The course aims to provide basic knowledge for the design and verification of mechanisms for data protection in information systems and networks.
Knowledge and understanding
The objective is achieved by discussing, first, the basic concepts of cryptography. This involves the study of the basic transformations used in symmetric encryption as well as of the most relevant symmetric encryption algorithms (e.g., DES, AES). This part of the course is also devoted to the study of asymmetric encryption, by discussing the most widely used asymmetric algorithm, i.e., RSA.
Data protection during transmission is then analyzed by presenting protocols at different network layers: IPSec to protect data at the network layer, SSL for data protection at the transport layer, and Kerberos as an example of application layer protocol. This will provide the student with the ability to identify criticisms of each protocol, which is a piece of essential knowledge in order to design of data protection system.
The course is also aimed at providing the basics of access control systems. This is achieved by analyzing the access control mechanism in place at DBMS by the SQL ANSI standard. Through the course, references to current NIST (e.g., AES, DES, RBAC), IETF (e.g., IPsec, SSL / TLS), W3C (e.g., XML signature), ISO / EIC standards (e.g., SQL standard) will be provided to students in order to improve their independent judgment and critical evaluation.
Applying knowledge and understanding
The course aims at analyzing how the target security tools are applied in information systems. For example, students will learn how symmetric and asymmetric encryption algorithms are used in accordance with the standard NIST. They will learn the two most relevant applications of asymmetric encryption, that is, the digital signature and digital envelope. In particular, it will be presented how digital signature is encoded according to the W3C XML signature standards.
The study of DBMS access control mechanism makes student able to understand how to exploit SQL commands for data protection. It is expected that at the end of the course the student is able to independently define the access permissions for relations and views in the DBMS.

Making judgments and communication skills
The most relevant expected outcome is the one of making a student able to judge the level of data protection provided by an information system, and to propose solutions, where necessary, exploiting the current security standards. In addition, due to the adoption of existing security standards, it is expected that students acquire the terminology of data protection field.
Learning skills
The knowledge of cryptography principles, the fundamentals of network security protocols, and access control mechanisms provide students with a robust basis that will allow them to learn independently new security-related mechanisms and protocol not analyzed through the course. In addition, references to standards help students to independently retrieve additional materials about the topic addressed during the course. This capability is very important as it will allow them to be always updated in a field, such as data protection, where new standards and related criticisms are published frequently.