FUNDAMENTALS OF DATA SECURITY
- Overview
- Assessment methods
- Learning objectives
- Contents
- Bibliography
- Delivery method
- Teaching methods
- Contacts/Info
None
The exam consists of a written exam of 2 hours in which the student is required to respond to open questions, aimed at verifying the acquisition and proper understanding of the topics presented during the course. The final vote, out of thirty, will take into account the accuracy and quality of the responses (70%), the skill of exposure (10%) and the ability to adequately justify statements, analyzes and opinions (20%).
The course aims to provide basic knowledge for the design and verification of mechanisms for data protection in information systems and networks.
Knowledge and understanding
The objective is achieved by discussing, first, the basic concepts of cryptography. This involves the study of the basic transformations used in symmetric encryption as well as of the most relevant symmetric encryption algorithms (e.g., DES, AES). This part of the course is also devoted to the study of asymmetric encryption, by discussing the most widely used asymmetric algorithm, i.e., RSA.
Data protection during transmission is then analyzed by presenting protocols at different network layers: IPSec to protect data at the network layer, SSL for data protection at the transport layer, and Kerberos as an example of application layer protocol. This will provide the student with the ability to identify criticisms of each protocol, which is a piece of essential knowledge in order to design of data protection system.
The course is also aimed at providing the basics of access control systems. This is achieved by analyzing the access control mechanism in place at DBMS by the SQL ANSI standard. Through the course, references to current NIST (e.g., AES, DES, RBAC), IETF (e.g., IPsec, SSL / TLS), W3C (e.g., XML signature), ISO / EIC standards (e.g., SQL standard) will be provided to students in order to improve their independent judgment and critical evaluation.
Applying knowledge and understanding
The course aims at analyzing how the target security tools are applied in information systems. For example, students will learn how symmetric and asymmetric encryption algorithms are used in accordance with the standard NIST. They will learn the two most relevant applications of asymmetric encryption, that is, the digital signature and digital envelope. In particular, it will be presented how digital signature is encoded according to the W3C XML signature standards.
The study of DBMS access control mechanism makes student able to understand how to exploit SQL commands for data protection. It is expected that at the end of the course the student is able to independently define the access permissions for relations and views in the DBMS.
Making judgments and communication skills
The most relevant expected outcome is the one of making a student able to judge the level of data protection provided by an information system, and to propose solutions, where necessary, exploiting the current security standards. In addition, due to the adoption of existing security standards, it is expected that students acquire the terminology of data protection field.
Learning skills
The knowledge of cryptography principles, the fundamentals of network security protocols, and access control mechanisms provide students with a robust basis that will allow them to learn independently new security-related mechanisms and protocol not analyzed through the course. In addition, references to standards help students to independently retrieve additional materials about the topic addressed during the course. This capability is very important as it will allow them to be always updated in a field, such as data protection, where new standards and related criticisms are published frequently.
The course is organized in 48 hours of lectures, organized as follows:
Introduction to security concepts. Lecture, 2h;
Analysis of classical encryption: substitution and transposition. Lecture, 4h;
Symmetric encryption: DES algorithm. Lecture, 4h;
Symmetric encryption: AES algorithm. Lecture, 3h;
Asymmetric encryption: RSA algorithm. Lecture, 3h;
Asymmetric encryption applications: digital signature and digital envelope. Lecture, 5h;
Digital certificates (X.509, the web of trust); Lecture, 3h;
Data protection at the network level: IPSEC. Lecture, 6h;
Data protection at the transport level: SSL. Lecture, 6h;
Data protection at the application level: Kerberos. Lecture, 6h;
Access control mechanism in DBMS using ANSI SQL standard. Lecture, 6h;
The suggested material includes lectures slides, available through e-learning platform, and the following books.
Access Control in Data Management Systems, Synthesis Lectures on Data Management, Elena Ferrari, Morgan & Claypool editor.
William Stallings, Cryptography and Network security, Fifth Edition, Prentice Hall 2010.
The course is organized in 48 hours of lectures.
Office hours: Teacher is available on student requests.