logo-polimi
Loading...
Risorse bibliografiche
Risorsa bibliografica obbligatoria
Risorsa bibliografica facoltativa
Scheda Riassuntiva
Anno Accademico 2014/2015
Scuola Scuola di Ingegneria Industriale e dell'Informazione
Insegnamento 095900 - COMPUTING INFRASTRUCTURES AND COMPUTER SECURITY
Docente Gribaudo Marco , Zanero Stefano
Cfu 10.00 Tipo insegnamento Corso Integrato

Corso di Studi Codice Piano di Studio preventivamente approvato Da (compreso) A (escluso) Insegnamento
Ing Ind - Inf (Mag.)(ord. 270) - MI (401) INGEGNERIA BIOMEDICA* AZZZZ095898 - COMPUTING INFRASTRUCTURES
Ing Ind - Inf (Mag.)(ord. 270) - MI (434) INGEGNERIA INFORMATICA* AM089165 - COMPUTER SECURITY
095900 - COMPUTING INFRASTRUCTURES AND COMPUTER SECURITY
095898 - COMPUTING INFRASTRUCTURES
Ing Ind - Inf (Mag.)(ord. 270) - MI (471) BIOMEDICAL ENGINEERING - INGEGNERIA BIOMEDICA* AZZZZ095898 - COMPUTING INFRASTRUCTURES
Ing Ind - Inf (Mag.)(ord. 270) - MI (474) TELECOMMUNICATION ENGINEERING - INGEGNERIA DELLE TELECOMUNICAZIONI* AM089165 - COMPUTER SECURITY
Ing Ind - Inf (Mag.)(ord. 270) - MI (481) COMPUTER SCIENCE AND ENGINEERING - INGEGNERIA INFORMATICA* AM095900 - COMPUTING INFRASTRUCTURES AND COMPUTER SECURITY
095898 - COMPUTING INFRASTRUCTURES
089165 - COMPUTER SECURITY

Programma dettagliato e risultati di apprendimento attesi

Modern computer systems routinely handle high-value information such as financial data, economic transactions, and various forms of valuable intellectual property. Moreover, information systems are becoming pervasive, always-on and increasingly interconnected. New technologies have appeared that have definitely changed how internet and the web are used. Cloud computing, Software as a Service, Hardware as a Service, Infrastructure as a Service are the basis of what is generally called "Enterprise3.0". Scalability, performance, availability and security are the main features that must be provided to users of these modern architectures.

Designing and building secure, scalable information systems is a complex, interdisciplinary problem mixing elements of cryptography, software engineering, secure networking, as well as political and social challenges.

This course combines two main areas. Topics in Enterprise Digital Architectures analyze a modern enterprise data center, focusing on the technologies and on the main components, such as storage systems, high performance servers, network and security appliances and virtual machines.

Topics in Computer Security are an extensive introduction to the challenges of security engineering and to the methodology to build, validate, and (ethically) bypass security systems with the goal of learning how to secure them properly. During the lectures, we will analyze the various building blocks of a computer and information system, including their security subsystems. We will constructively analyze their vulnerabilities, see how these can be exploited, and deductively learn what was wrong and how to avoid repeating such engineering mistakes. The computer security topics are taught with a strong "hands-on" philosophy. Practical exercises will be conducted for all the topics marked with a (*) in the following syllabus. A "virtual hacking lab" will be available, where students can practice how to bypass and secure computer applications.

 

SYLLABUS

ENTERPRISE DIGITAL ARCHITECTURE TOPICS

 

1. Storage Systems

  • Disk architecture and performance
  • Configuration, performance and reliability of RAID systems
  • Storage Architectures  (NAS, SAN)

2. Performance and reliability

  • Dimensioning an enterprise system
  • Reliability basics

3. Virtualization and cloud computing

  • Virtualization and cloud computing
  • Basis of virtualization technologies
  • Cloud computing architectures
  • Networking in virtualized environments
  • Big Data architectures

 

COMPUTER SECURITY TOPICS

1) Introduction to information security

- What is information security: examples

- Vulnerabilities, Risks, Exploits, Attackers: definitions

- Security as risk management

- Development of an enterprise security policy

 

2) A short introduction to cryptography

- Basic concepts: cypher, transposition, substitution

- Symmetric and asymmetric ciphers

- Hash functions, digital signatures and PKI

- Vulnerabilities in digital signature schemes and in PKI

- Why all of the above is almost useless as a security defense (*)

 

3) Authentication

- The three ways of authentication

- Multifactor authentication

- Authentication technologies evaluation; bypassing authentication control (*)

 

4) Authorization and access control

- Discretionary (DAC) and mandatory (MAC) access control policies

- Multilevel security and its applications: military secrets management

 

5) Software vulnerabilities

- Design, implementation and configuration bugs

- Typical memory errors: buffer overflow and format string bugs

- Exploiting applications and local privilege escalation (*)

- Web application security: introduction

- Typical code-injection vulnerabilities: cross-site scripting and SQL injections

- Hacking real web applications (*)

- Code review and fuzzing: finding bugs in real world applications

 

6) Secure networking architectures

- Network protocol attacks: sniffing, denial of service, spoofing, DNS poisoning, ARP poisoning

- Firewall: taxonomy and technologies

- Secure network architectures (DMZ and multi-zone networks)

- Virtual private networks (VPN)

- Secure connections and transactions: the tale of SSL and SET and their weaknesses

- Wireless security protocols (WEP, EAP, 802.1X, WPA)

- Networks security assessment tools (*)

- Intrusion detection systems

 

7) Malicious software

- The evolution of malicious software: from the Morris worms to modern malware

- Mobile malware: the case of malicious Android apps

- Botnets and underground economy

- Malware analysis and honeypots

 


Note Sulla Modalità di valutazione

The exam is a written test for each part of the course (Italian students can, if they so wish, answer in Italian). For Computer Security, the grade can be integrated with points available during the year with specific "assignments", such as breaking into applications made available in the virtual hacking lab, or solving specific problems handed out during classes.


Bibliografia
Risorsa bibliografica facoltativaRoss Anderson, Security Engineering, Editore: Wiley, ISBN: 0-471-38922-6 http://www.cl.cam.ac.uk/~rja14/book.html
Risorsa bibliografica facoltativaDieter Gollmann, Computer Security - 3rd edition, Editore: Wiley, Anno edizione: 2011, ISBN: 978-0-470-74115-3
Note:

It is vital that you get the 3rd edition if you choose this book!


Mix Forme Didattiche
Tipo Forma Didattica Ore didattiche
lezione
60.0
esercitazione
40.0
laboratorio informatico
0.0
laboratorio sperimentale
0.0
progetto
0.0
laboratorio di progetto
0.0

Informazioni in lingua inglese a supporto dell'internazionalizzazione
Insegnamento erogato in lingua Inglese
Disponibilità di materiale didattico/slides in lingua inglese
Disponibilità di libri di testo/bibliografia in lingua inglese
Possibilità di sostenere l'esame in lingua inglese
Disponibilità di supporto didattico in lingua inglese
schedaincarico v. 1.6.1 / 1.6.1
Area Servizi ICT
15/10/2019