Master Information Security

Find out why crypto works and how it’s applied to protect your digital identity, how to develop secure systems (and maybe even prove that the implementation is correct), and how attackers try to break all of these. We teach Information Security in the CS&BME Master’s degree programmes Computer Science (CS), Information and Computer Engineering (ICE) and Software Engineering and Management (SEM). To study Information Security at TU Graz, you choose it as a Major or Minor in one of these degree programmes. We welcome students from Graz and from abroad – there are attractive scholarships for incoming students. Find out more!

Courses

Each of the degree programmes covers 120 ECTS, which includes courses in the Major, Minor, some optional subjects, and a master’s thesis (30 ECTS). For CS and SEM, the Major includes 10–15 ECTS in Seminars/Projects and 0–4 ECTS in “Science, Technology, and Society”. For SEM, Information Security can only be chosen as a Major and is combined with a Minor in Management. For ICE, the Seminar/Project of 10 ECTS can be added to either Major or Minor, and Information Security is combined with a Major or Minor that focuses on partly on Electrical Engineering. For full details, check the original curricula in TUGRAZonline (currently only in German).

Curriculum	Major Information Security	Minor Information Security
Computer Science (CS)	60 ECTS	24 ECTS
Information and Computer Engineering (ICE)	40+ ECTS (plus 10 SP)	20+ ECTS (plus 10 SP)
Software Engineering and Management (SEM)	50+ ECTS

The courses are grouped into 4 modules which reflect our core areas of research and will lead you from the foundations to cutting-edge research and impactful applications. One course per area is part of a compulsory module, while you can freely select the rest of your ECTS from all areas. About two thirds of the courses are offered by the Institute of Applied Information Processing and Communications (IAIK), marked below in full color, the other courses are contributed by other departments.

System Security

Security is not a simple property — it needs to be understood from a whole system’s perspective! Want to hack insecure software? Want to exploit the latest side channels, or Meltdown and Spectre? Are you ready for digging deep into the architecture and developing your own secure System-on-Chip?

This module offers a holistic view on system security, giving a deep insight into both software and hardware aspects. In the individual courses you will learn about vulnerability exploitation and secure software development, investigate modern cloud operating systems and compilers, tackle microarchitectural and physical side channels, and design secure hardware components and whole System-on-Chips.

Secure Software Development**

Software attacks/defenses and principles of secure programming

Winter, ECTS: 3VO+2KU

Digital System Integration and Programming

Design of embedded systems with hardware and software components

Winter, ECTS: 5VU

Side-Channel Security

Understand, exploit, and mitigate side channels in software & hardware

Summer, ECTS: 5VU

Digital System Design

Develop real ASIC designs and learn how to optimize and test them

Summer, ECTS: 3VO+2KU

Cloud Operating Systems

Build cloud operating systems and hypervisors as in modern clouds

Summer, ECTS: 5VU

Cryptographic Engineering

Implement cryptographic algorithms on different platforms

Winter, ECTS: 5VU

Compiler Construction

Offered by IST – Compiler lexing, parsing, and code generation

Summer, ECTS: 3VO+2KU

** The course “Secure Software Development” is part of the module “Information Security – Compulsory 1”, which is compulsory in both Major and Minor.

Cryptology & Privacy

Cryptography is the mathematical backbone of information security and provides the foundation of everything secure. This module covers the building blocks and design principles of modern cryptographic protocols. You’ll learn how ciphers protect data authenticity and confidentiality, how cryptanalytic attacks work, and how to ensure privacy by computing with encrypted data. You will acquire an in-depth understanding of modern cryptology and its mathematical foundations.

Also check out the course “Seminar Cryptology and Privacy – Mathematical Foundations of Cryptography” below. For those interested in the security perils of quantum computing, we recommend the lecture “Introduction to quantum computing“.

Cryptography**

Understand the building blocks of modern cryptographic protocols

Winter, ECTS: 3VO+2KU

Cryptanalysis

Cryptanalytic attacks and how they guide cryptographic design

Summer, ECTS: 3VO+2KU

Privacy Enhancing Technologies

Real-world protocols and privacy-enhancing technologies

Winter, ECTS: 3VO+2KU

Modern Public Key Cryptography

Investigating provable security of cryptographic protocols

Summer, ECTS: 3VU

Problem Analysis and Complexity Theory

Offered by IST – Analysis of combinatorial & complexity-theory problems

Summer, ECTS: 4.5VU

Coding and Cryptography

Offered alternatingly by TU Graz and Uni Graz – Foundations of coding theory

Summer, ECTS: 4.5VO+1.5UE

** The course “Cryptography” is part of the module “Information Security – Compulsory 1”, which is compulsory in both Major and Minor. We recommend that you complete this course before the other courses in this module.

Formal Methods for Security

Formal methods are mathematical techniques and tools used to ensure that hardware and software systems work correctly and enable modeling, verifying, and synthesizing computer systems.

Since secure system design is urgently needed, rigorous formal methods gain more and more importance in the security setting. To gain substantial security improvements, a rigorous analysis of detailed models of secure systems is needed as provided by formal methods.

Indeed, formal methods are the only currently-known approaches able to provide strong end-to-end security guarantees: security guarantees throughout the execution of a system and across abstraction layers.

Verification and Testing*

Advanced methods to test and verify software and hardware

Winter, ECTS: 3VO+2KU

Model Checking

Learn a formal technique for automatic verification based on models

Summer, ECTS: 3VO+2UE

Logic and Computability ^BSc

Learn to reason and to solve problems with logics

Summer, ECTS: 3VO+1.5KU

Model-based Testing

Offered by IST every 2 years – Model specification and automated testing strategies

Winter, ECTS: 5VU

Formal Specification and Design of Software

Offered by IST every 2 years

Winter, ECTS: 5VU

Discrete Stochastics and Information Theory

Offered by Institute of Discrete Mathematics

Summer, ECTS: 4.5VO+1UE

^BSc The course “Logic and Computability” is recommended if not already completed as part of the bachelor’s degree programme.

* The course “Verification and Testing” is part of the module “Information Security – Compulsory 2”, which is compulsory in Major.

Secure Applications

To harden software against possible attacks, it is vital to design and implement them in a secure way. This module focuses on threats and security risks you commonly encounter during the lifecycle of desktop and mobile applications. You will learn how encryption and other measures can be integrated into real-world products in order to protect sensitive information. You will obtain a detailed view on practical aspects to deploy secure software.

Secure Application Design*

Protect application assets by correctly using crypto functions

Summer, ECTS: 3VO+2KU

Mobile Security

Security of mobile platforms and common vulnerabilities in mobile apps

Summer, ECTS: 3VO+2KU

Secure Product Lifecycle

Offered by SGS

Winter, ECTS: 3VO+2KU

Introduction to IT-Law^EN

Offered by Uni Graz

Summer, ECTS: 3VO

Fault-Tolerant Distributed Algorithms

Offered by ITI

Winter, ECTS: 3VU

Knowledge Discovery & Data Mining 1

Offered by ISDS

Summer, ECTS: 3VO+1.5KU

^EN The curriculum lists the discontinued German course “Einführung in das IT-Recht”; check with the dean’s office to ensure that the new English course is recognized.
* The course “Secure Application Design” is part of the module “Information Security – Compulsory 2”, which is compulsory in Major.

Projects and Seminars

In this module, you work on an individual research topic as part of a Seminar/Project to help you acquire research skills in a scientific environment. Moreover, advanced seminars will help you obtain an in-depth background knowledge in your favourite area and deepen your presentation skills. Both will prepare you for your master’s thesis.

In CS and SEM, you choose 10–15 ECTS from this module for the Major. In ICE, you may choose the Seminar/Project for either Major or Minor.

To complete the “Seminar/Project Information Security”, find and contact a supervisor at IAIK whose topics you find most interesting — there is no regular schedule for this course, you can start any time.

Seminar/Project Information Security

Choose a topic and work on your own research project

Any time, ECTS: 10SP

Seminar Cryptology and Privacy

Mathematical Foundations of Cryptography

Winter, ECTS: 3.5SE

Invisible color box for currently unused courses

Seminar Formal Methods

Winter, ECTS: 3.5SE

Master’s Thesis

For your master’s thesis (30 ECTS), you’ll work with our research teams to solve challenges arising in our security research – maybe your results will even lead to a new scientific publication! Contact a supervisor at IAIK to find a suitable topic and start your thesis – maybe browse a selection of our current topics or chat with us first to find out more and help you decide.

CURRICULUM TRANSITION AND EQUIVALENCES

You can study the new CS, ICE, and SEM degree programmes with Major/Minor Information Security starting from Winter Term 2020/21. If you previously studied the discontinued ICE master’s programme, you will be converted to the new one automatically. If you previously studied the discontinued CS or SEM master’s programme, you can either transition any time or continue completing your programme until 30 September 2023.

Many of the courses in the new curriculum are considered ✧ equivalent to old courses, which are no longer offered under their previous names. This equivalence list works both ways: if you previously completed some old courses on the righthand side and switched to the new curriculum, they will be converted to the new courses on the lefthand side. If you did not switch and need some old courses on the righthand side which are no longer offered, complete the corresponding course on the lefthand side.

Current	Discontinued
Cryptography VO	Applied Cryptography VO
Cryptography KU	Applied Cryptography KU
Cryptanalysis VO	Applied Cryptography 2 VO
Cryptanalysis KU	Applied Cryptography 2 KU
Privacy Enhancing Technologies VO	IT Security VO
Privacy Enhancing Technologies KU	IT Security KU
Seminar Cryptology and Privacy SE	Selected Topics IT Security 2 SE
Secure Software Development VO	Security Aspects in Software Development VO
Secure Software Development KU	Security Aspects in Software Development KU
Digital System Integration and Programming VU	System-on-Chip Architectures and Modelling VU
Side-Channel Security VU	Embedded Security VU
Mobile Security VO	Advanced Computer Networks VO
Mobile Security KU	Advanced Computer Networks KU
Secure Application Design VO	Selected Topics IT Security 1 VO
Secure Application Design KU	Selected Topics IT Security 1 KU
Seminar/Project Information Security SP	Seminar/Project Information Processing SP
Seminar/Project Information Security SP	IT Security Project PT

Additionally, all courses of the previous Wahlfachkatalog “IT Security” in the discontinued CS curriculum as well as “Secure and Correct Systems” in the discontinued ICE and SEM curricula can also be counted towards the new CS module group “Information Security”.

Current	Discontinued
–	Mathematical Foundations of Cryptography VO
–	Mathematical Foundations of Cryptography UE
–	Mobile and Nomadic Computing SE
–	Wireless Communication Networks and Protocols VO
–	Selected Topics Design and Verification VO
–	Selected Topics Design and Verification UE
–	IT Security, Seminar SE

If you have questions on the curriculum transition process, contact the course’s lecturer, the IAIK office, your student representative, or your Dean of Studies.