Cyber-security for iot (2022/2023)
Scientific Disciplinary Sector (SSD)
INF/01 - INFORMATICS
The teaching is organized as follows:
The course covers the main methodologies and technologies to identify and mitigate cyber-attacks to IoT software systems. At the end of the course, the student shall prove to know the main classes of vulnerabilities and attacks that threaten the security of these systems, and to know the technical and organizational countermeasures that can be adopted to mitigate the risks of such attacks. This knowledge shall allow the student to define software architectures that guarantee the security of IoT software systems.
Prerequisites and basic notions
Knowledge of programming fundamentals
- Introduction: cybersecurity and IoT, well-known examples of IoT security incidents. Ethics in software and IT security. Case studies of the course
- Access control, elements of access control, Discretionary Access Control, Role based Access Control, roles, hierarchies and separation of duty.
- Presentation of Owasp Top10 and the taxonomy of vulnerabilities
- Cyber attacks in the past and recent cyber attacks. Advanced Persistent Threat. Cyber Kill Chain: Reconnaissance, Weponization, Delivery, Exploitation, Installation, Command and Control, Actions on Objectives. Description of attacks, objectives, tools and defense strategies. Examples of attacks modeled with Cyber Kill Chain.
- Miter Att&ck: data sources, structure. Tactics, techniques, groups, software and mitigations. Examples and usage scenarios. Case study analysis and mapping on Miter Att&ck
- Social engineering. Well-known cases of social engineering attacks. Exercises with tools for creating social engineering attacks campaigns
- Password based authentication. Typical problems and attacks. Password cracking exercises. Countermeasures.
- Black box penetration testing, and white box penetration testing.
- Discussion of case studies.
The course consists of a mix of frontal lectures, discussions and practical labs.
Learning assessment procedures
Students will be assessed through an oral exam and laboratory activities. Alternatively, attending students will have the opportunity to take the exam as a project agreed with the teacher
Personal learning and reworking of the course contents
Criteria for the composition of the final grade
Oral exam evaluation
English or Italian