ELTE IK fejléc
Navigációs hivatkozások átugrása
About
Application & Admission
Service Design and Engineering
Security and Privacy
Contact
 
 
Navigációs hivatkozások átugrása
About
Application & Admission
Service Design and Engineering
Security and Privacy
Contact
Security and Privacy

Security and Privacy is one of the 7 technical majors offered by EIT ICT Labs Master School.

Entry points:

Exit points:

Learning outcomes

  • Understanding the concepts and technologies for achieving confidentiality, integrity, authenticity, and privacy protection for information processed across networks.
  • Mastering the key principles underlying a constructive approach to secure systems, including threat characterization and subversion; confinement; fundamental abstractions, principles, and mechanisms; and life-cycle assurance.
  • Being able to apply fundamental Information Systems Security Engineering principles and processes, as applied to the stages of the ISSE life-cycle model in the context of a defense-in-depth protection strategy.
  • Recognizing potential vulnerabilities in networked systems by studying methods to obtain information about remote networks and how to exploit or subvert systems on that network.
  • Being able to use current tools and techniques for assessing network attacks and vulnerability and for systematically reducing vulnerabilities and mitigating risks.
  • Ability to examine security engineering concepts and practices from a system life-cycle perspective based on a “systems thinking” approach that supports assessment of system security behaviours based on dependencies, interactions, and emergent properties of system components in the context of functionality, scalability, interoperability, and maintainability.
  • Competences in communication, knowledge integration, open innovation and technology management from the viewpoints of both business and technology.
  • Business skills to understand and execute a business development process, and have insight in legal and societal aspects of security and privacy.

The common base (first year)

Introduction to Computer Security

Description: Definitions of basic security terms,  Security Goals (CIA), Risks, Vulnerabilities, Attacks, Basic Cryptography and Cryptography Protocols (e.g., Kerberos, SSL), Threats in IT systems (Malware, targeted attacks, …), Security Mechanisms (Authentication, Access Control, Network Security FW IDS, Browser, Email), Physical Security 
Example Literature: Ross Anderson: Introduction to Computer Security, William Stallings: Computer Security – Principles and Practice.

Network Security

Description: Firewalls, IDS (signature-, anomaly-based), IPsec (IKE), Malware, Remote Attacks, Protocol Attacks (ARP, DNS, Routing, ICMP), Non-IP Network Security (SS7, layer 2), Mobile Networks (WLAN).
Example Literature: William Stallings: Network Security – Principles and Practice.

System security

Description: Overflows Attacks, Language-level security, Application-level security, Web-based Attacks (OWASP), Formal verification, Sandboxing, Isolation.
Example Literature: Gary McGraw: Software Security Library.

Information Security Management

Description: Security policies. Roles. Classifications. Assets and threats. Risk, vulnerability, control, attack, damage. Risk analysis. Methods/tools for risk analysis. CERTs. Risk assessment and risk management. Code of Practise for Information Security (BS7799). Evaluation of information security, like ITSEC and the Common Criteria. Security plan, attack trees, business continuity planning/incident recovery. Legal issues: patents and copyright.

Cryptography

Description: Advanced Cryptography, Cryptoanalysis, Randomness, Adversary Models, Zero-Knowledge, Side-Channel Attacks. 
Example Literature: Henk van Tilborg: Fundamentals of Cryptology, Stallings: Cryptography & Network Security – Principle and Practice.

Privacy

Description: Privacy, Data Protection, Legal Basis, Privacy Enhancing Technologies, Privacy by Design, Privacy Assessment, Location Privacy.

Specializations

High Assurance Systems (TU Berlin)

Description:  Security and Privacy are the main aspects of what customers expect from IT-based systems. Moreover, customers need to trust the dependability of the systems, which in addition to confidentiality and integrity comprises availability and robustness. The specialization focuses on the interrelationship between security aspects and dependability, thus putting security in a wider context and exploring its role in this context.
Learning Outcomes: Graduates are able to
• analyze the availability and reliability of IT-Systems based on data of the components.
• develop up-to-date solutions for high assurance.
• describe and assess the interplay between security and dependability.

Network Security (3TU)

Description: This specialization will look at security of networks in all their forms, putting emphasis on newer developments and special challenges arising thereby. One special focus will be emerging wireless and dynamic networks like ad-hoc networks, WSNs, or VANETs where issues like collaboration incentives or the absence of protection perimeters lead to new forms of security systems that may also become relevant in a future more dynamic internet. The specialization will take a very practical approach to network security and include a mandatory hands-on lab.
Learning Outcomes: Graduates are able to
• understand and analyze the security and privacy requirements and characteristics of networked systems.
• perform practical security analysis and evaluations in real-world systems.
• contribute to the design of secure networks.

Information Security and Privacy (Saarland U.)

Description: The need of collaborative information management and consumption from any location in the world using high speed connections on the one hand, and the requirements to provide information security and privacy in a mobile and decentralized setting on the other hand are contradicting interests at first glance. However, both have to be provided as one solution in the future.
Learning Outcomes: Graduates are able to
• understand the fundamental concepts of cryptography and their application in common scenarios is practise
• to assess the degree of security of the respective cryptographic concept
• apply, and – if necessary, – to adapt those concepts to different applications
• understand the fundamental concept of security protocols, security policies, network security, media security and security engineering understand how security holes can be exploited and how we are able to prevent this.

Advanced Cryptography (ELTE)

Description: Security and Privacy are very important for citizens and customers using IT-based systems. The specialization focuses on the general ideas, techniques and methods of Applied Cryptography as well as on the theoretical background and solid knowledge, putting security in a wider context. Security and Privacy is considered both from the technological and from the economical point of view, which supports decisions in many practical cases.
Learning Outcomes: Graduates are
• able to manage all the typical cryptographic challenges in IT-Systems
• able to develop cryptosystems under various circumstances
• aware of the theoretical and practical background.

System Security (TU Darmstadt)

Description: The EIT Action Lines research and innovate in the areas of complex networked systems such as Smart Spaces, Smart Energy Systems, Digital Cities, the Future Internet, etc. The aforementioned areas are characterized by an increasing complexity of the underlying ICT systems. More precisely, these systems comprise of a multitude of software and hardware components, which in combination form complex ICT systems.
Learning Outcomes:
• Graduates are able to use their fundamental knowledge for addressing the security of complex ICT systems and infrastructures. Based on the basic knowledge obtained in year 1 of the Master program, the specialization equips the student with the theoretical foundation to model information security systems as well as to design secure, trusted and trustworthy computing systems. 
• the electives add a further specialization in different kinds of ICT systems such as mobile computing, operating systems, cryptographic protocols/applied cryptography for use in complex systems, etc.
• the successful students will acquire knowledge, experience, and skills to design, implement, and operate secure IT infrastructures.

Applied Security (UNITN)

Description:  In many practical contexts such as Digital Cities or Smart energy systems Security and Privacy are seen by IT vendors as additional costs which customers are not really willing to pay for. Even in the framework of cyber security low protection mechanisms might be chosen to save costs. The specialization focuses on the challenge of guaranteeing the right level of security to an application that is substantiated by empirical evidence.
Learning Outcomes: Graduates are able to
• identify the appropriate security technology that can be deployed.
• develop appropriate solutions for the industry scenarios of cybersecurity and citizen’s security .
• describe and justify the benefits for such choices based on empirical results.