Cybersecurity and Ethical Hacking

Specifics of the Android operating system regarding security (e.g. SE-Linux, app isolation, inter-process communication) for mobile applications are discussed. Secure programming in the programming language Kotlin (Idiomatic Kotlin, Concurrency Patterns) is the basis for Android applications that incorporate data from web services, sensors and actuators. Understanding of risks, attacks and malware for Android applications is necessary in order to carry out reverse engineering or attacks independently. Finally, applications can be secured against attacks (hardening).

A central and critical aspect of computer security is software problems. Software security deals with the identification and active handling of security risks. Software security starts with good software engineering practices and includes the consideration of security aspects at every stage of the software development cycle. At a glance, this concerns the “Secure Software Development Lifecycle”, “Secure Coding and Design Principles” and code analysis

The following topics are covered within the lecture: Number Theory, Review linear algebra, Galois Fields in a Nutshell, Asymetric primitives (RSA, Diffie-Hellman), Hashes, Symmetric Primitives (DES/AES/etc.), Key Exchange Protocols, Authentication Protocols, Zero-Knowledge Protocols, Public Key Infrastructure

Definition and characteristics of cloud computing, service and delivery models, practical experience with IaaS, PaaS and FaaS systems and serverless computing.

Fundamentals, architectures and functional principles of modern operating systems: System Call Interfaces, Device Management, Process and Resource Management, Memory Management, File Management.C as a system programming language and introduction to kernel development.

The course focuses on the security of layers 1-4 of the standardized OSI model (Open Systems Interconnection Model) and focuses in particular on attack possibilities and the corresponding defense strategies. At the beginning, this involves a repetition of the basic mechanisms in computer networks such as addressing, address resolution, routing and packet filtering. Further course contents: Physical Security, Layer-2 Security, VoIP Security, Wireless Security, Firewalls, 802.1X, Spoofing, Denial of Service attacks, their defense and tracing. Another part of the course is the development of current security topics from network technology in small groups, their practical structure in the laboratory and the presentation of the results.

Project management approaches; phases in project management; overview of agile project management; leadership of project teams; use of relevant project management tools and methods; basics, methods and techniques in change management; phases of change; overview of organisational development; attitude issues in organisational development; intervention techniques; dealing with conflicts.

The course provides a basic overview of the topics of the degree program. Topics: Motivation of attackers, attack methods, information gathering, exploitation of weaknesses in software, WiFI security, security tools

The basics include the special architecture of iOS with specifics such as crypto hardware for secure boot. Building on concepts of app isolation, sandboxing, and inter-process communication. Creation of secure software with the programming language Swift (e.g. Concurrency Patterns) is the basis for the creation of iOS applications. The typical user-interaction design paradigms and the use of corresponding system and cloud APIs enable the implementation of SwiftUI apps using actuators and sensors. In addition to a good user experience, accessibility is also guaranteed.

Once the basics of secure software and its principles have been understood, this course is dedicated to the integration of security into software designs and architectures (“DevOps Lifecy”). The course begins with “Architectural and Security Patterns”, followed by “Service Oriented Architectures” and secure communication. An obligatory follow-up topic is “Access Control” (Authentication, Authorization) and session magamenent. Finally, “Continuouse Integration and Deployment” (CI/CD) accompanied by “Error Handling and Testing” round off the course.

The following topics are covered within the lecture: Application in example Internet Protocols (IPSec, SSL, TLS, SSH), Random Number Generators, Cryptographic Libraries & APIs for mobile Platform, Correct usage of cryptographic primitives in mobile solutions, Challenge/Response techniques, One Time Passwords, Elliptic Curves, Anonymity + Unlinkability. Additionally an introduction and overview of Quantum-Cryptography is provided.

Application scenarios for AI/ML in security-relevant practical issues are explained using concrete examples. The most important methods used, such as artificial neural networks and tree-based methods, are developed hands-on with the students so that the students themselves are able to handle similar application scenarios using AI/ML.

The course expands the basic knowledge in network security to include security for mobile devices and mobile infrastructures. Topics of the course are WLAN, WiMax, Bluetooth, NFC, etc. An introduction to mobile networks such as GSM, UMTS, LTE is followed by SSL, SSH and VPN technologies as the basis for a secure connection of distributed networks. VPN includes basics, authentication, implementation in OSI layers 2, 3, and 4. Furthermore, the course offers in-depth and core topics such as IPSec, “KeyManagement”, encryption, performance, availability, DDOS remedy, “Network Monitoring”, NIDS, algorithms for pattern recognition, “Honeypots/nets” and “Intrusion Prevention and Detection Systems”.

In the first part, typical attack patterns are analyzed and simulated in a laboratory environment. The focus is on the exploitation of programming errors and other typical weaknesses of software products (buffer overflows, SW exploitation, exploit development), mechanisms of operating systems to prevent exploits (ASLR, stack cookies, SafeSEH, DEP,..), reverse engineering. Another focus is the treatment of typical vulnerabilities and attack patterns of WEB applications and their avoidance. The course also focuses on the analysis of attack paths and protection mechanisms in Windows domain networks as well as Linux server environments. The third part of the course deals with the structured analysis of security problems and the procedure for penetration tests.

This course covers all important aspects of database security (DB Authentication, Application & Password Security, DB Authorization, Granular Access Control, DB2DB Communication, DB Encryption, DB Auditing). Storage and database systems in the field of big data are also examined on the basis of practical scenarios. In particular, however, the security aspects of these technologies as well as related best practices are discussed.

Overview of current data protection law with focus on the EU General Data Protection Regulation (principles, obligations), processing directory, information obligations, data security, data subject rights, transfer to third countries, etc.

Once the principles of secure software and services have been understood, this exercise consolidates knowledge with concrete implementation of web applications including infrastructure with backend.

In the course, complex attack scenarios of hackers are analyzed and simulated in a laboratory environment. The focus here is on the detection, analysis and design of defense methods against extensive, complex attack patterns. Topics: Malware analysis Code Analysis Reverse engineering Firmware Analysis Exploitation of race conditions Circumvention of protection mechanisms of the operating system: Bypass methods for ASLR, DEP, SafeSEH, SEHOP e.g. by ROP (Return Oriented Programming), Partial Overwriting of Memory Contents, HeapSpraying, etc. Circumvention of anti-virus protection mechanisms Attacks on cryptographic methods, secure/insecure methods Attacks on industrial control systems and their defense Attacks on WIndows Domain networks and their defense

Basic security principles of operating systems. Mandatory versus discretionary access control, security enhancements

The course is designed to provide students with hands-on experience in identifying, analyzing, and mitigating security risks and vulnerabilities in IT systems and mobile applications. The course focuses on hands-on project work that enables students to apply their knowledge and skills to real-world scenarios and develop effective security solutions.

This course teaches students about the basic principles of scientific work in the field of applied computer science. The course is intended to provide a well-founded introduction to the criteria of scientificness by focusing on the research area to be worked on. The course focuses on the following aspects: scientific writing style and basic principles of argumentation; Clear and concise academic writing skills in English; Formal design of scientific papers; Presentation of the research design, research questions and their formulations, topic search and limitation; Strategies of material procurement.

The students receive an overview of modern manifestations of computer crime on the basis of the Austrian Criminal Code, as well as any European norms that have to do with cybercrime in the broader sense. The criminal offences are explained and their context to everyday professional life is established on the basis of practical examples.

The aim of the lecture is to be able to represent and apply the following topics: Secure Systems Design, Attacks on embedded systems, Architectures integrated versus discrete secure systems, Trusted Execution Environments, Security Measures such as Trusted Boot, Secure Updates, Physical Uncloneable Functions, SW binding. Generation of random numbers, crypto accelerators, countermeasures in HW and SW, certification, ISO 7816

The aim of the lecture is to use different methods for the assessment of security in embedded systems. In particular, attack methods such as side channel analyses and fault analyses are considered. This is also taught practically in the exercise. Furthermore, security countermeasures and their implementation in SOCs will be discussed

Directory services and central authentication, monitoring of the IT infrastructure, Internet Protocol security (IPSec), central logging

Commission examination on selected subjects of the degree programme with cross-links to the Master’s thesis. The board examination is carried out in accordance with the requirements for final examinations of FH Master‘s degree programmes pursuant to FHG as amended.

Students work independently on a research topic and write their Master’s thesis. They are expected to use scientific research methods and demonstrate a high level of expertise in the respective field.

This course aims to demystify the writing process and teach the basics of effective scientific writing. Classes focus primarily on the process of writing. The course is presented in two parts: part (1) teaches students how to write effectively, concisely and clearly, and part (2) guides them through the preparation of their actual master’s thesis.

The increasing digitalisation of our (private, public, professional) spheres of action as well as the current progress in the field of artificial intelligence underline the importance of a socially desirable design of technologies and their contexts of application. The course offers an introduction to two central approaches to the analysis of technologies, of acting with (digital) technology and of technology-related conflicts and problems: The participants will be introduced to the basics of applied ethics and its development in specific field ethics (e.g. technology ethics, information ethics, business ethics) as well as to the perspectives of technology assessment (TA). In addition to systematic approaches to ethics and TA (and related approaches to “Science, Technology & Society” or “Responsible Research & Innovation”), the topic is developed through the discussion of case studies, group work and the presentation of exemplary studies.

The course deals with management systems for secure IT operations. Information Security Management Systems (ISMS) and Business Continuity Management Systems (BCM) are the core topics. Students gain an insight into the design, implementation, operation and ongoing development of the systems. Another focus is the establishment and operation of a SOC (Security Operation Center) and methods of incident response. Topics such as risk assessments and risk management as well as compliance requirements and the preparation of companies for ISO 27001 certification round off the topic.