Foundations of Security and Privacy (2020/2021)



Course code
4S008900
Credits
6
Coordinator
Federica Maria Francesca Paci
Academic sector
ING-INF/05 - INFORMATION PROCESSING SYSTEMS
Language of instruction
Italian
Teaching is organised as follows:
Activity Credits Period Academic staff Timetable
Teoria 5 II semestre, I semestre Federica Maria Francesca Paci

Go to lesson schedule

Laboratorio 1 II semestre, I semestre Federica Maria Francesca Paci

Go to lesson schedule

Learning outcomes

This course aims to give an overview of cyber security. The course will equip students with a clear view of the current cyber security landscape considering not only technical measures and defences, but also the other subject areas that apply, including legal, management, crime, risk, social and human factors. At the end of the course, students will have the necessary knowledge and understanding of : the importance of taking a multi-disciplinary approach to cyber security, the cyber threat landscape, both in terms of recent emergent issues and those issues which recur over time, general principles and strategies that can be applied to systems to make them more robust to attack, and issues surrounding privacy, anonymity and pervasive passive monitoring.

Syllabus

The syllabus includes the following topics:
- Introduction to cyber security
- Actors in cyber security; governments, organisations, citizens, criminals
- Cyber attacks phases: Cyber Kill Chain
- The cyber security threat landscape: Social engineering attacks, attacks to critical infrastructures, Advanced
Persistent Threats, Malware, Cyberwar
- How to defende against cyber attacks: NIST Cyber Security Framework and Cyber Essentials
- Cryptographic techniques for data protection: digital signatures, PKI, and digital certificates, public key and symmetric cryptography, hashing
- Web and User-Based Authentication protocols: passwords and their attacks, token-based authentication; biometric authentication, authentication protocols (SAML, OAuth and OpenID)
- Access control: Access Control Models (DAC, MAC, RBAC and ABAC), access control policy specification and enforcement
- Introduction to Privacy: definitions, attacks to privacy
- Privacy enhancing technologies
- Anonymization techniques: k-anonymity, t-closeness, l-diversity and their limitations
- Differential privacy
- Data protection law: principles, GDPR
- Management of cyber risks

Assessment methods and criteria

The students will be evaluated based on a written exam.