IT Security (MSc major specialization in the Computer Engineering program)
The IT Security major specialization introduces the main security problems of IT systems and the approaches, methods, and tools used to solve those problems. We put the emphasis on practical applications, while students also get familiar with the security analysis techniques and design principles through the analysis of different security solutions. Those who complete the IT Security major specialization are able to identify security problems in practical IT systems, analyze and understand such problems, and design and develop appropriate security solutions. The students also learn when and how to apply cryptography to practical security problems.
The IT Security major specialization consists of four courses (Software Security (VIHIMA21), Computer and Network Security (VIHIMA23), Cryptographic Protocols (VIHIMB08), Security of Machine Learning (VIHIMB09)) and two lab exercises (Software Security Laboratory (VIHIMA22), Computer and Network Security Laboratory (VIHIMB07)). We also supervise student semester and diploma projects.
In the past: IT Security (MSc minor specialization in the Computer Science program)
We offer semester and diploma projects that are related to the research activities in the lab, or proposed by our industrial partners, therefore, they provide the opportunity for the students to join our research and development projects, or collaborate with our industrial partners.
If you are a student interested in any of our current project proposals, please, get in touch with the given contact person of the project before officially applying. The contact person will let you know the necessary steps for taking the project officially.
This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security major specialization). We put special emphasis on software security and the practical aspects of developing secure programs.
Topics: IT security in practice; user authentication and access control basics; software security; memory corruption attacks; web security; mobile and cloud security; malwares; network security, firewalls, and IDS systems; introduction to cryptography; cryptographic protocols; privacy protection; risk analysis and economics of security.
This is the English version of IT Security (VIHIAC01) course.
Topics: IT security in practice; user authentication and access control basics; software security; memory corruption attacks; web security; mobile and cloud security; malwares; network security, firewalls, and IDS systems; introduction to cryptography; cryptographic protocols; privacy protection; risk analysis and economics of security.
This BProf course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course also gives an introduction to source software security and channel coding.
Topics: IT security in practice; user authentication and access control basics; memory corruption attacks; software security; web security; malwares; network security, firewalls, and IDS systems; introduction to cryptography; cryptographic protocols; lossless and lossy compression; channel coding.
This course introduces security problems in software development: students will learn the most common mistakes in software development and how attackers exploit those mistakes (offensive security). Then, students get to know how to mitigate attacks and write secure applications.
Topics: secure software development lifecycle; security testing; web security; secure API design; secure coding in Java & C#; iOS security; Android security; secure coding in C/C++; machine learning in software development
This laboratory extends and deepens the knowledge and skills obtained in the Software Security course by solving practical, hands-on exercises in real, or close-to-real environments.
Topics: secure software development lifecycle; security testing; web security; secure API design; secure coding in Java & C#; iOS security; Android security; secure coding in C/C++; machine learning in software development
The course introduces security problems in computing and networked systems, as well as the principles, practical mechanisms, and tools used to solve them. The course covers physical security and OS level security of computers, and the problem of malicious software (malware). It also covers issues related to secure operation of networks in practice. Students get theoretical knowledge and practical skills to assess security risks, understand threats and vulnerabilities. The course also serves as a basis for obtaining skills in penetration testing and ethical hacking of networks.
Topics: operating systems security; malware techniques, detection, and analysis; security of mobile platforms; virtualization security; incident response and digital forensics; tamper resistance and physical security; network penetration testing; firewalls; intrusion detection/prevention systems, SIEMs; honeypots; network infrastructure security (e.g., DNSSEC); spam filtering; industrial control network security
This laboratory extends and deepens the knowledge and skills obtained in the Computer and Network Security course by solving practical, hands-on exercises in real, or close-to-real environments.
Topics: firewalls; virtual private networks; access control; network penetration testing; virtualization security; incident response and digital forensics; industrial control network security
This course gives an introduction to the basics of cryptography, explains how basic cryptographic building blocks work, and demonstrates how secure systems can be engineered by properly using and combining these building blocks. Besides the theoretical background, we use lot of illustrative examples and show practical applications. In addition, classroom exercises, home work assignments, and an implementation project deepen the knowledge of students and provide opportunities to acquire practical skills in the field of cryptographic engineering.
Topics: symmetric and asymmetric key ciphers, hash functions, MAC functions, digital signature schemes, authenticated encryption and secure channels, key exchange, key generation and derivation, management of public keys, TLS protocol and its attacks, Wifi security protocols and their attacks, secure storage, electronic signature and PKI, blockchain and crypto currencies, other applications, post-quantum cryptography
In the rapidly evolving landscape of artificial intelligence, the integration of machine learning brings unprecedented opportunities but also introduces new security and privacy challenges. This MSc course gives an overview of adversarial machine learning that focuses on potential threats and vulnerabilities that may compromise the integrity, confidentiality, and availability of machine learning models, as well as their mitigations. Establishing robust security measures becomes paramount in the near future that is also required by the forthcoming EU AI Act and the already enacted GDPR.
Topics: membership inference, reconstruction attack, model extraction, poisoning, adversarial examples, evasion, backdoor, robustness, machine learning availability
This course gives an introduction into the security problems of computer networks, and it gives an overview of the possible solutions to those problems. It also covers issues related to secure operation of networks in practice, including modern tools and techniques used to ensure security. Students get theoretical knowledge and practical skills that form the basis of secure network operations.
Topics: authentication and authorization; firewalls; intrusion detection/prevention systems, SIEMs; virtual private networks; logging; network infrastructure security (e.g., DNSSEC); botnets; web security; spam filtering; detection of DoS attacks; routing security; network penetration testing
This laboratory extends and deepens the knowledge and skills obtained in the Network Security in Practise and Computer Security in Practise courses by solving practical, hands-on exercises in real, or close-to-real environments.
Topics: VLANs; routing; DHCP and NAT; firewalls; virtual private networks; logging; ethical hacking
Information security is as much an economic problem as it is technical. Even given flawless cryptographic protocols and the availability of perfectly secure software, the misaligned economic incentives of different stakeholders in a system often result in a (very) sub-optimal security level. By guiding you through the jungle of asymmetric information, interdependent security, correlated risk and other concepts characteristic for system security, this elective course will enable you to make better decisions in risk management, security investment and policy design on a system level. Furthermore, the course touches upon the economic aspects of data privacy, an emerging area of interest for users and companies in the big data era.
Topics: microeconomics, game theory, incentives, interdependent security, asymmetric information, correlated risk, risk management, security investments, spam, underground economy, information sharing on security breaches, bug bounty, cyber-insurance, (behavioral) economics of privacy, interdependent privacy
This course provides a detailed overview of data privacy. It focuses on different privacy problems of web tracking, data sharing, and machine learning, as well as their mitigation techniques. The aim is to give the essential (technical) background knowledge needed to identify and protect personal data. These skills are becoming a must of every data/software engineer and data protection officer dealing with personal and sensitive data, and are also required by the European General Data Protection Regulation.
Topics: Dark Patterns (+ Cognitive Biases), (Web-)Tracking (+ Profiling), GDPR, Cryptography (Homomoprhic Encryption, Secret Sharing, ZeroKnowdloge Proofs, etc.), CryptoCurrencies, TOR, E-Voting, Machine Learning Privacy (Membership Inference, Fairness, etc.), Deanonymization (Relational-, Unstructured-, and Aggregate-data), Anonymization (K-Anonimity, Differential Privacy)
This is an elective lab exercise course where students learn the basics of security operations.
Topics: cyber attacks; security of Linux and Windows; network security; network defense; incident response.
This course gives an introduction to the basics of cryptography, explains how basic building blocks work, and demonstrates how secure systems can be engineered by properly using them. Besides the theoretical background, we use lot of illustrative examples and show practical applications. In addition, besides the technical details, we give an outlook to the legal and business aspects of using cryptography. This course is offered only to students of the Aquincum Institute of Technology, Budapest.