IT Security MSc major specialization (Computer Engineering)

Department of Networked Systems and Services -
Laboratory of Cryptography and System Security (CrySyS Lab) -

Motivations and objectives

Security is one of the major challenges in today's information systems and communication networks, as well as in embedded systems. We can hear more and more about security problems, vulnerabilities, and successful exploits in cloud services, on mobile platforms, in the Internet and on the Web, in social networks, in wireless networks, in industrial control systems, in the Internet of Things (IoT), and even in machine learning-based systems. As a consequence, there is a huge need for security experts in all domains of information and communication technologies.

The objective of the IT Security major specialization is to introduce to the students the main security problems of IT systems and the approaches, methods, and tools used to solve those problems. We put the emphasis on practical applications; however, through the analysis of different security solutions, the students also get familiar with the security analysis techniques and design principles. Those who complete the IT Security major specialization will be able to identify, understand, and analyze security problems arising at different architectural levels of IT systems, to understand and apply typical methods and tools to solve security problems, and to designing and implement new security mechanisms and architectures.

The knowledge and skills obtained in the IT Security specialization can be valuable in many sub-fields of computer science and engineering. Note that there are plenty of application developers and network engineers, but only a small fraction of them are knowledgeable in security too. The IT Security specialization provides an added value that makes our students unique and highly demanded on the job market.



Software Security (VIHIMA21)

secure software development lifecycle; security testing; web security; secure API design; secure coding in Java & C#; iOS security; Android security; secure coding in C/C++; machine learning in software development

Computer and Network Security (VIHIMA23)

OS and firmware security, mobile platform security, virtualization and container security, malware, network penetration testing (ethical hacking), firewalls and intrusion detection systems, network traffic monitoring, log analysis

Cryptographic Protocols (VIHIMB08)

symmetric and asymmetric key cryptographic primitives, key management, random number generation, TLS (web), WPA2 (WiFi), full disk encryption, other cryptographic applications

Security of Machine Learning (VIHIMB09)

manipulation of decisions, training data poisoning, backdoors and Trojans against ML models, reconstruction of training data, model stealing, attacking the explainability of models

Laboratory exercises:

Software Security Laboratory (VIHIMA22)

software security testing, security of web-based applications, security of mobile apps, security of managed languages, memory corruption attacks

Computer and Network Security Laboratory (VIHIMB07)

access control, digital forensics (hard disk and memory), network traffic monitoring and analysis, firewall configuration, VPN configuration, network penetration testing, IoT systems security

Semester and diploma projects:

The semester and diploma projects offered are typically related to the research activities in the CrySyS Lab, or proposed by our industrial partners, therefore, they provide the opportunity for the students to join the research and development projects of the CrySyS Lab, or collaborate with our industrial partners.

The currently available project proposals can be found here:


The purpose of the intership is to get familiar with the industrial environment and to deepen the knowledge obtained at the university. We help students to obtain intern positions at the industrial partners of the CrySyS Lab.

Recommended elective courses:

Recommended prior courses:

It may be useful, but not necessary, to complete the following BSc level course before beginning the IT Security major specialization:

Talent management:

In every year, the CrySyS Lab organizes the CrySyS Security Challenge, which is a hacking contest for students. Those who perform outstandingly at this competition are invited to the CrySyS Student Core, which is a club of talented students enthusiast for security. The Student Core has a weekly meeting, where the students can discuss various topics in IT security, prepare for international capture-the-flag games, and have fun in general. Successful hacker teams, such as !SpamAndHex and c0r3dump have grown out of our Student Core and achieved remarkable results at various CTF games in the past. Many of the formal core members have been employed by top IT companies like Google, Prezi, LogMeIn, Tresorit, and Balabit.

CrySyS Lab

The CrySyS Lab is committed to perform internationally recognized, high quality teaching and research activities in the field of IT Security. The main research focus of the lab is security of cyber-physical systems, including industrial control systems, vehicles, and the Internet of Things. The lab is also active in the field of security of machine learning and the field of economics of security and privacy. The lab is perhaps best known for discovering, naming, and analyzing the Duqu cyber espionage malware. First detailed technical analyses on Flame, MiniDuke, and TeamSpy were also published by the CrySyS Lab. The lab intensively participates in international R&D projects, it has an outstanding publication record, and its expertise is widely known and respected. A number of spin-offs started from the CrySyS Lab, including Tresorit, Ukatemi Technologies, and Avatao.

Responsible faculty member and contact

Dr. Levente Buttyán, Professor

BME Department of Networked Systems and Services,
Laboratory of Cryptography and System Security (CrySyS Lab)
e-mail: buttyan (at)
tel: +36 1 463 1803