The IT Security minor specialization introduces the main security problems of IT systems and the approaches, methods, and tools used to solve those problems. We put the emphasis on practical applications, while students also get familiar with the security analysis techniques and design principles through the analysis of different security solutions. Those who complete the IT Security minor specialization are able to identify security problems in practical IT systems, analyze and understand such problems, and design and develop appropriate security solutions. The students also learn when and how to apply cryptography to practical security problems.
The IT Security minor specialization consists of three courses (Cryptographic Protocols, Computer Security, and Network Security) and lab exercises (IT Security Lab). We also supervise student semester and diploma projects.
This course fills an important gap in the education of software engineers, - namely developing secure software applications. During this course, students will learn the most common mistakes in software development and how attackers exploit those mistakes (offensive security). Then, students get to know how to mitigate attacks and write secure software applications.
Information security is as much an economic problem as it is technical. Even given flawless cryptographic protocols and the availability of perfectly secure software, the misaligned economic incentives of different stakeholders in a system often result in a (very) sub-optimal security level. By guiding you through the jungle of asymmetric information, interdependent security, correlated risk and other concepts characteristic for system security, this elective course will enable you to make better decisions in risk management, security investment and policy design on a system level. Furthermore, the course touches upon the economic aspects of data privacy, an emerging area of interest for users and companies in the big data era.
Topics: microeconomics, game theory, incentives, interdependent security, asymmetric information, correlated risk, risk management, security investments, spam, underground economy, information sharing on security breaches, bug bounty, cyber-insurance, (behavioral) economics of privacy, interdependent privacy
Adversarial examples are inputs to machine learning models that an attacker has intentionally designed to cause the model to make a mistake. Such an example is when the input image clearly pictures a school bus, but the model identifies it as an ostrich. This course provides a detailed overview of the security of machine learning systems. It focuses on attack and defense techniques and the theoretical background mainly of adversarial examples.
Topics: adversarial examples, FGSM, backpropagation, deep fool, linearity hypothesis and curvature of decision boundaries,certified robustness, interpretability, explainability, robust attributes, robustness, no free lunch theorem, generalization, adversarial examples for humans
The sharing and explotation of the ever-growing data about individuals raise serious privacy concerns these
days. Is it possible to derive (socially or individually) useful information about people from this Big Data
without revealing personal information?
This course provides a detailed overview of data privacy. It focuses on different privacy problems of web tracking, data sharing, and machine learning, as well as their mitigation techniques. The aim is to give the essential (technical) background knowledge needed to identify and protect personal data. These skills are becoming a must of every data/software engineer and data protection officer dealing with personal and sensitive data, and are also required by the European General Data Protection Regulation (GDPR).
Topics: web tracking, (de-)anonymization of large datasets, cryptographic basics of data privacy, privacy problems of machine learning (model inversion, fairness problems)
This is an elective lab exercise course where students learn how to securely operate a network using mainly Cisco networking equipment.
Topics: security of network devices; authentication, authorization, accounting; firewalls; intrusion detection and prevention; secure local networks; introduction to cryptography; virtual private networks; network management; integrated VPN and firewall architectures.
This course gives an introduction to the basics of cryptography, explains how basic building blocks work, and demonstrates how secure systems can be engineered by properly using them. Besides the theoretical background, we use lot of illustrative examples and show practical applications. In addition, besides the technical details, we give an outlook to the legal and business aspects of using cryptography. This course is offered only to students of the Aquincum Institute of Technology, Budapest.
We offer semester and diploma projects that are related to the research activities in the lab, or proposed by our industrial partners, therefore, they provide the opportunity for the students to join our research and development projects, or collaborate with our industrial partners.
If you are a student interested in any of our current project proposals, please, get in touch with the given contact person of the project before officially applying. The contact person will let you know the necessary steps for taking the project officially.
We pay special attention to attract and work with students interested in IT security. To discover talented students, we organize the annual CrySyS Security Challenge, which is a hacking contest with exciting problems to solve. For students, the Sec Challenge provides a platform for "learning by doing"; for us, it is a vehicle to discover students talented in hacking. We also identify talents in the classroom and by supervising semester projects.
Those who prove to be strongly interested in IT security and committed to hard working are invited to join the CrySyS Student Core, which is a community-of-practice consisting of talented students. Core members meet once a week to expand their knowledge by discussing specific topics in system and network security, to prepare for CTF competitions, to socialize, and to have fun by spending time with other geeks of similar interest.
The current CTF team of the Student Core is called c0r3dump, which is a team of fast improving young hackers who love to spend their week-ends with participating at international CTF games.
To help students bootstrapping their IT security activity, preparing for the Sec Challenge, and ultimately to get invited to the Student Core, we organize an IT Security Bootcamp. Interested in joining and becoming part of a live community? Contact András Gazdag or Levente Buttyán.
Avatao is an online e-learning platform offering IT security challenges for everyone interested in improving their skills in computer security, web security, applied cryptography, and many more sub-domains of IT security. The development of the platform was started in the CrySyS Lab before it was spun off into a standalone company. However, we continue to use the Avatao platform in our teaching as the infrastructure for the CrySyS Security Challenge, as well as for course homeworks and lab exercises. If you are interested in avatao, please contact Mark Felegyhazi or Gabor Pek.