This is a tentative plan and catalog of courses to be developed during the PROMIS project
Digital forensic is the process of detecting and investigating hacking attacks via properly extracted and analyzed evidence and artifacts to report the crime and prevent similar attacks in the future. The crime with computers and digital technologies in today’s cyber world is on the rise. Digital forensic techniques are being used by law enforcement agencies, police, government, and corporate entities around the world. The tools and techniques covered in the course will prepare the attendees to conduct digital forensic investigations using ground-breaking technologies.
The course aims to provide students with the skills of real-world threats analysis including phishing attacks, targeted attacks (APTs), cyber weapon, ransomware (cryptolockers) The analysis of such threats requires a special type of education focused on the analysis of modern threats and protection technologies. The course gives knowledge and practical skills in malware analysis for Windows and Android platforms (x86 and ARM). The students will obtain practical skills in reverse engineering, static and dynamic analysis of malware used in the real-life cyber attacks.
The small project course is an adaptable course of total 20ECTS* – where the students work in groups – and bring their own topic to work on. The students work in groups on a joint problem/challenge,and are supervised/mentored by one or several experts (depending on the needs of the project and topic). With benefit this course is the perfect example of case-based didactics. For example, let us say that a group of students taking the project course work for a company(ies) that want to introduce DevSecOps as a way to work in product development. This course can be used to start such a change/improvement initiative at the company. The student group can then do real change/improvement work at the company(ies) as the core of this project course, and get mentoring as they do it. The company/organization gets improvement/change done – the students get mentoring and learn a topic – and the students get formal higher level educational credits while doing it. The course can be seen as related to doing a thesis project at an external company/organization, but the focus is on studying a topic (like e.g. DevSecOps) in detail and applying it in a real-world context as part of the learning.
This course is divided into the following two parts. First, it covers security problems in Machine Learning (ML) systems, e.g., showing various types of attacks on ML systems in an applied fashion – adversarial ML. Secondly, available methods, tools and other safeguards that could be used against the different types of attacks are covered. The course includes both theoretical introductions to the different attack types and security-enhancing methods and tools, as well as more practical hands-on assignments in Python. After the course the student will have obtained basic knowledge about security-enhancing approaches, and how to use them in order to protect against various risks in ML systems and how to use ML to detect cyber attacks.
Organisations today produce a large amount of data. This course covers how to utilize that data for cybersecurity purposes. It covers topics such as how to acquire (e.g., through SIEM) and prepare security data, from collection and storage to management and analysis as well as visualization and presentation, predicting rouge behaviors, and correlate security events. How to use data science to understand and communicate security problems.
The digitalisation of society has introduced many threats that place new requirements on how software systems are developed to protect its users’ integrity and data. As a result, software security practices have become an essential part of software quality assurance. These practices are either reactive (test-driven) software security testing, integrated into the continuous integration pipeline, or proactive security design, placed upon development of security applications. In this course, consisting of four modules, we will explore the fundamentals of software testing tailored towards test-driven continuous software security assurance. In addition, we will discuss how to design secure software and how to perform risk-based software development. You will gain insights into the underlying theory of software security but also experiences through practical assignments that aim to test your understanding of the theory, its concepts, and tools.
This course is focused on how security as a field impacts and can be applied during the engineering of software products following continuous processes -especially agile and DevOps. The course aims to cover how to drive a secure agile and DevOps lifecycle with focus on the following components: • People: Enablement of agile teams for security through awareness, training and coaching • Processes: Introduction of security activities into agile and scaled agile development process such as Scrum or SAFe. Activities are based on relevant industry security standards • Technology: Description of security tools and technologies that can automate security activities in the agile & DevOps way of working, e.g.CI/CD Pipelines
According to the OWASP about 75% of vulnerabilities are actually applicationrelated. However, the consideration of security aspects during the various phases of software development is still in its infancy in many organizations and the potential of security by design to build high-quality software components is not exploited. Therefore, this course provides software project managers, product owners or software architects with knowledge and skills on how to successfully integrate and continuously improve security practices in traditional and agile development processes. It teaches how to assess and apply security practices in a risk-based way during the analysis, design, implementation, verification, and operation of software products, systems and services in all types of organizations.
The large project course is an adaptable course of total 30ECTS* – where the students work in groups – and bring their own topic to work on. The students work in groups on a joint problem/challenge, and are supervised/mentored by one or several experts (depending on the needs of the project and topic). With benefit this course is the perfect example of case-based didactics. For example, let us say that a group of students taking the project course work for a company(ies) that want to introduce DevSecOps as a way to work in product development. This course can be used to start such a change/improvement initiative at the company. The student group can then do real change/improvement work at the company(ies) as the core of this project course, and get mentoring as they do it. The company/organization gets improvement/change done – the students get mentoring and learn a topic – and the students get formal higher level educational credits while doing it. The course can be seen as related to doing a thesis project at an external company/organization, but the focus is on studying a topic (like e.g. DevSecOps) in detail and applying it in a real-world context as part of the learning.
This course is targeting software professionals who aim to improve the security of the applications and services they develop through the use ofcryptographic algorithms . The main focusof the course will be on how to address the main goals of information security, confidentiality, integrity, availability, authenticity and accountability (CIA++) from a practical perspective. The course will introduce specific frameworks that can be used to implement these features using different programming languages, such as C/C++, Python and Java. In addition, the course will highlight typical pitfalls related to the implementation of these security functions.
This course cover areas of legal and ethical implications of ethical hacking. It also introduces detection and exploitation of vulnerabilities in IT-infrastructure, including different reconnaissance techniques.
Knowing how well security measures work, or how protected an organisation or systems is, can be difficult to quantify. The course aims to answer questions such as: – How to measure security? – What can be measured? The course presents several security metrics and how they can be implemented and used as KPIs.
The course provides knowledge and skills needed for defending critical infrastructure against cyber attacks. The example if such attack is Blackenergy cyberattack on the Ukrainian electrical grid in 2015 by Sandworm group (Russian GRU). This course covers security in SCADA and cyberphysical systems (CPS) as well as the regulations and standards that are applicable that helps to ensure an audit trail.
This course covers Network security concepts, Security configuration of network devices, Authentication, authorization and accounting (AAA), Intrusion Detection Systems (IDS) and Intrusion Prevention System (IPS), Introduction to virtual private networks (VPNs), Security configuration of local area networks (LANs), Firewalls
Applied machine learning
There is an increasing concern from users regarding the use and leakage of their personal data. Moreover, compliance with privacy regulations is required by the government and privacy should be incorporated by design and by default when developing software-intensive products and services. Hence, privacy has become a top challenge in software development and good privacy measures can improve data security and promote quality.
The course presents advanced binary analysis topics such as binary instrumentation, dynamic taint analysis, and symbolic execution that can be usefullfor software enginersto perform security testing and vulnerability discovery as well as for malware analyst to reverse engineer malicious binaries.
The course addresses the following question: assume you have to trust a computer that provides a service that is valuable to you. Should you trust the computer and the service it runs, and then for what reasons? Will the computer and the service behave faithfully to the implementation specifications or are they compromised for the purpose of deceiving the users? How can an external party detect this sort of malicious behaviour?
The course provides the way that will help you to design secure architectures to meet security requirements through threat modeling, attack surface analysis, and risk assessment practices.
The course covers different aspects of securing OS and system services to provide the safe environment for running cloud-based services. The following guidelines will be considered during the course as well as pracTical implementation of Windows and Linux platforms hardening using scripts (e.g. PowerShell and Ansible) to provide automation.