1 EIT ICT Labs MASTER SCHOOL S&P Programme Specialisations
2 S&P EIT ICT Labs Master Programme Security & Privacy The programme in Security and Privacy focuses on the study of the design, development and evaluation of secure computer systems, which are also capable of ensuring privacy for future ICT systems. It follows a constructive security approach to teach the very complex and challenging field of information assurance. The aim is to provide students with an understanding of the concepts and technologies for achieving confidentiality, integrity, authenticity, and privacy protection for information processed across networks. Topics include core network security principles, traffic filtering, traffic analysis, cryptography, tunneling and encapsulation, public-key infrastructure, remoteauthentication protocols, and virtual private networks.
3 The Learning outcomes of this programme are: Understanding the concepts and technologies for achieving confidentiality, integrity, authenticity, and privacy protection for information processed across networks. Mastering the key principles underlying a constructive approach to secure systems, including threat characterization and subversion; confinement; fundamental abstractions, principles, and mechanisms; and life-cycle assurance. Being able to apply fundamental Information Systems Security Engineering principles and processes, as applied to the stages a life-cycle model in the context of a defence-in-depth protection strategy Recognizing potential vulnerabilities in networked systems by studying methods to obtain information about remote networks and how to exploit or subvert systems on that network. Being able to use current tools and techniques for assessing network attacks and vulnerability and for systematically reducing vulnerabilities and mitigating risks. Ability to examine security engineering concepts and practices from a system lifecycle perspective based on a systems thinking approach that supports assessment of system security behaviours based on dependencies, interactions, and emergent properties of system components in the context of functionality, scalability, interoperability, and maintainability. Competences in communication, knowledge integration, open innovation and technology management from the viewpoints of both business and technology. Business skills to understand and execute a business development process, and have insight in legal and societal aspects of security and privacy. More information: Contact: Jean-Pierre Seifert
4 Specialisations Specialisations are provided during the second year. The S&P programme offers 6 specialisations, each at a different location. To meet the requirements for geographic mobility, the chosen exit point needs to differ from the chosen entry point. The specialisations cover: High Assurance Systems at TU Berlin Applied Security at University of Trento System Security at TU Darmstadt Information Security and Privacy at University of Saarbrücken Advanced Cryptography at ELTE Network Security at University of Twente
5 High Assurance Systems (TU Berlin) Jean-Pierre Seifert studied computer science and mathematics at Johann-Wolfgang-Goethe-University in Frankfurt am Main, Germany. He received his PhD with distinction under Prof. Dr. Claus Schnorr, one of the most important figures in the field of secure information systems. Afterwards Seifert gained intensive practical experience working in the Hardware Security R&D Departments at Infineon (Munich, Germany) and Intel (Portland, USA). At Intel, Prof. Seifert was responsible for the design and integration of new CPU security instructions that are now present in all Intel microprocessors. From 2007 to 2008, he developed the world s first commercially available secure cell-phone for Samsung Electronics (San Jose, USA) based on the Linux OS. Since late 2008, Jean-Pierre is a Full Professor and Chair of the Security in Telecommunications Group at TU Berlin (TUB). His professorship concurrently holds management responsibilities within the Security in Telecommunications Department at the Telekom Innovation Laboratories (T-Labs), Deutsche Telekom s R&D arm with offices at TUB. In 2002, Infineon honored Prof. Seifert with the Inventor of the Year award. In 2006, he received two Intel Achievement Awards for his contributions in securing Intel microprocessors. To date, Prof. Seifert has had over 40 patents granted in the computer security field. Contact: Jean-Pierre Seifert
6 High Assurance Systems Specialisation Mandatory Courses (min. 20 ECTS): Hardware Security Telecommunication Security Foundations of Computer Security Advanced Computer Security Topics Dependable and Secure Systems 4-8 ECTS 4-8 ECTS 4-8 ECTS 4-8 ECTS 4-8 ECTS
7 Network Security (University of Twente) Prof. Dr. Frank Kargl is professor at the Distributed and Embedded Security (DIES) Research Group at University of Twente in the Netherlands. Beyond, he is also chair of distributed systems at University of Ulm, Germany. His research focuses on security and privacy in mobile systems and wireless networks, especially investigating Intelligent Transport Systems and Vehicle Networks. Among other activities, he is the coordinator of the European research project PRESERVE where a practical V2X security solution is developed and field tested. Beyond, he is also involved in a lot of other research and teaching activities, notably teaching the security and privacy in the Mobile Systems Course. This specialisation looks at security of communication networks in all their forms, putting emphasis on newer developments and special challenges arising thereby. One special focus is emerging wireless and dynamic networks like ad-hoc networks, WSNs, or VANETs where issues like collaboration incentives or the absence of protection perimeters lead to new forms of security systems that may also become relevant in a future more dynamic internet. The specialisation extends network security knowledge from the basic course in year 1. It introduces new aspects of network security, like security and privacy in mobile systems or cyber crime. The specialisation takes a very practical approach to network security as it includes a mandatory hands-on lab, the so-called Hacker s Hut. Motivation: Networked systems get more and more ubiquitous and diverse. They are applied in more and more critical systems now, including sensor networks, smart meters, industrial control systems, and the Internet. Especially incarnations of wireless communication and dynamic forms of networking like P2P or ad-hoc networks raise new security and privacy challenges. Wireless communication facilitates eavesdropping or denialof-service attacks, dynamic networking like in Vehicular Ad-hoc Networks creates issues about enforcing collaboration, data consistency, etc.. So a strong background in network security and its various forms is a highly interesting specialisation for a security expert. Contact: Frank Kargl
8 Network Security Specialisation Mandatory Courses (12 ECTS): Security and Privacy in Mobile Systems Practical Network Security Lab Hacker s Hut Network Security Specialisation Electives: Cyber Crime Science Secure Data Management
9 Advanced Cryptography (ELTE - Eötvös Loránd University) Peter Sziklai got his PhD at Eötvös L. University, Budapest, in He is an Associate Professor at the Department of Computer Science at Eötvös University, and leads the ELTECRYPT applied research group there. Besides his teaching duties he is an advisor of MSc and PhD students and takes part in several pure and applied research projects at national and international level. Levente Buttyán earned his Ph.D. degree from the Swiss Federal Institute of Technology - Lausanne (EPFL) in He is an Associate Professor at BUTE and leads the Laboratory of Cryptography and Systems Security (CrySyS Lab). His main research interests are in the design and analysis of secure protocols and privacy enhancing mechanisms for wireless networked embedded systems (including wireless sensor networks, mesh networks, vehicular communications, and RFID systems). Recently, he has been involved in the analysis of Duqu and Flame (aka skywiper), two pieces of important malware related to Stuxnet and cyber espionage in the Middle East. Levente Buttyán has carried out and leaded research in various international research projects. Besides research, he has been teaching courses on network security and electronic commerce in the MSc programme at BUTE, and gave invited lectures at various places. He is also providing consulting services, and he has recently founded a spin-off called Tresorit with some of his students. Security and Privacy are crucial issues for citizens and customers using IT-based systems. The specialisation focuses on the general ideas, techniques and methods of Applied Cryptography as well as on the theoretical background and solid knowledge, putting security in a wider context. Security and Privacy is considered both from the technological and from the economical point of view, which supports decisions in many practical cases. Applied cryptography serves as a base for most of the secure IT-systems (e.g. in Future Media and Content Delivery, Smart Spaces, Digital cities, Health and ICT-Mediated Human Activity, and Enabling the Internet of the Future).
10 Graduates are able to manage all the typical cryptographic challenges in IT-Systems, able to develop cryptosystems under various circumstances, aware of the theoretical and practical background, and offered internships at our partner IT companies and research institutes. Contact: Peter Sziklai + Levente Buttyán Advanced Cryptography Specialisation Mandatory Courses (24 ECTS): Advanced Cryptography Cryptography and its Applications Cryptographic Protocols Economics of Security and Privacy Advanced Cryptography Specialisation Electives: Applied Cryptography Project Seminar
12 Information Security and Privacy Specialisation Electives (34 ECTS): Information Security and Privacy Privacy Enhancing Technologies Formal Methods in Information Security and Privacy Practical Aspects of Information Security Seminar on Selected Topics in Information Security and Privacy 9 ECTS 7 ECTS
13 System Security (TU Darmstadt) Prof. Dr. Matthias Hollick is a full professor at TU Darmstadt, where he heads the Secure Mobile Networking Lab (SEEMOO), which is part of the Center for Advanced Security Research Darmstadt (CASED). His research interests lie in the areas of security, resiliency, and quality of service for mobile and wireless networks. Prof. Dr. Stefan Katzenbeisser is a full professor at TU Darmstadt, where he heads the Secureity Engineering Lab (SecEng). His main research interests are in the area of the design and analysis of cryptographic protocols, privacy-enahnaicng technologies, and software security. The system security specialisation emphasizes on the IT security aspects of large and complex networked systems such Smart Energy Systems, Digital Cities, the Future Internet, etc. It thus provides a direct link to the respective thematic areas of the EIT ICT Labs research and innovation agenda. These areas are characterized by an increasing complexity of the underlying ICT systems. More precisely, they comprise a multitude of software and hardware components, which in combination form complex ICT systems. IT security and privacy needs to acknowledge such complex ICT, and go beyond a narrow and specialized focus. With the system security specialisation, TU Darmstadt will equip the next generation of security researchers, entrepreneurs, and professionals with the necessary knowledge to master ICT security and privacy in a networked world. Contact: Matthias Hollick + Stefan Katzenbeisser Specialisation courses (the course catalogue varies for the 3 rd and 4 th term; courses marked with an asterisk (*) are generally offered in the summer term. I.e. they are available, if the students perform their final thesis already in the 3 rd term of the master programme).
14 System Security Specialisation Mandatory Courses (min. 2): Secure, Trusted and Trustworthy Computing Static and Dynamical Program Analysis * Operating Systems II: Dependability and Trust 8 ECTS * Privacy-Enhancing Technologies 3 ECTS Seminars/advanced seminars 3-4 ECTS System Security Specialisation Electives 3 rd Term: Security Requirements Engineering Cryptographic Pearls Post-quantum Cryptography Operating Systems Lab Exercises in System Security 4 ECTS 8 ECTS 3 - System Security Specialisation Electives 4 th Term: Security Requirements Engineering 4 ECTS * Secure Mobile Systems 3 ECTS * Embedded System Security * Cryptographic Protocols * Formal Methods in Information Security 9 ECTS Lab Exercises in System Security 3 -
15 Applied Security (University of Trento) Prof. Dr. Fabio Massacci received a M.Eng. in 1993 and Ph.D. in Computer Science and Engineering at University of Rome La Sapienza in He visited Cambridge University in and was visiting researcher at IRIT Toulouse in He joined the University of Siena as assistant professor in 1999, and in 2001 he became a full professor at the University of Trento.His research interests are in security requirements engineering and verification and load-time security for mobile and embedded systems (Securityby-Contract). He co-founded the ESSOS with W. Jousen, Engineering Secure Software and Systems Symposium, which aims at bringing together requirements, software engineers and security experts. He was leading the Empirical Security Requirements and Risk Engineering Challenge (ERISE). He has been a scientific coordinator of multimillion-euro EU projects on security compliance, security engineering and secure evolution. In many practical contexts such as Digital Cities or Smart Energy Systems, Security and Privacy are seen by IT vendors as additional costs which customers are not really willing to pay for. Even in the framework of cyber security low protection mechanisms might be chosen to save costs. The specialisation focuses on the challenge of guaranteeing the right level of security to an application that is substantiated by empirical evidence. Graduates are able to: identify the appropriate security technology that can be deployed develop appropriate solutions for the industry scenarios of cyber security and citizen s security describe and justify the benefits for such choices based on empirical results Contact: Fabio Massacci
16 Applied Security Specialisation Mandatory Courses (): Empirical Methods for Security Applied Security Specialisation Electives: Laboratory of Applied Cryptography Laboratory of Network and System Security Applied Formal Methods for Security