The objective of the IT Security minor specialization is to introduce to the students the main security problems of IT systems and the approaches, methods, and tools used to solve those problems. We put the emphasis on practical applications, however, through the analysis of different security solutions, the students also get familiar with the security analysis techniques and design principles. Those who complete the IT Security minor specialization will be able to identify security problems in practical IT systems, to analyze and understand them, and to design and develop appropriate solutions to them. The students will also learn when and how to apply cryptography to practical security problems.
Security is one of the major challenges in today's IT systems, communication networks, and embedded systems. We can hear about more and more security problems, vulnerabilities, and successful exploits in cloud services, on mobile platforms, in the Internet and on the Web, in social networks, in wireless networks, in industrial control systems, and in the Internet of Things (IoT). Therefore, the IT Security minor specialization can be a perfect complement to any major specialization offered by the different departments of the Faculty of Electrical Engineering and Informatics. There are plenty of application developers and network engineers, but only a small fraction of them are knowledgeable in security too. The IT Security minor specialization provides an added value that makes our students unique and highly demanded on the job market.
Cryptographic primitives and basic protocols, random number generation, key exchange protocols, public key infrastructure, secure communication protocols (TLS, IPsec, WiFi security), authentication protocols(Kerberos,SAML, OAuth), secure protocols in resource constrained environments and in cloud based systems,anonymous communication systems
OS level security issues and solutions, control flow integrity attacks (heap and stack overflow, Return Oriented Programming), secure software development, malicious software (malware), browser security, mobile platform (Android, iOS) security, virtualization security, tamper resistant devices, Trusted Computing
Network penetration techniques (ethical hacking), firewalls, intrusion detection systems, log analysis, honeypots, network infrastructure security, botnets, spam and DDoS attacks, security of Web based services, corporate network security, security in industrial control systems, privacy on the Web and in social networks
Access rights management on Windows and Linux systems, software vulnerabilities, malware analysis, penetration testing of networks and Web based services (ethical hacking), network traffic sniffing, firewall and IDS configuration, WiFi security, PKI and digital signatures
The semester and diploma projects offered are typically related to the research activities in the CrySyS Lab, or proposed by our industrial partners, therefore, they provide the opportunity for the students to join the research and development projects of the CrySyS Lab, or collaborate with our industrial partners.
The currently available project proposals can be found here: Student Project Proposals
The purpose of the intership is to get familiar with the industrial environment and to deepen the knowledge obtained at the university. We help students to obtain intern positions at the industrial partners of the CrySyS Lab, including (but not limited to) the following companies and institutions:
It may be useful, but not necessary, to complete the following BSc level course before beginning the IT Security minor specialization:
In every year, the CrySyS Lab organizes the CrySyS Security Challenge, which is a hacking contest for students. Those who perform outstandingly at this competition are invited to the CrySyS Student Core, which is a club of talented students enthusiast for security. The Student Core has a weekly meeting, where the students can discuss various topics in IT security, prepare for international capture-the-flag games, and have fun in general. The CTF team of the Student Core, called !SpamAndHex, achieved remarkable results at various CTF games in the past.
The CrySyS Lab is committed to perform internationally recognized, high quality teaching, research, and consulting activities in the field of IT Security. The main research focus of the lab is security of embedded systems, including cyber-physical systems such as industrial control systems and the Internet of Things, and malware detection and analysis. The lab also provides consulting services, which mainly covers penetration testing and cyber incident response activities. Members of the CrySyS Lab discovered, named, and analyzed for the first time the Duqu cyber espionage malware. First detailed technical analyses on Flame, MiniDuke, and TeamSpy were also published by the CrySyS Lab. The lab intensively participates in international R&D projects, it has an outstanding publication record, and its expertise is widely known and respected. A number of spin-offs started from the CrySyS Lab, including Tresorit, Ukatemi Technologies, and Avatao.
Dr. Levente Buttyán, Associate Professor
BME Department of Networked Systems and Services,
Laboratory of Cryptography and System Security (CrySyS Lab)
e-mail: buttyan (at) crysys.hu
tel: +36 1 463 1803