Security is one of the major challenges in today's information systems and communication networks, as well as in embedded systems. We can hear more and more about security problems, vulnerabilities, and successful exploits in cloud services, on mobile platforms, in the Internet and on the Web, in social networks, in wireless networks, in industrial control systems, in the Internet of Things (IoT), and even in machine learning-based systems. As a consequence, there is a huge need for security experts in all domains of information and communication technologies.
The objective of the IT Security major specialization is to introduce to the students the main security problems of IT systems and the approaches, methods, and tools used to solve those problems. We put the emphasis on practical applications; however, through the analysis of different security solutions, the students also get familiar with the security analysis techniques and design principles. Those who complete the IT Security major specialization will be able to identify, understand, and analyze security problems arising at different architectural levels of IT systems, to understand and apply typical methods and tools to solve security problems, and to designing and implement new security mechanisms and architectures.
The knowledge and skills obtained in the IT Security specialization can be valuable in many sub-fields of computer science and engineering. Note that there are plenty of application developers and network engineers, but only a small fraction of them are knowledgeable in security too. The IT Security specialization provides an added value that makes our students unique and highly demanded on the job market.
secure software development lifecycle; security testing; web security; secure API design; secure coding in Java & C#; iOS security; Android security; secure coding in C/C++; machine learning in software development
OS and firmware security, mobile platform security, virtualization and container security, malware, network penetration testing (ethical hacking), firewalls and intrusion detection systems, network traffic monitoring, log analysis
symmetric and asymmetric key cryptographic primitives, key management, random number generation, TLS (web), WPA2 (WiFi), full disk encryption, other cryptographic applications
manipulation of decisions, training data poisoning, backdoors and Trojans against ML models, reconstruction of training data, model stealing, attacking the explainability of models
software security testing, security of web-based applications, security of mobile apps, security of managed languages, memory corruption attacks
access control, digital forensics (hard disk and memory), network traffic monitoring and analysis, firewall configuration, VPN configuration, network penetration testing, IoT systems security
The semester and diploma projects offered are typically related to the research activities in the CrySyS Lab, or proposed by our industrial partners, therefore, they provide the opportunity for the students to join the research and development projects of the CrySyS Lab, or collaborate with our industrial partners.
The currently available project proposals can be found here: https://www.crysys.hu/education/projects/
The purpose of the intership is to get familiar with the industrial environment and to deepen the knowledge obtained at the university. We help students to obtain intern positions at the industrial partners of the CrySyS Lab.
It may be useful, but not necessary, to complete the following BSc level course before beginning the IT Security major specialization:
In every year, the CrySyS Lab organizes the CrySyS Security Challenge, which is a hacking contest for students. Those who perform outstandingly at this competition are invited to the CrySyS Student Core, which is a club of talented students enthusiast for security. The Student Core has a weekly meeting, where the students can discuss various topics in IT security, prepare for international capture-the-flag games, and have fun in general. Successful hacker teams, such as !SpamAndHex and c0r3dump have grown out of our Student Core and achieved remarkable results at various CTF games in the past. Many of the formal core members have been employed by top IT companies like Google, Prezi, LogMeIn, Tresorit, and Balabit.
The CrySyS Lab is committed to perform internationally recognized, high quality teaching and research activities in the field of IT Security. The main research focus of the lab is security of cyber-physical systems, including industrial control systems, vehicles, and the Internet of Things. The lab is also active in the field of security of machine learning and the field of economics of security and privacy. The lab is perhaps best known for discovering, naming, and analyzing the Duqu cyber espionage malware. First detailed technical analyses on Flame, MiniDuke, and TeamSpy were also published by the CrySyS Lab. The lab intensively participates in international R&D projects, it has an outstanding publication record, and its expertise is widely known and respected. A number of spin-offs started from the CrySyS Lab, including Tresorit, Ukatemi Technologies, and Avatao.
Dr. Levente Buttyán, Professor
BME Department of Networked Systems and Services,
Laboratory of Cryptography and System Security (CrySyS Lab)
e-mail: buttyan (at) crysys.hu
tel: +36 1 463 1803