Information security is as much an economic problem as it is technical. Even given flawless cryptographic protocols and the availability of perfectly secure software, the misaligned economic incentives of different stakeholders in a system often result in a (very) sub-optimal security level. By guiding you through the jungle of asymmetric information, interdependent security, correlated risk and other concepts characteristic for system security, this elective course will enable you to make better decisions in risk management, security investment and policy design on a system level. Furthermore, the course touches upon the economic aspects of data privacy, an emerging area of interest for users and companies in the big data era.

Topics: microeconomics, game theory, incentives, interdependent security, asymmetric information, correlated risk, risk management, security investments, spam, underground economy, information sharing on security breaches, bug bounty, cyber-insurance, (behavioral) economics of privacy, interdependent privacy

This elective course gives an overview of the different areas of Machine Learning security by processing state-of-the-art and cutting-edge research papers in related fields. The course is interactive, where each student presents a selected topic, i.e., it also focuses on developing "soft skills" such as a scientific presentation.

Topics: Membership Inference, Reconstruction Attack, Model Extraction, Machine Unlearning, Poisoning, Adversarial Examples, Evasion, Backdoor, Robustness, Explainability/Interpretability, Fairness, Availability

This course provides a detailed overview of data privacy. It focuses on different privacy problems of web tracking, data sharing, and machine learning, as well as their mitigation techniques. The aim is to give the essential (technical) background knowledge needed to identify and protect personal data. These skills are becoming a must of every data/software engineer and data protection officer dealing with personal and sensitive data, and are also required by the European General Data Protection Regulation.

Topics: Dark Patterns (+ Cognitive Biases), (Web-)Tracking (+ Profiling), GDPR, Cryptography (Homomoprhic Encryption, Secret Sharing, ZeroKnowdloge Proofs, etc.), CryptoCurrencies, TOR, E-Voting, Machine Learning Privacy (Membership Inference, Fairness, etc.), Deanonymization (Relational-, Unstructured-, and Aggregate-data), Anonymization (K-Anonimity, Differential Privacy)

This is an elective lab exercise course where students learn the basics of security operations.

Topics: cyber attacks; security of Linux and Windows; network security; network defense; incident response.

This course gives an introduction to the basics of cryptography, explains how basic building blocks work, and demonstrates how secure systems can be engineered by properly using them. Besides the theoretical background, we use lot of illustrative examples and show practical applications. In addition, besides the technical details, we give an outlook to the legal and business aspects of using cryptography. This course is offered only to students of the Aquincum Institute of Technology, Budapest.

In the past

• Cryptographic Protocols (VIHIMA05)
• Computer Security (VIHIMA06)
• Network Security (VIHIMB00)
• IT Security Laboratory (VIHIMB01)
• Secure Software Development (VIHIAV33)
• Computernetzwerke - in German (VIHIAB01)
• Information Security (VIHIM100 and VIHIM102)
• Security Protocols (VIHIM132)
• Cryptography and its Applications (VIHIM133)
• Foundations of Secure Electronic Commerce (VIHIM219)
• Network Security in Practice (VIHIM327)
• Security labs (VIHIM220 and VIHIM305)
• Economics of Security and Privacy (VIHIAV15)