András Gazdag

PhD student
e-mail: agazdag (at) crysys.hu

web: www.crysys.hu/~agazdag/
office: I.E. 429
tel: +36 1 463 2063
fax: +36 1 463 3263

Short Bio

András Gazdag was born in 1990 in Budapest. He received his BSc degree in Computer Science in 2013 and his MSc degree in Computer Science Engineering in 2015 from the Budapest University of Technology and Economics (BUTE). Since 2011 he has been working in the Laboratory of Cryptography and System Security (CrySyS), Department of Networked Systems and Services, Budapest University of Technology and Economics.

Current Courses

IT Security (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

IT Security (in English) (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

Computer Security (VIHIMA06)

The course introduces security problems in computing systems, as well as the principles, practical mechanisms, and tools used to solve them. The term computer is interpreted in a broad sense, and it includes personal computers, servers, mobile devices, and embedded computers. The course covers physical security and OS level security of computers, software security issues at the application level, secure programming, and the problem of malicious software (malware).

Network Security (VIHIMB00)

This course gives a detailed introduction into the security problems of computer networks, and it gives an overview of the possible solutions to those problems. It also covers issues related to secure operation of networks in practice, including modern tools and techniques used to ensure security. Students get theoretical knowledge and practical skills that form the basis of secure network operations, and allow them to assess security risks, understand threats and vulnerabilities, select and integrate appropriate security solutions, and to design new security mechanisms. The course also serves as a basis for obatining skills in penetration testing and ethical hacking of networks.

IT Security Laboratory (VIHIMB01)

This laboratory extends and deepens the knowledge and skills obtained in the courses of the IT Security minor specialization by solving practical, hands-on exercises in real, or close-to-real environments.

Secure Software Development (VIHIAV33)

This course fills an important gap in the education of software engineers, namely developing secure software applications. During this course, students will learn the most common mistakes in software development and how attackers exploit those mistakes (offensive security). Then, students get to know how to mitigate attacks and write secure software applications.

Computernetzwerke (in German) (VIHIAB01)

Das Ziel des Kurses ist einen umfassenden Überblick über die Design-Prinzipien von Computernetzwerke und die Protokolle, die die heutige Internet-Kommunikation ermöglichen. Wir analysieren die wichtigsten Komponenten des TCP/IP Protokoll-Stack und wir diskutieren weit verbreiteten Internet-Anwendungen. Das Kurssyllabus enthält zusätzliche wichtige Themen wie Multimedia-Kommunikation und Sicherheit.

Student Project Proposals

Incidens kezelés és forensic analízis ICS/SCADA rendszerekben

Kritikus infrastruktúráink alapját sokszor ipari automatizálási és folyamatirányítási (ICS/SCADA) rendszerek alkotják, melyek egyre nagyobb mértékben rendelkeznek külső hálózati kapcsolatokkal, esetleg Internet felőli eléréssel, ezért ki vannak téve a kibertér felől érkező támadásoknak. Fontos tehát az ICS/SCADA rendszerek biztonsága, ám az ismert biztonsági megoldások nem mindig alkalmazhatók a speciális ICS/SCADA környezetben, ahol a rendelkezésreállás és a megbízhatóság elsődleges szempontok.
Bár a sikeres támadások megelőzése az elsődleges cél, mégis fel kell arra készülni, hogy nem tudunk minden támadást megelőzni, és lesznek ICS/SCADA rendszereket érintő biztonsági incidensek. Ezek hatékony kezeléséhez, elengedhetetlen a folyamatos naplózás, a rendszer működésének monitorozása, és a log-ok tárolása későbbi analízis céljából.