SOFTWARE SECURITY

Academic year
2023/2024 Syllabus of previous years
Official course title
SOFTWARE SECURITY
Course code
CM0631 (AF:451581 AR:245308)
Modality
On campus classes
ECTS credits
6 out of 12 of SYSTEM AND SOFTWARE SECURITY
Degree level
Master's Degree Programme (DM270)
Educational sector code
ING-INF/05
Period
2nd Semester
Course year
1
Where
VENEZIA
Moodle
Go to Moodle page
This course aims at introducing advanced concepts and techniques of software security.
In the first part of the course, we will cover software protection against reverse engineering and Man-At-The-End (MATE) attacks, with laboratory and practical examples.
In the second part of the course, we will cover various topics related to software security on different types of systems.
The goal of the course is to transfer knowledge of
- the importance of sofware protection from MATE attacks based on reverse engineering
- the use of software protection tools like obfuscation, tamper-proofing and watermarking.
- different topics in software security: malware and cybercrime, anonymity and privacy, threat and attack modelling, e-voting systems
The labs will help experimenting with tools and acquiring practical knowledge of the topics.
It is necessary to have attended the course SYSTEM SECURITY.

It is advisable to attend all the lectures as the course has theoretical and practical components.
The learning of concepts is eased by the use of software tools in the labs and discussion of practical examples.
The course will present different topics:
- Binary code analysis and reverse engineering
- Software protection from analysis: obfuscations and white-box cryptography
- Software integrity protection: tamperproofing and code-guards
- Software authorship protection: watermarking and Digital Rights Management
- Software protection against piracy
- Malware analysis and Cybercrime
- Threat and Attack modelling
- Advanced topics in Software Security: e-Voting, anonymity and privacy, human factors in security.
Lecture Notes from the Professor, mostly based on:
1. Christian Collberg, Jasvir Nagra; Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection, 2009, Addison-Wesley Professional, ISBN 978-0321549259, First Edition.
2. Adam Shostack; Threat Modeling: Designing for Security, 2014, Wiley, ISBN 978-1118809990
3. Chris Eagle, Kara Nance; The Ghidra book: the Definitive Guide, 2020, No Starch Press, ISBN-13: 978-1-71850-102-7
4. Vijay Kumar Velu, Robert Beggs; Kali Linux for Advanced Penetration Testing- Third Edition, 2019, Packt Publishing, ISBN 978-1-78934-056-3
5. Alexey Kleymenov, Amr Thabet, "Mastering Malware Analysis: A malware analyst's practical guide to combating malicious software, APT, cybercrime, and IoT attacks", 2nd Ed., Packt Publishing, 2022, ISBN 1803240245.
The assessment is based on written exam, and an optional assignment.
The written exam aims at verifying the knowledge of the different topics of the course.
The assignment is not mandatory and consist of a problem to solve, or in making a presentation to the class of a research paper, or a software tool tutorial.
Solving assignments give extra score with respect to the the mark of the written exam.
Theoretical lectures and practical laboratory classes;
Audio and Video online resources;
Chat and forum;
Assignments on various topics that give extra score;
Practical labs
English
written

This subject deals with topics related to the macro-area "Cities, infrastructure and social capital" and contributes to the achievement of one or more goals of U. N. Agenda for Sustainable Development

Definitive programme.
Last update of the programme: 21/08/2023