The course aims at providing knowledge on the main problems related to software security, currently available solutions, and open problems. In particular, we will consider both security issues related to the protection of the intellectual property and the integrity of the code, and those security issues related to the protection of sensitive information.
At the end of the course the student must demonstrate that he has acquired the necessary knowledge to define techniques for the protection of the intellectual property of the code and its integrity, evaluating the trade-off between safety and cost of the proposed technique and providing a critical analysis of the potentials attacks.
This knowledge will allow the student to: i) evaluate the resistance of code protection techniques with respect to potential attack scenarios; ii) assess the security of a system in protecting sensitive information.
At the end of the course the student will be able to: i) compare and choose from among the different existing software protection techniques those that best meet the specific needs of a system; ii) autonomously continue the study (also in the field of research) of code protection and system security.
The course will treat the followings: Software Protection -- Obfuscation Techniques -- Watermarking Techniques -- Tamper-proofing Techniques Similarity Analysis -- Known Algorithms -- Applications and open challenges -- Code Attribution Computer Security -- Secure Systems -- Access Control -- Non-interference & information flow -- Intrusion detection, execution monitors, safety properties
|Christian Collberg, Javis Nagra||Surreptitious Software (Edizione 1)||Addison-Wesley Professional||2009||978-0-321-54925-9|
Project on software security and/or software protection. The project can be assigned to groups of at most 3 people. During the course the teacher will present possible topics for projects. The topic of the project can also be suggested by the students to the teacher.
The results of the project will be organized in a written relation and then presented orally to the teacher. During the oral presentation of the project the teacher may ask questions on the whole program of the course.
After the oral exam the teacher will read the relation and propose an evaluation.
Each individual or group exam has to be scheduled by appointment with the teacher.