SOFTWARE SECURITY

The course is one of the modules of the Master's Degree in COMPUTER SCIENCE AND INFORMATION TECHNOLOGY.
It aims at introducing fundamental concepts of software security and an overview of different issues related to software development and security; in particular, the student will acquire necessary competences on software protection from reverse engineering.

The labs will help experimenting with tools and acquiring practical knowledge of the topics.

1 Knowledge and understanding
1.1. acquire the theoretical foundations of reverse engineering and software protection;
1.1. acquire knowledge of various topics on software security.
2. Ability to apply knowledge and understanding
2.1. know how to use the knowledge acquired to improve software protection
2.2 practical sessions to acquire active knowledge of the topics of the course.
3.Communication skills
3.1 Being able to communicate information, ideas, problems and solutions to specialist audiences.
3.2 Developing teamwork skills

It is necessary to have attended the course SYSTEM SECURITY.

It is advisable to attend all the lectures as the course has theoretical and practical components.
The learning of concepts is eased by the use of software tools in the labs and discussion of practical examples.

The course will present different topics:
- Binary code analysis and reverse engineering
- Software protection from analysis: obfuscations and white-box cryptography
- Software integrity protection: tamperproofing and code-guards
- Software authorship protection: watermarking and Digital Rights Management
- Malware analysis and Cybercrime
- Threat and Attack modelling
- Advanced topics in Software Security: e-Voting, anonymity and privacy, human factors in security.

Lecture Notes from the Professor, mostly based on:
1. Christian Collberg, Jasvir Nagra; Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection, 2009, Addison-Wesley Professional, ISBN 978-0321549259, First Edition.
2. Adam Shostack; Threat Modeling: Designing for Security, 2014, Wiley, ISBN 978-1118809990
3. Chris Eagle, Kara Nance; The Ghidra book: the Definitive Guide, 2020, No Starch Press, ISBN-13: 978-1-71850-102-7
4. Vijay Kumar Velu, Robert Beggs; Kali Linux for Advanced Penetration Testing- Third Edition, 2019, Packt Publishing, ISBN 978-1-78934-056-3
5. Alexey Kleymenov, Amr Thabet, "Mastering Malware Analysis: A malware analyst's practical guide to combating malicious software, APT, cybercrime, and IoT attacks", 2nd Ed., Packt Publishing, 2022, ISBN 1803240245.

The assessment is based on written exam, and a mandatory assignment.
The written exam aims at verifying the knowledge of the different topics of the course.
The mandatory project must be related to the course topics and it can be one of three types:
1. Making a presentation to the class of a research paper,
2. Presenting a software tool tutorial
3. Develop a software project related to a research work proposed by the professor.

The project gives at most 4 extra marks to be added to the mark of the written exam.

The marks of the written exam will be assigned along with the following criteria, independently from the frequency of the course:
A. marks in the range of 18-22 will be assigned in case of sufficient knowledge and understanding of the course programme.
B. marks in the range of 23-26 will be assigned in case of discrete knowledge and understanding of the course programme.
C. marks in the range of 27-30 will be assigned in case of good or optimal knowledge and understanding of the course programme.
D. The laude will be given in case of excellent knowledge and understanding of the course programme.

written

Theoretical lectures and practical laboratory classes;
Audio and Video online resources;
Chat and forum;
Assignments on various topics that give extra score;
Practical labs

English