• Course title: Information Security Basics
• Number of ECTS: 3
• Course code: MICS2-3
• Module(s): 1.1 Computer, Software, and System Security I
• Language: EN
• Mandatory: Yes

The objective of this course it to provide an introduction to information security

* explain the role of security protocols in the design of secure systems;
* use the standard building blocks for security protocols: nonces, symmetric and asymmetric encryption, hash functions;
* compare symmetric vs public key cryptography
* classify attacks by attack scenarios and by attack goals
* describe weaknesses of historical ciphers: substitution, transposition, WWII ciphers
* describe basic modes of operation of block ciphers: ECB, CBC, Counter mode
* describe the RSA public-key encryption scheme and the RSA signature scheme

The goal of this course is to provide basic background in Cryptography and IT security and to show what expertise in these areas is available in the laboratory of Algorithms, Cryptography and Security (LACS) and CSC. The topics cover symmetric and public key cryptography and security of protocols

67%: final exam. 

33%: homework.

• Course title: Research in Information Systems Engineering
• Number of ECTS: 4
• Course code: MICS2-69
• Module(s): 1.1 Computer, Software, and System Security I
• Language: EN
• Mandatory: No

1) Building a basic understanding on research and scientific methods in information systems engineering.
2) Providing an overview of the basic principles and research methods that are prevalent and relevant in the field of information systems engineering. This includes familiarising students with qualitative research methods, including interviews and coding strategies, quantitative research methods, including survey design and choice experiments, and formal methods, such as simulation and optimisation.
3) Developing skills in designing research studies that incorporate a mix of qualitative, quantitative, and formal methods.
4) Encouraging collaboration and interdisciplinary research projects within the field of information systems engineering.
5) Preparing students to pursue research in the field (e.g., in master projects, or a doctoral thesis).

Upon completion of the course, students will be able to apply their knowledge of research methods to address complex research questions nested within information systems engineering, thereby demonstrating their understanding of how to use qualitative, quantitative or formal methods.

The possible course outline is as follows:
1) Introduction 
2) Theory 101 
3) Sociotechnical Systems Theory 
4) Literature Reviews & Taxonomy Building
5) Design Science Research 
6) Case Study Research
7) Survey Research
8) Discrete Choice Experiments
9) Computational Methods
10) Natural Language Processing 
11) Economic Modeling
12) Time-Series Analysis and Forecasting 
13) Optimisation under Uncertainty
14) Simulation
15) Question & Answer Session

For each presentation there will be at least one “Coach” on post-doctoral level who guides the teams, mediates between Presenters and Challengers, and who assesses the individual participation.
Doctoral candidates can annually repeat the lecture and rotate through these roles, gaining experience and earning ECTS credits for their active participation and contributions to the learning process. The lecture is an effective learning environment only if doctoral students actively contribute to it. Therefore, contributions will be actively monitored by the Coach and during the presentation. Study credits will be granted accordingly:
1 ECTS:
– Presenter of new sessions
0.75 ECTS:
– Presenter of an updated session
0.5 ECTS:
– Supporter
0.25 ECTS:
– Challenger
– Discussant
1-year PhD students typically take the role of supporter for two lectures, the role of discussant for two lectures, and the role of challenger for two lectures. The roles you choose are mutually exclusive, meaning that you cannot be a supporter and/or challenger for the same lecture. 
In case a candidate stays below a total of 2 ECTS in contributions the course is considered failed.

• Course title: AI and Cybersecurity
• Number of ECTS: 5
• Course code: MA_ERAS_CYBERSECU_1-5
• Module(s): 1.1 Computer, Software, and System Security I
• Language: EN
• Mandatory: Yes

The objective of the course is to make the students familiar with the quality and security threats to AI systems, especially in light of  (European) regulations. The course generally introduces the students to the foundations of security attacks, but enables also the manipulation of the related concepts through experiments (via Jupyter notebooks). The covered topics include: evasion attacks on computer vision, tabular data, NLP models; poisoning attacks; privacy concerns and threats; distribution drifts, presentation attacks on biometric systems, vulnerabilities in AI-based malware detectors, certifiable robustness, detection of generated content, regulation and auditing, etc. The course sessions will feature ex-cathedra presentations from the teaching team and external speakers, focused discussions, hands-on exercises, expert panels, paper reading and presentation by the students.

Students understand the security concerns that AI system raised and the limitations of using AI systems for cybersecurity. Students can experiment on specific security attacks and defenses through the use of established Python libraries. Students can read advanced scientific papers and reproduce previous experiments. Students can have some understanding of the meaning and implications of regulations related to AI systems and their security.

 

 

 

– Intro to machine learning security and offensive AI / Basic tool setup
– Evasion attacks on computer vision systems, white-box and black-box threat models, transferability
– Malware detection using AI and its pitfalls / Introduction to the end of year project
– Dense task security with application to healthcare and autonomous driving
– Tabular attacks in constrained domains, with application to financial systems
– Attacks on NLP model / Escape game
– Privacy of AI systems / Detection of generated content- Distribution drifts
– Poisoning attacks
– Attacks on biometrics systems
– Certified robustness
– Regulations and auditing

 

 

Combined assessment based on: 

Presentation 50% .
Assessment criteria: clarity of the presentation, quality of answers, depth of investigation, replicability of tooled artefacts

Active participation 50% .
Assessment criteria:
  attendance, completion of in-class exercise, participation in discussions

Student’s Laptop is required for this course

• Course title: Human Centered Security Design
• Number of ECTS: 3
• Course code: MCYSD-19
• Module(s): 1.2 Cybersecurity Systems, Risks, and Threats
• Language: EN
• Mandatory: Yes

Provide an overview of the fundamental principles of Human-Computer Interaction and its role in designing secure interactive systems.

Introduce the landscape of user-centered methodologies and methods.

Present the practical steps for applying these methodologies in real-world academic and organizational security-related scenarios.

After successfully finishing the course, students will be able to:

Understand the fundamental principles of Human-Computer Interaction and its role in designing secure interactive systems, including approaches to user-centered design (humanity-centered design, value-sensitive design, etc.).

Recognize the ethical and societal implications of design, including the impact on privacy and security.

Motivate the need for user studies in academic and organizational settings, effectively communicating their importance to management and decision-makers.

Practically apply user-centered design methodologies in their work.

Evaluate security-related interface instances through various user evaluation methods.

Conduct a user-centered design process that is integrated into a project.

According to the study by Stanford and Tessian, nearly 88% of security breaches occur due to human error. At the same time, users are considered an organization’s last line of defence against malicious agents. Both of these points require an understanding of how people in the organization interact with security mechanisms and how to reduce human error to make these mechanisms more usable. The goal of the course is to introduce the concept of user-centred design and explore different approaches and methods to incorporate users’ insights into secure system design.This helps create security measures that users can adopt without conflicting with their daily tasks and work priorities. Students will receive knowledge about the core principles of user-centred design, including ethical and value-based design considerations, as well as the behavioural and cognitive aspects of users that should be taken into account when introducing privacy and security-oriented measures. Students will also practice research processes from UX design and social sciences, such as study planning, user sampling, qualitative and quantitative data collection and analysis, with methods like interviews, questionnaires, prototyping, and user testing.  By the end of the course, students will be capable of collecting and analyzing users’ requirements and implementing them in their everyday work within the organization or while working on security projects with intensive user involvement.

100% presentation

• Course title: Intelligence Structured Analysis Techniques
• Number of ECTS: 3
• Course code: MCYSD-16
• Module(s): 1.2 Cybersecurity Systems, Risks, and Threats
• Language: EN
• Mandatory: Yes

The student will acquire basic knowledge of the following subjects:- critical thinking- process of thinking in analysis; – argumentation and fallacies; – cognitive bias in security. Besides, the student will be introduced to:- human factors in security design – social engineering attacks that take advantage of human factors – (phishing, on-line deception, and fake news) – be open-source intelligence methods and sources- intelligence analysis techniques

After having taken this course, students will – avoid bias in reasoning- cope with uncertainty in intelligence analysis- be aware of the human limitations and idiosyncrasies in security – comprehend human factors in security – understand the principle of social engineering attacks- know open-source intelligence tools and methods- familiarize with intelligence analysis techniques

1. Introduction to the course 
2. Critical thinking and biases
3. Argumentation and fallacies
4. Human factors in Cybersecurity, Human error, & situational awareness
5. Human Factors and HCI analysis methods
6. Human Factors in Cybersecurity: Disinformation (use case)
7. Human Factors in Cybersecurity: Phishing (use case)
8. Introduction to Intelligence Analysis
9. Open-source intelligence
10. Threat intelligence and Cybercrime
11. Cybercrime, privacy, intelligence, and analysis.

40% assignements + 60% final presentation and questions

Retake exam: 100%

• Course title: Introduction to Cybersecurity
• Number of ECTS: 4
• Course code: MCYSD-14
• Module(s): 1.2 Cybersecurity Systems, Risks, and Threats
• Language: EN
• Mandatory: Yes

1. 
   Develop foundational knowledge of cybersecurity principles and attack practices. Equip students with an understanding of core cybersecurity concepts, threats, technologies, and processes including security engineering, threat modelling, security testing, incident response and forensics.
   


2. 
   Apply strategies for protecting and responding to cyber risks. Enable students to analyze threat models and attack techniques, evaluate security measures across diverse environments, and understand the requirements for effective incident preparation and response.
   


3. 
   Understand the broader context of cybersecurity – Foster awareness of the technical, organizational, human, legal, and ethical dimensions of cybersecurity, and integrate theory with practice through real-world case studies and incident analyses.
   

By completing this course, students will develop a broad understanding
of the core concepts, architectures, technologies, and practices in
cybersecurity. They will know the motivations of threat actors, understand their
attack techniques, and have a basic knowledge how to engineer secure systems. The
course will also equip students with the knowledge to prepare for and respond
effectively to cyber threats. Beyond the technical aspects, students will
develop an appreciation of the organizational, legal, ethical, and human 
factors that influence cybersecurity, and will be able to link
theoretical knowledge to practical contexts through case studies and incident
analyses

The possible course outline is as follows:

1. Cybersecurity landscape and historical context
2. Attack frameworks and adversarial tactics
3. Threat modeling, governance and risk management
4. Security architectures and zero trust models
5. Security engineering foundations I (crypto, identity, access, and authentication)
6. Security engineering foundations II (network, wireless, IoT and cyberphysical security)
7. Security engineering foundations III (Hardware and OS security)
8. Security engineering foundations IV (Email, web and application security)
9. Security testing and vulnerability research
10. Intrusion detection, incident response, and threat intelligence
11. Digital forensics (memory, storage and network)
12. Human, legal and ethical dimensions
13. Emerging trends and research frontiers
14. Case studies

  Oral exam 80%

  Take-home assignment 20 %

RETAKE : oral 100%

• Course title: Data Visualization
• Number of ECTS: 2
• Course code: MCYSD-17
• Module(s): 1.3 Design and Analysis Methods in Cybersecurity
• Language: EN
• Mandatory: Yes

• Course title: Programming Fundamentals
• Number of ECTS: 3
• Course code: MCYSD-18
• Module(s): 1.3 Design and Analysis Methods in Cybersecurity
• Language: EN
• Mandatory: Yes

• Course title: Mathematics Foundation for Cybersecurity
• Number of ECTS: 3
• Course code: MCYSD-20
• Module(s): 1.3 Design and Analysis Methods in Cybersecurity
• Language: EN
• Mandatory: Yes

• Course title: Principles of Security Engineering
• Number of ECTS: 5
• Course code: MICS2-24
• Module(s): 2.1 Cybersecurity Engineering
• Language: EN
• Mandatory: No

This course aims at teaching students the fundamental principles of engineering secure systems.More specifically the goals are:
– to give a broad understanding of how secure systems are designed and evaluated.
– to explain key security concepts and mechanisms as well as pitfalls.
– to describe how systems are attacked and defended: typical threats, vulnerabilities and counter-measures.
– to take a “system-based” approach, i.e. to take account of the whole system rather than just the technical, e.g. crypto algorithms and protocols

* Evaluate security systems and identify their vulnerabilities
* Propose countermeasures to vulnerabilities and attacks
* Evaluate security requirements

Intro (concepts, principles)
Policies and models (access control etc)
Information flow (enforceable policies)
Socio-technical aspects.
Physical security, locks, tamper resistance/evidence
Copyright, DRM, watermarking.
Privacy (Jonker)
Network security (malware, phishing, botnets…)
Security evaluation and testing
Advanced Protocols (PAKE, QKD, ZK, OT, …)
Misc topics (API, TCM, attack trees, game theory, ECC, MDD,…)
Secure voting systems

The course will be evaluated based on a report (50%) and presentation (50%) at the end of the course

• Course title: Security of Mobiles
• Number of ECTS: 4
• Course code: MCYSD-4
• Module(s): 2.1 Cybersecurity Engineering
• Language: EN
• Mandatory: Yes

This course provides students with an overview of the security aspects in mobiles, with a particular focus on the Android ecosystem. Students will explore state-of-the-art literature on mobile security, examine recent attacks and malicious code, and study both static and dynamic evasion techniques employed by adversaries. The course also delves into defense mechanisms, including reverse engineering, static and dynamic analysis techniques, and the application of AI techniques. 

Through a combination of lectures, case studies, and hands-on projects, students will gain the skills necessary to analyze, detect, and mitigate security threats in mobile devices

50% Written Exam ; 20% Active Participation; 30% Take-home assignment

Written Exam
: Assess students’ comprehensive understanding of the course material, measure their ability to integrate and apply knowledge, and evaluate their skill proficiency. Assessment rules: 2h00 written exam. No computer. Format: questions on the course materials/content. No material allowed. 
Assessment criteria: Application of knowledge acquired during the course. Critical thinking about open questions.

 

Active Participation : Encourage students’ participation and concentration. Make brainstorming sessions and discussions about latest findings in the literature active.

Take-home assignment:
 
Apply and reinforce course concepts by analyzing practical mobile security challenges. 

 

• Course title: Focused Activities I
• Number of ECTS: 3
• Course code: MCYSD-10
• Module(s): 2.2 Focused Activities I
• Language: EN
• Mandatory: No

The students will have insights on a series of up-to-date subjects related to cybersecurity and cyber defence practices and activities. This may include a revision, or different perspective of topics addressed in some other course, and/or hands-on exercises under the guidance of experts which will complete the student’s preparation. 
Thus, the student will acquire improved analytical skills, a broader understanding of the multi-faceted nature of cybersecurity, and operational skills.

 

 

When and where requested, students will be assigned to work on texts or subjects that deepen, sometimes, or broaden, some others, topics relevant to building knowledge in cybersecurity. 
The selection of these texts or subjects will be made available time by time the lectures are delivered, but generally, the student will be asked and reflect on the texts or subjects guided by questions discussed in class. 

100% Presentation of the final project deepening on some of the topics presented during the cours. 

Towards the end of the semester, the student will be asked to develop a small research project, delving deeper into one of the key themes covered in the course. 

This project will be developed in stages: a) abstract and choice of the topic; b) written work; and c) oral presentation with discussion.

 

• Course title: Software Vulnerabilities: Exploitation and Mitigation
• Number of ECTS: 5
• Course code: MICS2-44
• Module(s): 2.3 Computer, Software, and System Security II
• Language: EN
• Mandatory: No

Through this course students will understand software vulnerabilities from memory corruptions to command injections.
Both the defensive and offensive aspects will be studied: students will learn how to mitigate, find aNd exploit software vulnerabilities.

* Students should be able to critically read publications related to software vulnerabilities (research paper, etc.)
* Students should be able to identify vulnerable code and write robust code preventing vulnerabilities from being introduced in the code.
* Students should be able to exploit simple known vulnerabilities.

Our lives and our societies rely on computer programs (software).
Every day, we use devices running software written in millions of lines of code because it makes our lives easier.
However, the complexity and the size of existing software, added to the fact that humans write most of the software,
introduce bugs.
Some of these bugs, called vulnerabilities, can be exploited by an attacker to compromise a device or leak information.
Have you ever wondered how programmers make their code more robust to avoid introducing vulnerabilities?
Have you ever wondered how attackers can find vulnerabilities and exploit them to take control of a remote device on
the Internet or of your smartphone?
Have you ever wondered how attacker can dump an entire database containing personal information about millions of
users?
In this course, you will learn both how to defend against vulnerabilities and how to exploit vulnerabilities.
This course covers memory corruption vulnerabilities such as buffer or heap overflow, type confusion, or use after free.
It also covers more high level vulnerabilities such as SQL injection or confused deputy.

The course will mix theory and practice.
On the offensive side, you will implement simple programs to exploit vulnerabilities.
On the defensive side, you will correct vulnerable programs to prevent exploitation but also learn how to use techniques such as fuzzing to find new vulnerabilities.

Each student will get three grades: one for the assignments (labs), one for a project, and one for the exam(s).
The final grade is obtained by using the following weights:
50% assignments (labs)
20% for a project
30% for exam(s)
However, in order to pass, the student needs to get at least 7 out of 20 for the exam(s).
If the student gets less than 7 out of 20 for the exam(s), the final grade will be computed as follows:
50%(assignment grade /2) + 20%(project grade /2) + 30% exam grade
 
If a student fails, the student can keep his/her grades related to the assignments and projects.
Only attending the exam(s) is mandatory.
Once the exam(s) is completed, the final grade is obtained by following the same weights as presented above (i.e., 50% assignments (labs), 20% for a project, 30% for exam(s))
Again, getting at least 7 out of 20 for the exam(s) is mandatory.

• Course title: Microkernel Based Systems
• Number of ECTS: 5
• Course code: MICS2-57
• Module(s): 2.3 Computer, Software, and System Security II
• Language: EN
• Mandatory: No

The main framework is a series of lectures with assignments
in the form of a combination of reading assignments and practical exercises
leveraging a virtualization environment, such as QEMU, and a state-of-the-art
microkernel-based system (e.g., L4.RE).
The course will introduce the C / C++ / Assembly level programming skills
that are necessary to implement system calls and to interact with devices and
the processor hardware.

Understand advanced operating system techniques and their role in fault
containment, vulnerability mitigation and the construction of trusted systems
from untrusted components
Construct trustworthy systems with the help of virtualization techniques and
trusted execution environments
Gain practical experience programming at kernel level

This course gives an overview on microkernel construction and on the
fundamental design principles for constructing microkernel and
microhypervisor-based systems. The course covers advanced operating
system topics, such as device pass through in virtual machines, trusted
execution, etc., and serves as a deep dive into system-level techniques to
security and reliability. It prepares to pursuing research in resilient operating
systems or a related field (e.g., master projects or PhD theses).

Review of the evolution of Microkernels-/Hypervisors and Microkernel-based
Systems
Foundations of Microkernel-Based Systems
Kernel Mechanisms and Abstractions
Architecting, Constructing and Programming Microkernels
Verification of Microkernel-Based Systems
Resilience Aspects at Application and Microkernel Level
Introduction to Systems Programming in C / C++

Assignments: 40 %, Final Exam 60 %

• Course title: Designing Data Vizualisation
• Number of ECTS: 3
• Course code: MCYSD-5
• Module(s): 2.4 Data Processing and Communication
• Language: EN
• Mandatory: No

– Introduce students to data visualization and related theories and frameworks (e.g., human visual perception).
– Discuss real-world case studies that highlight effective and ineffective data visualization practices.
– Develop students’ ability to analyze and critique data visualizations using specific evaluation criteria.
– Provide hands-on opportunities to iteratively design and refine visual representations of data

By the end of this course, students will be able to:
– Identify and apply fundamental principles of effective data visualization, including visual encoding, color theory, and perceptual psychology.
– Critique existing visualizations, identifying strengths and weaknesses based on best practices and audience needs.
– Design visualizations that effectively communicate complex data insights while maintaining clarity and accessibility.
– Tailor visual representations to different audiences and contexts, optimizing for engagement and decision-making.

This course explores the principles and strategies for designing effective data visualizations that communicate insights clearly and efficiently to a targeted audience. Through lectures, discussions, and hands-on exercises, students will develop an understanding of how design choices impact perception, comprehension, and engagement. Emphasizing design thinking, critique, and evaluation, this course will equip students with the skills to assess and improve visual representations of data. While technical implementation will be briefly covered, the primary focus is on conceptualizing and refining visualizations to maximize their impact in decision-making contexts.

100% written exam 

• Course title: Science Communication
• Number of ECTS: 3
• Course code: MCYSD-6
• Module(s): 2.4 Data Processing and Communication
• Language: EN
• Mandatory: Yes

Understand different contexts of science communication and be capable of delivering outstanding presentations in each case

You will learn all aspects of preparing a scientific presentation and preparing yourself for delivering it, and you will understand the communication contexts of of oral and poster conference presentations, project and company pitches, and job interviews.

Please see detailed syllabus in Moodle.

Active Participation 100%

Objectives: You will prepare for performances at each meeting.
Assessment rules: Evaluation by instructor
Assessment criteria: 75% for adherence to instructions and 25% for quality of performance.

• Course title: Algorithms for Numbers and Public-Key Cryptography
• Number of ECTS: 5
• Course code: MICS2-14
• Module(s): 2.5 PROFILE : Information security and analysis – Cryptography
• Language: EN
• Mandatory: No

The objective of this course it to provide an introduction to algorithms for numbers and their use in public-key cryptography.

* describe the basic algorithms for numbers: gcd, CRT, modular exponentiation, primality tests.
* list some basic properties of numbers: modular computation, Euler function, generators of multiplicative groups.
* explain the RSA algorithm for public-key encryption and signature.
* explain basic security proofs for public-key encryption and signature.

* basic basic algorithms for numbers: gcd, CRT, modular
exponentiation, primality tests, etc.
* the RSA algorithm for public-key encryption and signature.
* main security notions for encryption and signature.
* basic security proofs for public-key encryption and signature.

The final grade is based on homework only.

• Course title: Symmetric Key Cryptography and Security of Communications
• Number of ECTS: 5
• Course code: MICS2-12
• Module(s): 2.5 PROFILE : Information security and analysis – Cryptography
• Language: EN
• Mandatory: No

Introduction to symmetric cryptography and applied cryptography: the students will learn design and analysis principles for symmetric crypto primitives (ciphers, hash functions, MACs). They will be also introduced to the aspects of practical application of cryptography

* evaluate effects of cryptanalysis, side-channel attacks and traffic analysis on cryptographic primitives
* understand hardware and software implementation issues for cryptographic primitives
* understand the usage of cryptography on the blockchain
* apply differential power analysis (DPA) to smartcard implementations of ciphers

The goal of the first half of this course is to introduce students to symmetric key cryptography, showing how ciphers and hash functions are designed and cryptanalyzed. We will start with some historical examples (M-209, Enigma) and then follow to the present day standards (DES, AES, SHA, GSM-A5, RC4, Bluetooth-E0). In the second half of the course we will discuss broader applied cryptography and network security topics such as crypto-hacking, cryptography on the blockchain and side-channel attacks.

The grade for this class will be an average of the homework assignments given every week. Assignments are to be solved individually. There will be no final exam

• Course title: Cybersecurity Risk Management
• Number of ECTS: 2
• Course code: MCYSD-9
• Module(s): 2.5 PROFILE : Policies, compliance and defence – Cyber Defence and Cyber Policies
• Language: EN
• Mandatory: No

Equip students with practical skills in cybersecurity risk management using NIST and EU frameworks (NIS2, DORA, etc), focusing on real-world case studies, risk assessment, and mitigation strategies

– Apply NIST and EU risk management frameworks to assess cybersecurity risks. 
– Utilize tools to analysis and monitor cybersecurity risks.
– Develop and propose effective risk mitigation strategies.
– Defend risk assessments and mitigation plans in a professional setting.

The course covers cybersecurity risk management principles using NIST’s Risk Management Framework and EU equivalents (NIS2, DORA, etc).  Through hands-on use cases, students assess risks, utilize tools to analysis and monitor cybersecurity risks, and propose mitigation strategies. Key topics include risk identification, threat landscapes, applying frameworks in organizational contexts, and effective communication of risk plans. Group projects on real-world scenarios enhance analytical and presentation skills. The course also addresses regulatory compliance and ethical considerations. By engaging with case studies and practical exercises, students prepare to tackle real-world cybersecurity challenges effectively.

50% Individual Case Study Assessment: students independently analyze a cybersecurity risk scenario and propose mitigation strategies. Grades reflect the quality of assessments, mitigations, and presentation effectiveness.

50 % Team Project and Presentation : Teams assess risks for real-world scenarios, develop mitigation plans, and defend their strategies through a group presentation. Assessment criteria: Depth of analysis, effectiveness of proposed mitigations, teamwork, and presentation skills

• Course title: Cybersecurity Tool for Threat Intelligence and Forensics
• Number of ECTS: 5
• Course code: MCYSD-7
• Module(s): 2.5 PROFILE : Policies, compliance and defence – Cyber Defence and Cyber Policies
• Language: EN
• Mandatory: No

Gain proficiency in using open-source platforms and frameworks (such as MISP, AIL, Flowintel, Kunai) for cyber-threat intelligence (CTI) and digital forensics.
Develop a solid workflow for threat information sharing, automation, and structured analysis to improve incident response.
Understand the forensic process on both Windows and Linux: evidence collection, analysis, and sandboxing or triaging of malware.
Learn to plan a cyber-threat intelligence strategy, set intelligence requirements, and incorporate best practices for data sharing and analysis.

Upon successful completion of this course, students will be able to:
Apply MISP for threat data sharing, enrichment, and automation, demonstrating familiarity with MISP’s data model and APIs.
Design and execute a simple CTI plan by identifying intelligence requirements, aligning them with organizational objectives, and leveraging intelligence frameworks.
Implement open-source frameworks (AIL) to crawl, index, and analyze data sources, extracting actionable threat intelligence.
Perform Windows-based forensic investigations, including evidence collection and case management using Flowintel or similar tools.
Investigate Linux malware in a sandboxed environment (Kunai), identifying malicious behavior, indicators of compromise (IoCs), and correlation with threat intelligence feeds.
Collaborate with peers to share artifacts, advisories, and best practices in an operational threat intelligence environment.

This course offers a practical and hands-on overview of key open-source tools and frameworks used in threat intelligence and digital forensics. The topics include MISP for threat sharing and automation, cyber-threat intelligence planning and best practices, the AIL framework for information extraction and analytics, as well as forensic analysis on both Windows and Linux platforms using open-source or freely available tools such as Flowintel and Kunai. By the end of the course, students will have developed the skills to collect, analyze, and share threat information effectively, to perform forensic investigations across multiple operating systems, and contribute to open source projects

100% project 

Objectives: Integrate multiple course components into a cohesive threat intelligence or forensic investigation scenario (e.g., analyzing a malware sample, documenting IoCs, feeding them into MISP, presenting findings).

Assessment rules: Individual or small-group project. Must produce a written report and a companion github repository holding materials and scripts produced in the frame of the project.

Assessment criteria:

Completeness of the investigation steps
Correct usage of relevant tools (MISP, AIL, etc.)
Quality of threat intelligence correlation
Clarity and professionalism of the final report.

• Course title: Cyber Policy
• Number of ECTS: 3
• Course code: MCYSD-8
• Module(s): 2.5 PROFILE : Policies, compliance and defence – Cyber Defence and Cyber Policies
• Language: EN
• Mandatory: No

The main topics covered in the course are: understanding cyber threats; EU Cybersecurity Law (NIS 2 Directive, Cybersecurity Act, Cyber Resilience Act, DORA); Cybersecurity and Data Protection law; Cybersecurity and AI; EU 
bodies and agencies involved in cybersecurity; cyber defense; the right to cybersecurity.

 

As per the course objectives, by the end of the course it is expected for the students to have a foundational comprehension of the legal framework established to regulate cybersecurity at the national, European and 
international level. They will have an in-depth understanding of the key 
legislative instruments that regulate cybersecurity and the different policy 
considerations that have shaped EU cyber policy.

This course aims to provide an overview of the key legal instruments primarily at EU level, as well as at the international and national (Luxembourgish) level, that regulate cybersecurity

100 % oral exam

 

The objective of the oral exam is to ensure that the students have a solid understanding of the key elements covered in the course, which they can communicate to the examiner in a direct and concise manner with the ability for a nuanced response whereby the student can explain and clarify their thoughts.

The oral exam will enable the students to demonstrate a holistic understanding of the materials covered during the lectures.

Students will be provided with a list of questions to prepare from.

The assessment will be based on the quality and thoroughness of the answers given during the oral exam

• Course title: Emerging Technologies in Society
• Number of ECTS: 4
• Course code: MICS2-72
• Module(s): 3.1 Interdisciplinary Cybersecurity
• Language: EN
• Mandatory: Yes

1) Explore key application areas of emerging technologies such as  healthcare, recommendation systems, and democratic governance. 

2) Examine the principles of agentic AI, hybrid intelligence, Explainable AI highlighting the evolving relationship between human and machine decision-making.

3) Critically evaluate the societal and ethical dimensions of advanced technologies, including issues related to bias, surveillance, and misinformation.

4) Prepare students to engage in advanced research or professional work related to the societal impact of emerging technologies.

Upon completion of the course, students will be able to apply their understanding of emerging technologies—such as machine learning, deep learning, natural language processing, and generative AI—to critically evaluate their impact on society, design context-sensitive technological solutions, and engage in responsible innovation. They will be equipped to analyze the societal, ethical, and operational implications of AI applications in areas such as healthcare, democratic governance, and personalization systems, while also recognizing the importance of explainability, human centered design, and risk mitigation in the deployment of advanced intelligent systems. 

1) Introduction (Afshin)
2) Fundamentals of ML, DL and NLP in Information System (Afshin)
3) The rise of GenAI/LLM in Information System (Afshin)
4) Optimizing LLMs for domain specific intelligence via fine tuning (Afshin)
5) Agentic AI (Igor)
6) Human – AI interaction (cooperation, collaboration): the need of human in the loop (Igor) 
7) Hybrid Intelligence: the need to empower humans (Igor)
8) Explainable AI: the need of human to understand the AI-driven decision-making (Igor) 
9) Applications of Emerging Technologies in health (Afshin)
10) Applications of Emerging Technologies in recommender systems (Igor)
11) Applications of Emerging Technologies in democracy and public governance (Igor) 
12) Data and ethical considerations of Emerging Technologies (Afshin)
13) Dark side of Emerging Technologies (Gilbert Fridgen, Afshin KHADANKISHANDI, Igor Tchappi)
14) Q&A (all)

Written exam

• Course title: Open Network Security
• Number of ECTS: 4
• Course code: MICS-41
• Module(s): 3.2 Network Communication Security
• Language: EN
• Mandatory: Yes

The goal of this course is to introduce challenges in securing computer systems and networks. The curse covers the foundations of system and network security. It introduces basic security and privacy concepts as building blocks for later specialization.

* Master the epidemiological models for malware propagation and network-centric attacks
* Assess the security of networks and software systems.
* Explain the techniques for worm containment and detection.
* List statistical and machine learning approaches for network traffic monitoring

In the scope of this course, we explore the following topics:
Introduction and general concepts.
Definitions, security goals, attacker models.
Symmetric encryption.
Integrity protection.
Asymmetric encryption.
Certificates and public key infrastructure (PKI).
Authentication and key agreement.
Kerberos.
Security protocols (IPSec, DNSSec, Kerberos, SSH, TLS, etc.).
Spam, botnets, phishing.
Anonymity and privacy.
Machine learning and intrusion detection.
Wireless security.

Final exam, active participation in exercises, practical assignments and presentation.

• Course title: Quantum Communication Infrastructure Fundamentals (elective course)
• Number of ECTS: 3
• Course code: F1_MAINTERSPACE-59
• Module(s): 3.2 Network Communication Security
• Language: EN
• Mandatory: No

​​This course is designed to familiarize the attendees with the framework of quantum communication systems.
The course begins with a historical review of events that led to the development of quantum mechanics, before moving to the introduction of quantum states and their properties.
Later part of the course introduces fundamental protocols of quantum communications, tools of quantum information theory, and basic treatment of noise in quantum systems.
The final part of the course introduces quantum cryptography techniques, including quantum key distribution protocols, their implementations, and their analyses.​ 

​​At the end of this course, students will be able to:
– precisely define quantum states and explain their properties
– design quantum circuits and perform calculation for fundamental quantum communication protocols
– model the effect of interactions with environment in open quantum systems
– analyze quantum noise in quantum communication systems and explain its effects
– describe basic quantum key distribution protocols and identify their potential use in the real-world scenarios.​ 

Continuous assessment: Take-Home assignment 60% Presentation 40%

• Course title: Focused Activities II
• Number of ECTS: 2
• Course code: MCYSD-11
• Module(s): 3.3 Focused Activities II
• Language: EN
• Mandatory: Yes

The students will have insights on a series of up-to-date subjects related to cybersecurity and cyber defence practices and activities. This may include a revision, or different perspective of topics addressed in some other course, and/or hands-on exercises under the guidance of experts which will complete the student’s preparation.
Thus, the student will acquire improved analytical skills, a broader understanding of the multi-faceted nature of cybersecurity, and operational skills.

When and where requested, students will be assigned to work on texts or subjects that deepen, sometimes, or broaden, some others, topics relevant to building knowledge in cybersecurity.

The selection of these texts or subjects will be made available time by time the lectures are delivered, but generally, the student will be askedand reflect on the texts or subjects guided by questions discussed in class.

Towards the end of the semester, the student will be asked to develop a small research project, delving deeper into some of the key themes covered in the course.

This project will be developed in stages: a) abstract and choice of the topic; b) written work; and c) oral presentation with discussion.

A general discussion will follow each presentation.

Evaluation

The student will be evaluated on a) quality of a report (students are asked to review their understanding of the topics) and quality of an assignment given the teacher (where students deepen a subject), and b) an oral presentation of the report. 

Evaluation Criteria

• 100% written report and oral presentation

• Course title: 3.1 Information Security Management System – ISMS (Systèmes de Management de la Sécurité de l'Information – SMSI)
• Number of ECTS: 2
• Course code: MPMSSI-49
• Module(s): 3.4 Cybersecurity System Analysis
• Language: EN
• Mandatory: No

• To understand ISO/IEC 27001, its structure and its requirements


• To have the same interpretation of the requirements and “speak the same language”


• To have a first view on “how” to comply with the different requirements


• To be able to define an action plan towards compliance

• The ISO/IEC 27001 standard 

o   Overview of the standard

• ISMS establishment and management 

o   Definition of an ISMS establishment and management project

• Context and objectives
• Document management
• Leadership 

o   Commitment, policy and roles & responsibilities

• Performance evaluation

o   Indicators, internal audit and management review

• Improvement

o   Nonconformity and corrective action and incident management

• Risk management

o   Risk assessment
o   Risk treatment

• Information security policy(ies) and procedures
• Conclusions and work plan

Task 1: Written exam based on a MCQ and open questions (100%)

Grading scheme: 20 points (0-20)
Objectives: Prove that the standard and its interpretation have been understood and that the student is able to draw an implementation plan to comply with ISO/IEC 27001.
Assessment rules: Students will work on their own.
Assessment criteria: The correctness of solutions to assigned questions.

Slideshow in a PDF file
ISO/IEC 27001. Information technology – Security techniques – Information security management systems – Requirements. International Organization for Standardization, Geneva, 2005.

• Course title: Security of Databases
• Number of ECTS: 3
• Course code: MA_ERAS_CYBERSECU_1-15
• Module(s): 3.4 Cybersecurity System Analysis
• Language: EN
• Mandatory: No

At the end of this course, students will be familiar with database security risks, exploitation, and mitigations. The assignments will provide students with hands-on experience in securing database systems, preparing them for real-world scenarios in database administration and security

 

 

This course aims to familiarize students with database security 

In this course, Database Security risks and mitigations will be discussed in theory and implemented during practical assignments. This course will start with an introduction to common DBMS with an emphasis on server-side implementation (back-end) and the provided user application (front-end) and exploring their vulnerabilities followed by database security best practices. The course will include the following topics but is not limited to: Database Access Controls, Database Authentication, Data encryption on the server-side and in transit, Auditing and Monitoring, and attacks such as SQL injections, inference, and privilege escalation.

80% final exam, 20% project + presentation

RETAKE exam: 100%

• Course title: Selected Topics in Network and System Security
• Number of ECTS: 4
• Course code: MICS-COMMSYST-025
• Module(s): 3.4 Cybersecurity System Analysis
• Language: EN
• Mandatory: No

The objective of this course is an elaborated, active understanding of distributed vs. centralized communication security and privacy concepts and their application to cooperative environments. The course creates links between the fundamental concepts and applied scenarios with references to ongoing research activities within the SECAN-Lab research group.

* Describe existing concepts to set-up centralized and distributed secure communication systems and protocols.
* Name and reproduce definitions for quantitative parameters linked to anonymity, privacy and reputation systems
* Analyze and compare existing privacy-enabled systems for cooperative and non-cooperative environments
* Construct, adapt and assess real world communication architectures and protocols for a distributed cooperative communication problem

This course will provide an overview of the topic of security and privacy in computer networks. Concrete topics and application scenarios can vary depending on the particular focus of the methods discussed.
Typically, the methods of SECAN-Lab involve data analytics for network management, software defined networking, machine learning, algebraic graph transformation, symbolic execution, device and network fingerprinting, deterministic and probabilistic medium access control, routing strategies applied to scenarios around vehicular communications, network management and forensics, cybersecurity, anonymity and privacy, financial technologies and others.

70% Final exam
30% Assignments (presentation, written summary and practical results)

• Course title: Security of Software defined networking
• Number of ECTS: 3
• Course code: MA_ERAS_CYBERSECU_1-7
• Module(s): 3.4 Cybersecurity System Analysis
• Language: EN
• Mandatory: No

Familiarise with the intersection of cybersecurity and software-defined networking
Grasp the foundational concepts of software-defined networking. – Comprehend the distinction between the data plane and the control plane in SDN.
Delve into SDN programming methodologies and techniques.
Explore the diverse applications and use cases of software-defined networks.
Recognize and assess the vulnerabilities and potential threats inherent to SDN.
Implement strategies and measures to safeguard the SDN infrastructure
Explore the security advantages of adopting SDN in modern network architectures.

Articulate the key components of SDN and their respective functions.
Compare and contrast SDN security approaches with traditional network security methodologies.
Illustrate the relevance and deployment of SDN in contemporary networking contexts.
Evaluate the inherent security features and vulnerabilities of software-defined networking.
Demonstrate proficiency in identifying and addressing SDN-specific security challenges.
Critically analyse potential threats of SDN security and recommend preventative measures to ensure data integrity.

This course offers a comprehensive introduction and a small dive into the subject, structured over a semester with a blend of lectures, labs, and presentations. Each session is designed to build on the knowledge from the previous weeks, fostering a robust understanding and practical skills. The course is designed to not only provide foundational knowledge but also to engage students in active learning through quizzes, practical labs, presentations, and paper reviews. It aims to prepare students for advanced studies in the field and real-world applications.

The final grade is composed by :
35%Labs
30%Presentation 
25%Written Summary Report
10%Attendance, Participation to class

• Course title: Cybersecurity Ethics
• Number of ECTS: 4
• Course code: MCYSD-21
• Module(s): 3.5 PROFILE B : Policies, compliance and defence – Cybersecurity Regulations and Practices
• Language: EN
• Mandatory: No

This course introduces students to ethical challenges regarding information technology. Students will examine the ethical responsibilities required of cybersecurity professionals at different levels. Topics such as privacy, EU regulations, and sociocultural influences will also be explored. At the end of the course, students will understand the role of ethical and value frameworks in cybersecurity, analyze cybersecurity challenges and explain their reasoning, develop critical thinking and analysis skills through presentation and discussion, and be able to communicate in plain language

After the course, students will be able to: List the
ethical principles in cybersecurity. Define the meaning of ethical principles
in cybersecurity. Explain and purpose of ethical principles in cybersecurity
in terms that someone who has not taken this course would understand.
Determine relevant ethical principles in case studies and codes of conduct.
Explain their ethical analysis of a real-world problem in terms that someone
who has not taken this course would understand. Critique real world case studies
based on ethical principles related to this course. Function effectively as a
team member on a multidisciplinary project team, determined by assessment by
instructor, peer review, and self-assessment. Explain the roles of different
disciplines in the project and judge their relative importance.

Ethical and Values Frameworks in the EU (such as: -Morals, Ethics, and Law in Society -Reasoning with Moral Theories -EU Principles and Values -Value Conflicts Ethical and Values Frameworks in the EU (such as: -Morals, Ethics, and Law in Society -Reasoning with Moral Theories -EU Principles and Values -Value Conflicts -GDPR Principles) Professional Obligations and Codes of Conduct (such as: -CIRCL CVD –GDPR Obligations -Professional Codes of Conduct) Reasoning with Common Ethical Challenges (such as: -Harms to Privacy –Breaches –Transparency and Disclosure –Balancing Values)

  Task 1. Active participation 30%

Objectives and Criteria : 
Engage in class discussions, listen to other
students, and think critically about the course material. 
Participation in class activities and homework (peer, self, and instructor feedback)

 

Task 2. Presentation 20%
 

Objectives and Criteria:
Summarize and explain cybersecurity challenges
for a specific domain in a way that is understandable to someone who has not
taken the class. 
Content, Confidence, Clarity,
Understandability, Sources used (scholarly, interview, news, etc.), Synthesis

 

Task 3.
  Written exam
(Weekly Quiz) 30%

Objectives and Criteria :
Recall and demonstrate understanding of ethical
principles, cybersecurity professional obligations, and other class topics. 
Correct understanding of core class material 

 

Task 4. 
  Take-home assignment 20%

Objectives and Criteria:
Compare and contrast code of conducts, classify
using ethical and value frameworks, and generate their own code of conduct. 
Completeness of assignment and reflection task

• Course title: Entrepreneurship
• Number of ECTS: 2
• Course code: MA_ERAS_CYBERSECU_1-1
• Module(s): 3.5 PROFILE B : Policies, compliance and defence – Cybersecurity Regulations and Practices
• Language: EN
• Mandatory: No

Ability and skills to understand and critically evaluate business problems from the the perspective of entrepreneurship; deep knowledge on the entire startup process (from ideation to venture exit); evidence-based insights on entrepreneurship rooted in latest research insights; ability to apply these insights in real-world case studies that feature highly relevant problems and their solutions

The course provides a bird’s-eye view of important fundamentals of entrepreneurship.

The course will cover the following topics: Entrepreneurship in general, entrepreneurial personalities, business planning, lean startup, entrepreneurial marketing, entrepreneurial finance, entrepreneurial growth, entrepreneurial exit, select types of entrepreneurship (e.g., social entrepreneurship, sustainable entrepreneurship). The course also features case studies, in which students will apply the concepts of the lecture to real business cases, preferably from the cybersecurity sector.

Written Exam 50%

The objective of the exam is to evaluate students’ understanding and application of key entrepreneurship concepts.

Presentation 50%

The students will solve and present their solutions to case study assignments. The objective of the case studies is to develop students’ analytical and decision-making skills by applying theoretical concepts to real-world entrepreneurial scenarios and fostering critical thinking and strategic planning abilities.

RETAKE  : Oral 100%

• Course title: EU Digital sovereignty : Securing EU digital sovereignity through Research and Innovation
• Number of ECTS: 4
• Course code: MA_ERAS_CYBERSECU_1-4
• Module(s): 3.5 PROFILE B : Policies, compliance and defence – Cybersecurity Regulations and Practices
• Language: EN
• Mandatory: No

Analyze EU’s ‘digital sovereignty’ i.e. EU’s ability to act independently in the digital world. This means studying protective mechanisms and offensive tools designed by the EU to foster digital innovation (including in cooperation with non-EU companies) as well as related challenges

Students will be able to: (i) Identify and explain different levers used by the EU for its digital sovereignty (notably economic and legal (normative) levers); (ii) breakdown legislative acts and proposals that aim at implementing EU’s digital sovereignty; (iii) understand different UE budgetary instruments (including actors) to finance Research and innovation;(iv) describe strategic technological innovation for EU’s digital sovereignty; (v) explain challenges to EU’s digital sovereignty and suggest solutions; (vi) discuss ethics and technology 

Introduction to EU’s framework for digital sovereignty – tools, mechanisms, and actors;; Chips market: the Chips Act as a mean to secure EU digital sovereignty; 5G infrastructure deployment: geopolitical and legal challenges; Digital infrastructure sharing imperative: perspectives on an EU Cloud; Software and software development: issues of liability in the context of automated processes/decisions; Artificial Intelligence (AI): opportunities and challenges for the EU digital sovereignty; Blockchain and Distributed Ledger Technologies: beyond the hype – socio-economic and legal perspectives for the EU digital sovereignty; Quantum technologies: securing strategic autonomy through quantum R Data protection: General Data Protection Regulation (GDPR) as a flagship regulation for a digital sovereign EU; Digital services: the Digital Services Act for a safe and accountable online environment; Digital Markets Act: a bid for fairness towards and between ‘gatekeepers’?; European Digital Identity: the idea of a personal digital wallet for EU citizens and residents; Intellectual property: towards a harmonized EU patent rules to boost innovation, investment, and competitiveness; Beyond efficiency and legal niceties: Ethics and technology

50% Take-home assignment
30% Presentation
10% Active participation10% Attendance
  

 
 

• Course title: Log Analysis
• Number of ECTS: 3
• Course code: MCYSD-12
• Module(s): 3.5 PROFILE A: Information security, risks and analysis – Cybersecurity Risks and Resilience
• Language: EN
• Mandatory: No

Computer systems use logs to record runtime events, such as the arrival of a network message, the change of a setting, or an unexpected situation (like an error).  Very often, logs are the only data available that provide information about the execution of a system. Logs are processed through log-driven analysis techniques, such as log parsing, run-time anomaly detection, and failure diagnosis.

The objective of this course is to provide students with the main knowledge to apply automated log analysis to improve the reliability and security of a system. This will include understanding the main concepts of software logging, how to use software logging, and how to analyze logs using techniques such as log parsing and log-based anomaly detection.

 

At the end of the course the students will be able to:
–         
Explain the main concepts related to software logging
–         
Use software logging frameworks
–         
Describe the main approaches for log parsing
–         
Illustrate downstream log analysis techniques such as log mining, model inference and runtime verification
–         
Understand the main techniques for log-based anomaly detection
–         
Use log parsing, log-based anomaly detection, and runtime verification tools

1.  Introduction to Logging, logging mechanisms and libraries
2. Logging approaches: where to log, what to log, how to log
3. Log compression
4. Log parsing
5. Log mining: failure prediction, failure diagnosis
6. Anomaly Detection
7. Runtime verification

 Task 1 

 Take-home assignment 30%

Objectives: The student will be asked to write a report describing one or more log analysis tools, both from a conceptual and an experimental perspective (e.g., reporting on a replication study of a tool).

Assessment rule: 
Use of generative AI technologies must be disclosed upon submission; the prompts used to get the results should be included in the submission. Late submissions are penalized by 50% (24h), 75% (=24h and 48h), 100% (=48h)

Assessment criteria :
Depth and breadth of the report, soundness of the experimental methodology and data analysis (when applicable) 

 

Task 2

Presentation 30%

Objectives:
Presentation of one or more log analysis tools, based on the written report 

Assessment rule :
Use of generative AI technologies must be disclosed upon submission; the prompts used to get the results should be included in the submission. Late submissions are penalized by 50% (24h), 75% (=24h and 48h), 100% (=48h). An unjustified no-show of the presenter on the presentation day will imply a grade of 0 points (even if the presentation was submitted on time).

Assessment criteria:
depth and breadth of the presentation, quality of the visual support (slides)

 

Task 3

Written exam 30%

Objectives :
Assessing the students’ understanding of the main concepts presented in the lectures.

Assessment rule:
The use of documents (including books and notes) is not authorized. The use of electronic devices is not authorized

Assessment criteria :
Correctness of the answers

 

Task 4

Active participation 10%

Objectives:
Students will be asked to answer questions during classes related to the concepts presented in the previous or current lecture

Assessment rule:
Answer to questions may be collected using digital tools like Moodle. 

Assessment criteria:
Participation in the discussion during class, relevance of the questions and correctness of the answers

 

RETAKE 30% :  a student may retake the written exam. No resitting is foreseen for the take-home assignments and the presentations

Assessment rule: 
Same as task 3

Assessment criteria:
Same as task 3

 

 

The instructor will make available relevant scientific articles and will recommend reading selected chapters of the following book:
 
Kevin Schmidt, Chris Phillips, Anton Chuvakin. Logging and Log Management. Syngress 2012. 9781597496353. Available on A-Z.lu

• Course title: Fault and Intrusion Tolerant Systems
• Number of ECTS: 4
• Course code: MICS2-53
• Module(s): 3.5 PROFILE A: Information security, risks and analysis – Cybersecurity Risks and Resilience
• Language: EN
• Mandatory: No

• Understand fundamental limitations of fault and intrusion tolerant systems


• Analyse a specific system structure and propose a fault and intrusion tolerant alternative


• Knowledge in the construction of fault and intolerant systems and the protocols that govern their execution

This course gives an overview of the fundamental design principles and protocols for the construction of fault and intrusion tolerant systems. The course serves as an introduction to the field and its concepts. It prepares to pursuing research in resilient computing or a related field (e.g., master projects or PhD theses).

• Introduction and taxonomy of faults
• Consistency in the presence of faults
• Group communication
• Replication
• Homogeneous byzantine fault tolerant protocols
• Hybrid protocols
• System-level aspects

Assignments: 30 %, Project Presentation 20 %, Final Exam 50 %

• Course title: Generative AI and Cybersecurity: Architectures, Threats, and Defenses
• Number of ECTS: 3
• Course code: MCYSD-13
• Module(s): 3.5 PROFILE A: Information security, risks and analysis – Cybersecurity Risks and Resilience
• Language: EN
• Mandatory: No

This course aims to: (1) equip students with a deep understanding of security, privacy, and robustness issues in large language models (LLMs) and LLM-based systems; (2) introduce state-of-the-art attacks (e.g., data poisoning, backdoors, membership inference) and defensive techniques (e.g., adversarial training, attack detection); (3) enable students to critically evaluate cutting-edge research papers and understand both theoretical foundations and real-world implications of LLM vulnerabilities; (4) prepare students for research or advanced engineering roles in AI security, with an emphasis on responsible and secure deployment of language models.

By the end of this course, students will be able to: (1) identify and describe various classes of attacks on LLMs (e.g., poisoning, inference, jailbreaks); (2) analyze and critique research methodologies used to evaluate LLM vulnerabilities and defenses; (3) evaluate LLM behavior under adversarial conditions and identify failure modes; (4) understand the trade-offs between model utility, robustness, fairness, and security; (5) understand security-by-design principles to mitigate prompt injection and other systemic threats.

This course offers an in-depth examination of security, privacy, robustness, and alignment challenges in the development and deployment of Large Language Models (LLMs). Spanning 14 sessions, it covers adversarial attacks, mitigation strategies, and emerging vulnerabilities through lectures, research paper discussions, and applied labs.

DAY 1: Introduction – LLM Landscape and Agent Security: Security risks in the LLM ecosystem, multi-agent risks, taxonomy of threats.
DAY 2: Data Poisoning Attacks: Pre-training and fine-tuning time attacks; clean-label vs. targeted poisoning.
DAY 3: Backdoor Attacks: Trigger-based and trojan backdoors; stealth and persistence.
DAY 4: Attribute Inference Attacks: Inferring latent attributes about training data or users.
DAY 5: Membership Inference Attacks: Detecting if a sample was used during training.
DAY 6: Model Stealing Attacks: Query-based model extraction, functionality replication.
DAY 7: Training Data Extraction: Reconstructing sensitive content from training data.
DAY 8: Exploiting Bias: Bias amplification, demographic risks, toxic content generation.
DAY 9: Jailbreaking: Prompt exploits, role-play jailbreaks, intent obfuscation.
DAY 10: Prompt Injection: Injection chains, system prompt vulnerabilities, sandbox evasion.
DAY 11: Adversarial Training and Robust Fine-Tuning: Fine-tuning for robustness, adversarial loss functions
DAY 12: Detection of Adversarial Attacks: Prompt filters, anomaly detection, activation monitoring.
DAY 13: Tracing the Thoughts of a LLM: Interpretability, intermediate representations, model cognition.
DAY 14: Defeating Prompt Injections by Design: Defense architectures, input sanitization, execution layers.

Active participation 40%

Assessment rule: Attendance at a minimum of 11 out of 14 lectures required. Student expected to participate in at least 5 paper discussions.

Assessment criteria : Attendance (5 points), frequency (5) and quality (10 points) of contributions

Objective: Foster Active Engagement with peers and materials. Support the development of communication skills. 

 

Oral Exam 60%

Assesment rule : The student chooses any 2 papers from the course and present it to the examiner. Follow-up questions can cover all the other papers and topic covered in the course.

Assessment criteria:
Understanding of key concepts and contributions (5 pts); Critical analysis and identification of limitations (5 pts); Clarity of explanation (5 pts); Integration with broader course context (5 pts)

Objective: Develop critical thinking and comprehension of advanced research. Relate a specific paper’s findings to broader course theme

 

RETAKE Exam: 100% oral exam