EIT ICT Labs MASTER SCHOOL. Specialisations

Transcription

1 EIT ICT Labs MASTER SCHOOL Specialisations

2 S&P EIT ICT Labs Master Programme Security & Privacy The Learning outcomes of this major are: Understanding the concepts and technologies for achieving confidentiality, integrity, authenticity, and privacy protection for information processed across networks. Mastering the key principles underlying a constructive approach to secure systems, including threat characterization and subversion; confinement; fundamental abstractions, principles, and mechanisms; and life-cycle assurance. Being able to apply fundamental Information Systems Security Engineering principles and processes, as applied to the stages a life-cycle model in the context of a defence-in-depth protection strategy Recognizing potential vulnerabilities in networked systems by studying methods to obtain information about remote networks and how to exploit or subvert systems on that network. Being able to use current tools and techniques for assessing network attacks and vulnerability and for systematically reducing vulnerabilities and mitigating risks. Ability to examine security engineering concepts and practices from a system lifecycle perspective based on a systems thinking approach that supports assessment of system security behaviours based on dependencies, interactions, and emergent properties of system components in the context of functionality, scalability, interoperability, and maintainability. Competences in communication, knowledge integration, open innovation and technology management from the viewpoints of both business and technology. Business skills to understand and execute a business development process, and have insight in legal and societal aspects of security and privacy. More information: Contact: Jean-Pierre Seifert

3 Specialisations Specialisations are provided during the second year. The S&P major offers 6 specialisations, each at a different location. To meet the requirements for geographic mobility, the chosen exit point needs to differ from the chosen entry point. High Assurance Systems at TU Berlin Applied Security at University of Trento System Security at TU Darmstadt Information Security and Privacy at University of Saarbrücken Advanced Cryptography at ELTE Network Security at University of Twente

4 High Assurance Systems (TU Berlin) Jean-Pierre Seifert studied computer science and mathematics at Johann-Wolfgang-Goethe-University in Frankfurt/Main. He received his PhD with distinction under Prof. Dr. Claus Schnorr, one of the most important figures in the field of secure information systems. Afterwards Seifert gained intensive practical experience working in the research and development departments for hardware security at Infineon (Munich) and Intel (Portland). At Intel, Prof. Seifert has been responsible for the design and integration of new CPU security instructions for their micro-processors that are now present in all Intel micro-processors. From 2007 to 2008 he developed the worldwide first commercial secure cell-phone for Samsung Electronics (San Jose) based on the Linux operating system. Since the end of 2008 Jean-Pierre Seifert has been a full Professor chairing the group Security in Telecommunications at TU Berlin. This professorship is at the same time related with the management of the identically-named research field at Deutsche Telekom Laboratories, the research and development institute of Deutsche Telekom at TU Berlin. In 2002 Prof. Seifert has been honored by Infineon with the Inventor of the Year award and has received as well two Intel Achievement Awards in 2006 for his new CPU security instructions for the Intel micro-processors. More than 40 patents have been granted to Prof. Seifert in the field of computer security. Security and Privacy are the main aspects of what customers expect from IT-based systems. Moreover, customers need to trust the dependability of the systems, which in addition to confidentiality and integrity comprises availability and robustness. The specialisation focuses on the interrelationship between security aspects and dependability, thus putting security in a wider context and exploring its role in this context. Contact: Jean-Pierre Seifert

5 High Assurance Systems Specialisation Mandatory Courses (min. 20 ECTS): Hardware Security Telecommunication Security Foundations of Computer Security Advanced Computer Security Topics Dependable and Secure Systems 4-8 ECTS 4-8 ECTS 4-8 ECTS 4-8 ECTS 4-8 ECTS

6 Network Security (University of Twente) Prof. Dr. Frank Kargl is Professor at the Distributed and Embedded Security (DIES) Research Group at University of Twente in the Netherlands. Beyond, he is also chair of distributed systems at University of Ulm, Germany. His research focuses on security and privacy in mobile systems and wireless networks, especially investigating Intelligent Transport Systems and Vehicle Networks. Among other activities, he is the coordinator of the European research project PRESERVE where a practical V2X security solution is developed and field tested. Beyond, he is also involved in a lot of other research and teaching activities, notably teaching the security and privacy in the Mobile Systems Course. This specialisation looks at security of communication networks in all their forms, putting emphasis on newer developments and special challenges arising thereby. One special focus is emerging wireless and dynamic networks like ad-hoc networks, WSNs, or VANETs where issues like collaboration incentives or the absence of protection perimeters lead to new forms of security systems that may also become relevant in a future more dynamic internet. The specialisation extends network security knowledge from the basic course in year 1. It introduces new aspects of network security, like security and privacy in mobile systems or cyber crime. The specialisation takes a very practical approach to network security as it includes a mandatory hands-on lab, the so-called Hacker s Hut. Motivation: Networked systems get more and more ubiquitous and diverse. They are applied in more and more critical systems now, including sensor networks, smart meters, industrial control systems, and the Internet. Especially incarnations of wireless communication and dynamic forms of networking like P2P or ad-hoc networks raise new security and privacy challenges. Wireless communication facilitates eavesdropping or denialof-service attacks, dynamic networking like in Vehicular Ad-hoc Networks creates issues about enforcing collaboration, data consistency, etc.. So a strong background in network security and its various forms is a highly interesting specialisation for a security expert. Contact: Frank Kargl

7 Network Security Specialisation Mandatory Courses (12 ECTS): Security and Privacy in Mobile Systems Practical Network Security Lab Hacker s Hut Network Security Specialisation Electives: Cyber Crime Science Secure Data Management

8 Advanced Cryptography (ELTE) Peter Sziklai got his PhD at Eötvös L. University, Budapest, in He is an associate professor at the Department of Computer Science at Eötvös University, and leads the ELTECRYPT applied research group there. Besides his teaching duties he is an advisor of MSc and PhD students and takes part in several pure and applied research projects at national and international level. Levente Buttyán earned his Ph.D. degree from the Swiss Federal Institute of Technology - Lausanne (EPFL) in He is an associate professor at BUTE and leads the Laboratory of Cryptography and Systems Security (CrySyS Lab). His main research interests are in the design and analysis of secure protocols and privacy enhancing mechanisms for wireless networked embedded systems (including wireless sensor networks, mesh networks, vehicular communications, and RFID systems). Recently, he has been involved in the analysis of Duqu and Flame (aka skywiper), two pieces of important malware related to Stuxnet and cyber espionage in the Middle East. Levente Buttyán has carried out and leaded research in various international research projects. Besides research, he has been teaching courses on network security and electronic commerce in the MSc program at BUTE, and gave invited lectures at various places. He is also providing consulting services, and he has recently founded a spin-off called Tresorit with some of his students. Security and Privacy are crucial issues for citizens and customers using IT-based systems. The specialisation focuses on the general ideas, techniques and methods of Applied Cryptography as well as on the theoretical background and solid knowledge, putting security in a wider context. Security and Privacy is considered both from the technological and from the economical point of view, which supports decisions in many practical cases. Applied cryptography serves as a base for most of the secure IT-systems (e.g. in Future Media and Content Delivery, Smart Spaces, Digital cities, Health and ICT-Mediated Human Activity, and Enabling the Internet of the Future).

9 Graduates are able to manage all the typical cryptographic challenges in IT-Systems, able to develop cryptosystems under various circumstances, aware of the theoretical and practical background, and offered internships at our partner IT companies and research institutes. Contact: Peter Sziklai + Levente Buttyán Advanced Cryptography Specialisation Mandatory Courses (24 ECTS): Advanced Cryptography Cryptography and its Applications Cryptographic Protocols Economics of Security and Privacy Advanced Cryptography Specialisation Electives: Applied Cryptography Project Seminar

10 Information Security and Privacy (Saarland University) Prof. Michael Backes is the coordinator of the Security and Privacy major at Saarland University, Germany. He is a full professor at the Department of Computer Science and leads the Center for IT- Security, Privacy and Accountability (CISPA) located at Saarland University. In addition, he founded a spin-off company called Backes:SRT that develops technologies to improve data protection in secure communication. Furthermore, he is supervising 10 graduate students which are highly involved in teaching and advising bachelor s and master s theses. Christian Hammer is an assistant professor at CISPA, Saarland University and is the faculty contact for the Security and Privacy major at this node. His research interests includes systems security, in particular for the andriod platform, and web security in the context of javascript. His research on security for programming languages centers around information flow control techniques, that control where secret infromation is allowed to be used. He also collaborates with IBM Research to investigate secure multicore programming. The Information Security and Privacy specialisation connects provably secure and privacypreserving concepts with practically deployable applications. This area offers many possible directions for the students such as Android Security, Web Security, or Synthesis of Distributed Applications, to name a few. Working on these concrete domains, the student learns how to use complex cryptographic primitives as well as information flow analyses in order to guarantee privacy of software systems. In the last 6 months of their studies, students choose a topic for their master s thesis. The topic can be based on an idea of the student, or the student can approach a professor to suggest a topic tailored to the individual interest and previous knowledge of the student. For instance, a student interested in android security could contribute to AppGuard, which is an application allowing selective revocation of permissions on android. Contact: Michael Backes + Christian Hammer

11 Information Security and Privacy Specialisation Electives (34 ECTS): Information Security and Privacy Privacy Enhancing Technologies Formal Methods in Information Security and Privacy Practical Aspects of Information Security Seminar on Selected Topics in Information Security and Privacy 9 ECTS 7 ECTS

12 System Security (TU Darmstadt) Prof. Dr. Matthias Hollick is a full professor at TU Darmstadt, where he is heading the Secure Mobile Networking Lab (SEEMOO), which is part of the Center for Advanced Security Research Darmstadt (CASED). His research interests lie in the areas of security, resiliency, and quality of service for mobile and wireless networks. Prof. Dr. Stefan Katzenbeisser is a full professor at TU Darmstadt, where he is heading the Secureity Engineering Lab (SecEng). His main research interests are in the area of the design and analysis of cryptographic protocols, privacy-enahnaicng technologies, and software security. The system security specialisation emphasizes on the IT security aspects of large and complex networked systems such Smart Energy Systems, Digital Cities, the Future Internet, etc. It thus provides a direct link to the respective thematic areas of the EIT ICT Labs research and innovation agenda. These areas are characterized by an increasing complexity of the underlying ICT systems. More precisely, they comprise a multitude of software and hardware components, which in combination form complex ICT systems. IT security and privacy needs to acknowledge such complex ICT, and go beyond a narrow and specialized focus. With the system security specialisation, TU Darmstadt will equip the next generation of security researchers, entrepreneurs, and professionals with the necessary knowledge to master ICT security and privacy in a networked world. Contact: Matthias Hollick + Stefan Katzenbeisser Specialisation courses (the course catalogue varies for the 3 rd and 4 th term; courses marked with an asterisk (*) are generally offered in the summer term. I.e. they are available, if the students perform their final thesis already in the 3 rd term of the master program).

13 System Security Specialisation Mandatory Courses (min. 2): Secure, Trusted and Trustworthy Computing Static and Dynamical Program Analysis * Operating Systems II: Dependability and Trust 8 ECTS * Privacy-Enhancing Technologies 3 ECTS Seminars/advanced seminars 3-4 ECTS System Security Specialisation Electives 3 rd Term: Security Requirements Engineering Cryptographic Pearls Post-quantum Cryptography Operating Systems Lab Exercises in System Security 4 ECTS 8 ECTS 3 - System Security Specialisation Electives 4 th Term: Security Requirements Engineering 4 ECTS * Secure Mobile Systems 3 ECTS * Embedded System Security * Cryptographic Protocols * Formal Methods in Information Security 9 ECTS Lab Exercises in System Security 3 -

14 Applied Security (University of Trento) Prof. Dr. Fabio Massacci received a M.Eng. in 1993 and Ph.D. in Computer Science and Engineering at University of Rome La Sapienza in He visited Cambridge University in and was visiting researcher at IRIT Toulouse in He joined the University of Siena as assistant professor in 1999, and in 2001 he became a full professor at the University of Trento.His research interests are in security requirements engineering and verification and load-time security for mobile and embedded systems (Securityby-Contract). He co-founded the ESSOS with W. Jousen, Engineering Secure Software and Systems Symposium, which aims at bringing together requirements, software engineers and security experts. He was leading the Empirical Security Requirements and Risk Engineering Challenge (ERISE). He has been a scientific coordinator of multimillion-euro EU projects on security compliance, security engineering and secure evolution. In many practical contexts such as Digital Cities or Smart Energy Systems, Security and Privacy are seen by IT vendors as additional costs which customers are not really willing to pay for. Even in the framework of cyber security low protection mechanisms might be chosen to save costs. The specialisation focuses on the challenge of guaranteeing the right level of security to an application that is substantiated by empirical evidence. Graduates are able to: identify the appropriate security technology that can be deployed develop appropriate solutions for the industry scenarios of cyber security and citizen s security describe and justify the benefits for such choices based on empirical results Contact: Fabio Massacci

15 Applied Security Specialisation Mandatory Courses (): Empirical Methods for Security Applied Security Specialisation Electives: Laboratory of Applied Cryptography Laboratory of Network and System Security Applied Formal Methods for Security