 0.3
- Sufficient skills in performing the exercise;
- Adequate communication skills in writing a report that describes the proposed solution.
B. Score from 0.4 to 0.5
- Good skills in performing the exercise;
- Good communication skills in writing a report that describes the proposed solution.
C. Score from 0.6 to 0.7
- Excellent skills in performing the exercise;
- Excellent communication skills in writing a report that describes the proposed solution.

Teaching methods

Theoretical and practical lectures in class;
Online resources (lecture notes, slides, videos);
Chat and forum;
Challenges on various topics that give extra score.

Teaching language

English

Type of exam

written

Definitive programme.

Last update of the programme: 11/10/2024

Type	Name	Sender (Domain)	Description	Duration	Policy
Essential	_shibsession[], _shibsstate[]	Unive.it (www.unive.it)	They maintain the session data of the SingleSignOn.	session	Information
Essential	PHPSESSID	Unive.it (www.unive.it)	Unique user identifier for the website applications.	session	Information
Essential	cookie[*]	Unive.it (www.unive.it)	It stores the user's preferences on cookies. user preferences on cookies.	1 month	Information
Essential	cookie	idp.unive.it	It stores the user's preferences on cookies.	1 month	Information
Essential	fe_typo_user	Unive.it (www.unive.it)	Unique user identifier for the reserved area of the website	session	Information
Essential	JSESSIONID	Unive.it (www.unive.it)	Used to create web sessions into the Personal Area.	session	Information
Essential	ADMCMD_prev	Unive.it (www.unive.it)	Used to create web sessions into the Personal Area.	session	Information
Essential	unive.it	Unive.it (www.unive.it)	It stores the user's preferences on cookies.	6 months	Information
Essential	noiframe	Unive.it (www.unive.it)	It stores the user's preferences on cookies.	6 months	Information
Essential	_pk_id[*]	unive/WAI	*	30 days	Information
Essential	_pk_ses[*]	unive/WAI	*	1 day	Information
Essential	_pk_ref[*]	unive/WAI	*	6 months	Information
Essential	_gsas[*]	unive/google	It stores the user's preferences on cookies.	3 months	Information
Essential	_opensaml_req_cookie%[*]	unive	Authentication and SingleSignOn (shibboleth)	session	Information
Google - Youtube	__Secure-1PAPISID	Google (google.com)	Used for targeting purposes in order to acquire web visitors' interests and show them pertinent and customised Google advertising.	2 years	Information
Google - Youtube	CONSENT	Google (google.com)	Used by Google to store the user's preferences.	17 years	Information
Google - Youtube	__Secure-1PSID	Google (google.com)	Used for targeting purposes in order to acquire web visitors' interests and show them pertinent and customised Google advertising.	2 years	Information