This course is delivered in the Computer Science BSc program in the 6th semester. The official syllabus is available on the faculty's web site. On this page, you will find the most recent administartive information related to the course, as well as the lecture slides, the homework description, and links to some recommended further readings. This site is continuously updated!
This course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those student who want to comtinue their studies at MSc level. We put special emphasis on software security and the practical aspects of developing secure programs.
1 project assignment and 1 test.
S = T + P, where T is the points obtained on the test (min 20, max 50 points) and P is the points obtained for the project result (min 20, max 50 points). Grading: excellent (5): S >= 85 points; good (4): S >= 70 points; satisfactory (3): S >= 55 points; pass (2): S >= 40 points; fail (1): P < 40 points.
Megbeszélés szerint, az előadóval előre egyeztetett időpontban.
Please contact the lecturer to schedule an appointment.
|2017.02.08.||Introduction and motivations||Buttyán L.|
|2017.02.15.||Cryptographic primitives||Buttyán L.|
|2017.02.22.||Cryptographic protocols||Buttyán L.|
|2017.03.01.||User authentication and access control basics||Buttyán L.|
|2017.03.08.||Memory corruption attacks and countermeasures||Buttyán L.|
|2017.03.15.||Cancelled (National Holiday)|
|2017.03.22.||Secure software development||Papp D.|
|2017.03.29.||Web and browser security||Gazdag A.|
|2017.04.05.||Mobile and cloud security||Gazdag A., Buttyán L.|
|2017.04.12.||Attacking networks and ethical hacking||Bencsáth B.|
|2017.04.19.||Defending networks (firewalls, IDS, honeypots)||Bencsáth B.|
|2017.04.26.||Privacy issues and PETs||Ács G.|
|2017.05.10.||Economics of security and privacy||Biczók G.|
The project assignment for the semester is available on the avatao.com platform. You should use this platform to access the challenges of the assignment, submit your solution, or in case of some challenges to launch the environment for the challenge. To be able to access and solve the challenges, you should first register with the avatao.com platform, join the 'BME IT Security' community, and take the path 'IT Security Homework'.
The path contains challenges that are related to the topics covered by the course. To fulfill the project assignment, you should solve these challenges. We recommend that you first try to solve every challenge on your own, without any help. However, if you get stuck, you can look at the hints available for each challenge and read part of the solution, or the whole solution, if you wish. The platform reduces the points available for a challenge if you access the hints, but we will not take that into account for this project assignment. In other words, you can access the hints, read them, and solve the challenge with that help. We expect you to spend some time on this and don't ask your mates for the solution, as you can read and understand it yourself. We also hope that some of you will take the challenges as real challenges and try to solve them without the hints. Remember that you can learn the most by DOING it, not just listening and reading about it.
Instead of the points given to you by the platform, we will track your activity: when you work on a challenge and how much time you spend with it. Every group of challenges on the path will have a deadline (see below), by which you should submit the solutions to those challenges if you want to get the max points for them. If you submit a solution after the deadline, you get only half of the points. If you don't submit any solution to a challenge, you don't get any points for that challenge. At the end, you project assignment points will be calculated based on your performance of submitting solutions in time.
Introduction and motivations, IT security in practice, Cryptographic primitives: March 5, 2017
Cryptographic protocols: March 12, 2017
User authentication and access control basics: March 19, 2017
Memory corruption attacks and countermeasures: March 26, 2017
Secure software development: April 2, 2017
Web and browser security: April 16, 2017
Attacking networks and ethical hacking: April 23, 2017
Malware: May 10, 2017