IT Security (MSc major specialization in the Computer Engineering program)
The IT Security major specialization introduces the main security problems of IT systems and the approaches, methods, and tools used to solve those problems. We put the emphasis on practical applications, while students also get familiar with the security analysis techniques and design principles through the analysis of different security solutions. Those who complete the IT Security major specialization are able to identify security problems in practical IT systems, analyze and understand such problems, and design and develop appropriate security solutions. The students also learn when and how to apply cryptography to practical security problems.
The IT Security major specialization consists of four courses (Software Security (VIHIMA21), Computer and Network Security (VIHIMA23), Cryptographic Protocols (VIHIMB08), Security of Machine Learning (VIHIMB09)) and two lab exercises (Software Security Laboratory (VIHIMA22), Computer and Network Security Laboratory (VIHIMB07)). We also supervise student semester and diploma projects.
In the past: IT Security (MSc minor specialization in the Computer Science program)
This course introduces security problems in software development: students will learn the most common mistakes in software development and how attackers exploit those mistakes (offensive security). Then, students get to know how to mitigate attacks and write secure applications.
Topics: secure software development lifecycle; security testing; web security; secure API design; secure coding in Java & C#; iOS security; Android security; secure coding in C/C++; machine learning in software development
This laboratory extends and deepens the knowledge and skills obtained in the Software Security course by solving practical, hands-on exercises in real, or close-to-real environments.
Topics: secure software development lifecycle; security testing; web security; secure API design; secure coding in Java & C#; iOS security; Android security; secure coding in C/C++; machine learning in software development
The course introduces security problems in computing and networked systems, as well as the principles, practical mechanisms, and tools used to solve them. The term computer is interpreted in a broad sense, and it includes personal computers, servers, mobile devices, and embedded computers. The course covers physical security and OS level security of computers, and the problem of malicious software (malware). It also covers issues related to secure operation of networks in practice, including modern tools and techniques used to ensure security. Students get theoretical knowledge and practical skills that form the basis of secure network operations, and allow them to assess security risks, understand threats and vulnerabilities, select and integrate appropriate security solutions, and to design new security mechanisms. The course also serves as a basis for obtaining skills in penetration testing and ethical hacking of networks.
Topics: operating systems security; malware techniques, detection, and analysis; security of mobile platforms; virtualization security; incident response and digital forensics; tamper resistance and physical security; network penetration testing; firewalls; intrusion detection/prevention systems, SIEMs; honeypots; network infrastructure security (e.g., DNSSEC); spam filtering; industrial control network security
We offer semester and diploma projects that are related to the research activities in the lab, or proposed by our industrial partners, therefore, they provide the opportunity for the students to join our research and development projects, or collaborate with our industrial partners.
If you are a student interested in any of our current project proposals, please, get in touch with the given contact person of the project before officially applying. The contact person will let you know the necessary steps for taking the project officially.
We pay special attention to attract and work with students interested in IT security. To discover talented students, we organize the annual CrySyS Security Challenge, which is a hacking contest with exciting problems to solve. For students, the Sec Challenge provides a platform for "learning by doing"; for us, it is a vehicle to discover students talented in hacking. We also identify talents in the classroom and by supervising semester projects.
Those who prove to be strongly interested in IT security and committed to hard working are invited to join the CrySyS Student Core, which is a community-of-practice consisting of talented students. Core members meet once a week to expand their knowledge by discussing specific topics in system and network security, to prepare for CTF competitions, to socialize, and to have fun by spending time with other geeks of similar interest.
The current CTF team of the Student Core is called c0r3dump, which is a team of fast improving young hackers who love to spend their week-ends with participating at international CTF games.
To help students bootstrapping their IT security activity, preparing for the Sec Challenge, and ultimately to get invited to the Student Core, we organize an IT Security Bootcamp. Interested in joining and becoming part of a live community? Contact András Gazdag or Levente Buttyán.
Avatao is an online e-learning platform offering IT security challenges for everyone interested in improving their skills in computer security, web security, applied cryptography, and many more sub-domains of IT security. The development of the platform was started in the CrySyS Lab before it was spun off into a standalone company. However, we continue to use the Avatao platform in our teaching as the infrastructure for the CrySyS Security Challenge, as well as for course homeworks and lab exercises. If you are interested in avatao, please contact Gabor Pek.