Cybersecurity deals with the protection of information systems, and the services and operations that they support, against unauthorised access and disruption. Cybersecurity is essential in a highly digitalised society to protect devices and engineered infrastructures, from individual computers to complex socio-technical systems. It is a multidisciplinary research area, including aspects of information technology, human factors, ethics, law, policy, and risk management in the context of adversaries.
At the Department of Information Technology, we have identified cybersecurity as a strategic area for both research and education. Our research tackles challenges in a diverse range of areas, ranging from security aspects at the hardware and software levels, including security in computer networks and in the Internet-of-Things (IoT), to security and privacy in application areas such as machine learning, control systems, and online information. Our cybersecurity-related education offers courses at all higher-education levels, including introductory life-long-learning courses, basic and advanced courses, and doctoral courses at the current cybersecurity research frontier.
We warmly welcome contacts for collaboration and from prospective students and researchers!
- Cybersecurity and formal verification: automatically reasoning about the presence or absence of vulnerabilities in software and web applications through techniques from the formal methods area, including model checking, symbolic execution, and SMT (satisfiability modulo theories) solving.
- Anomaly detection: automatically detecting and identifying attacks and security breaches in a timely manner and distinguishing them from legitimate behaviours.
- Security in the Internet-of-Things: protecting the less powerful IoT devices and networks from attacks and detecting when they have been compromised. Examples include in-body sensor networks.
- Cybersecurity and Privacy in Learning and Control: protecting intelligent autonomous decision-making systems, powered by data-driven machine learning and model-based control engineering, against malicious adversaries. Examples include industrial control systems, smart grids, and artificial pancreas.
- Privacy-Preserving Federated Machine Learning: designing and developing large-scale training environments for millions of devices, with accurate model training based on local heterogeneous and unbalanced datasets, while ensuring data privacy and trust and auditability for the model preparation process.
- Secure Computer Architecture: designing the Computer Architecture 2.0 that closes the hardware security holes, without compromising performance and efficiency, and provides the substrate on which all other (software) security is built.
- Online Information Disorder: contributing to a higher quality of online information, for example exposing disinformation.
- Bengt Jonsson (software security)
- Stefanos Kaxiras (secure computer architecture)
- Matteo Magnani (online information disorder)
- Sérgio Pequito (secure control systems)
- Christian Rohner (network security)
- Philipp Rümmer (formal methods for security)
- André Teixeira (secure learning and control, see also his homepage)
- Salman Toor (federated machine learning)
- Davide Vega (online information disorder)
- Björn Victor (security education)
- Thiemo Voigt (IoT security)
- 1DL003 Cyber Security in a Societal Perspective
- 1DT072 Secure Computer Systems I
- 1DT075 Cryptology
- 1DT098 Security and Privacy
- 1DT111 Introduction to Cybersecurity and its Applications
- 1RT004 Safety and Security in Control Systems
- Cyber-physical Security of Networked Control Systems (PhD course)
- Modules inside courses: Computer Networks, Database security, Privacy-Preserving Data Mining, Automatic Control, Distributed Information Systems