Teaching code

4S008903

Credits

6

Coordinator

Mila Dalla Preda

Language

Italian

Scientific Disciplinary Sector (SSD)

INF/01 - INFORMATICS

Moodle Seminars 0

The teaching is organized as follows:

Learning objectives

The course aims at providing knowledge on the main problems related to software security, currently available solutions, and open problems. In particular, we will consider both security issues related to the protection of the intellectual property and the integrity of the code, and those security issues related to the protection of sensitive information. At the end of the course the student must demonstrate that he has acquired the necessary knowledge to define techniques for the protection of the intellectual property of the code and its integrity, evaluating the trade-off between safety and cost of the proposed technique and providing a critical analysis of the potentials attacks. This knowledge will allow the student to: i) evaluate the resistance of code protection techniques with respect to potential attack scenarios; ii) assess the security of a system in protecting sensitive information. At the end of the course the student will be able to: i) compare and choose from among the different existing software protection techniques those that best meet the specific needs of a system; ii) autonomously continue the study (also in the field of research) of code protection and system security.

Prerequisites and basic notions

Knowledge of programming and software engineering.

Program

The course will develop the following topics:
Software Security
* Secure Systems
* Access Control and Authentication
* Software Vulnerabilities
* Software Security Lab
** background on assembly x86 and ELF
** tools for binary analysis: gdb, ghidra
** reverse engineering and patching of binaries
** buffer overflow attacks
** stack canaries, format string vulnerabilities

Software Protection
* Obfuscation Techniques
* Watermarking Techniques
* Tamper-Proofing Techniques
* Similarity Analysis: Known Algorithms and Applications
* Code Attribution

Bibliography

Didactic methods

Lectures, seminars and laboratory activities

Learning assessment procedures

Oral + Project

- Project: Realization of a project / in-depth analysis on software security issues and protection of software intellectual property. The project / study can be done in a group of up to 3 people. During the course, possible themes for the project / study will be presented. The theme of the project / study can also be proposed to the teacher by the students. The results of the project / study will be organized in a written report and then presented orally to the teacher.

- Oral: Oral questions on the entire program of the course

The exams are taken by individual or group appointment with the teacher.

Evaluation criteria

The project aims to verify the ability to deepen (researching material in a critical way) and autonomously rework the concepts presented during the course.

The oral exam aims to verify the acquisition and understanding of the concepts presented during the course

Criteria for the composition of the final grade

The teacher evaluates the presentation and discussion of the project and the answers to the oral questions and proposes a mark out of thirty

Exam language

italiano