Security

The Internet of Things (IoT) is a networking paradigm which enables different devices (from thermostats to autonomous vehicles) to collect valuable information and exchange it with other devices using different communications protocols over the Internet. This technology allows to analyse and correlate heterogeneous sources of information, extract valuable insights, and enable better decision processes. Although the IoT has the potential to revolutionise a variety of industries, such as healthcare, agriculture, transportation, and manufacturing, IoT devices also introduce new cybersecurity risks and challenges. In this course, the students will obtain an in-depth understanding of the Internet of Things (IoT) and the associated cybersecurity challenges. The course covers the fundamentals of IoT and its applications, the communication protocols used in IoT systems, the cybersecurity threats to IoT, and the countermeasures that can be deployed. The course is split in four main modules, described as follows: Understand and illustrate the basic concepts of the IoT paradigm and its applications Discern benefits and drawback of the most common IoT communication protocols Identify the cybersecurity threats associated with IoT systems Know and select the appropriate cybersecurity countermeasures Course Plan Module 1: Introduction to IoT Definition and characteristics of IoT IoT architecture and components Applications of IoT Module 2: Communication Protocols for IoT Overview of communication protocols used in IoT MQTT, CoAP, and HTTP protocols Advantages and disadvantages of each protocol Module 3: Security Threats to IoT Overview of cybersecurity threats associated with IoT Understanding the risks associated with IoT Malware, DDoS, and phishing attacks Specific vulnerabilities in IoT devices and networks Module 4: Securing IoT Devices and Networks Overview of security measures for IoT systems Network segmentation, access control, and encryption Best practices for securing IoT devices and networks Organisation and Examination Credits and time table: 3 ECTS distributed over 10 weeks Scehduled online seminars: December 4th 2023, January 12th 2024 and February 9th 2024 Examination, one of the following: Analysis and presentation of relevant manuscripts in the literature Bring your own problem (BYOP) and solution. For example, analyse the cybersecurity of the IoT network of your company and propose improvements The number of participants in the course is limited, so please hurry with your application!

In this course, you will be made aware of the state-of-the-art in cybersecurity research and state of practice in industry. Cybersecurity vulnerabilities are a threat to progress in the business sector and society. This is an accelerating threat due to the current rapid digitalisation, which in manufacturing is termed Industry 4.0. Companies are aware of this threat and realise the need to invest in countermeasures, but development is hampered by lack of competence.  

The course has the objective to provide proficiency in cybersecurity analysis and design in industrial settings, with a special focus on smart factories and Industry 4.0. To that aim, you will learn about advanced cybersecurity concepts, methodologies and tools. You will also be able to apply your knowledge to case-studies of industrial relevance.

The course covers a comprehensive range of topics aimed at securing operating systems against various threats. It begins with an exploration of different hardening approaches, identification of default configuration weaknesses, and the implementation of the Zero-Trust model for network security. Participants learn to manage trusted sources for Linux installations and third-party software, as well as the significance of drivers and libraries signing. The course addresses OS patching and updating processes for Windows and Linux, cryptography for encrypting storage in both environments, and certificates management for secure communication. Participants also gain knowledge and skills in access and authentication methods, including the Least Privilege Principle, Role-Based Access Control (RBAC), and privilege access management tools.

This course covers areas of legal and ethical implications of ethical hacking. It also introduces detection and exploitation of vulnerabilities in IT infrastructure, including different reconnaissance techniques. The course provides in-depth understanding of the penetration testing phases, various attack vectors, and preventative countermeasures. The course encompasses that the student should learn to understand and discover weaknesses and vulnerabilities in information systems, perform the attacks, check the strength of existing security controls, etc.

Secure Software Architecture is a comprehensive course, focusing on practical implementation of security principles like essential principles such as zero trust, separation of duties, defense-in-depth, least privileges, etc. in modern on-premise and cloud infrastructures. Students will gain expertise in designing software systems that are not only functional but also resilient against cyber threats. Learn from industry experts, engage practical assignment, and master the art of adaptive security design. By course end, students will be equipped to create software architectures that stand strong in the face of modern challenges.

There is an increasing concern from users regarding the use and leakage of their personal data. Moreover, compliance with privacy regulations is required by the government and privacy should be incorporated by design and by default when developing software-intensive products and services. Hence, privacy has become a top challenge in software development and good privacy measures can improve data security and promote quality.