Ogni modulo equivale a 3 crediti ECTS. È possibile scegliere un totale di 10 moduli/30 ECTS nelle seguenti categorie:
- 12-15 crediti ECTS in moduli tecnico-scientifici (TSM)
I moduli TSM trasmettono competenze tecniche specifiche del profilo e si integrano ai moduli di approfondimento decentralizzati.
- 9-12 crediti ECTS in basi teoriche ampliate (FTP)
I moduli FTP trattano principalmente basi teoriche come la matematica, la fisica, la teoria dell’informazione, la chimica ecc. I moduli ampliano la competenza scientifica dello studente e contribuiscono a creare un importante sinergia tra i concetti astratti e l’applicazione fondamentale per l’innovazione
- 6-9 crediti ECTS in moduli di contesto (CM)
I moduli CM trasmettono competenze supplementari in settori quali gestione delle tecnologie, economia aziendale, comunicazione, gestione dei progetti, diritto dei brevetti, diritto contrattuale ecc.
La descrizione del modulo (scarica il pdf)riporta le informazioni linguistiche per ogni modulo, suddivise nelle seguenti categorie:
This module teaches two aspects of IT security. The first part deals with secure software, focusing on developing secure software and exploiting defects in software. The second part deals with several advanced security technologies, which includes authentication, access control, network security devices, and operating system security.
This module assumes that students have a working knowledge of basic security technologies such as cryptology, secure communication protocols, and access control mechanisms (which amounts to approx. a 4 ECTS bachelor module). See e.g.: William Stallings, Network Security Essentials: Applications and Standards. We also assume that students have a working knowledge in a general purpose programming language such as Java, C, or similar and are familiar with modern software development processes.
Obiettivi di apprendimento
- The students know and understand the secure development lifecycle and are capable of developing secure software.
- The students can analyze software with respect to security and can exploit vulnerabilities.
- The students can employ threat modeling to identify threats and use this to define security requirements.
- The students know and understand advanced authentication and access control methods including identity federations.
- The students understand the underlying principles of application layer firewalls and intrusion detection/prevention systems.
- The students are able to apply the current network access control standards to establish trust in client platforms.
The module consists of 2 main topics, Software Security and Security Technologies. Each covers 6-8 weeks.
- Main topic 1: Software Security. The skills taught here are applicable to any software project and therefore include web applications, web services, and mobile applications.
- Introduction to software security (motivation, secure development lifecycle)
- Finding and exploiting vulnerabilities in software (e.g. web applications) by combining manual methods and tools
- Developing secure software (e.g. web applications and web services)
- Security requirements engineering and threat modeling
- Main topic 2: Security Technologies. The skills taught here are applicable to a wide range of scenarios, and include Internet and operating system security.
- Advanced access control and authentication methods and federated identities
- Application level firewalls and intrusion detection/prevention systems
- Internet security, e.g., network access control
- Operating system security and trusted platforms
Metodologie di insegnamento e apprendimento
- Lecture: Ex cathedra teaching
- Exercises/self-study: reading texts about security topics, some self-study, mainly about web application development frameworks; practical exercises (computer-based); theoretical exercises
Lecture slides, references to Internet sources and textbooks