Indico has been updated to v3.3. See our blog post for details on this release. (OTG0146394)

8–14 Oct 2023
MedILS, Split, Croatia
Europe/Zagreb timezone

Academic programme

Academic programme


The school will focus on the theme of Security of research computing infrastructures. The complete programme will offer around 30 hours of lectures, workshops and hands-on exercises, as well as a student presentations session, and special evening lectures. Classes are prepared and given by speakers who are security professionals with many years of experience in academia and research.

(Please note that this programme may be subject to minor changes.)


Security in research and scientific computing (Stefan Lueders, 1h introduction talk)

  • computer security: past, present and future
  • current risk landscape
  • most common threats and attack vectors
  • "why are we here?"

Security operations (Sven Gabriel, 2h lectures)

  • security operations: history, CERT vs. CSIRT
  • CSIRT organisation and provided services
  • preparations: asset management, security monitoring etc.
  • incident response readiness
  • lessons learned from past incidents

Track 1: Protection and prevention

Identity, authentication, authorisation (Tom Dack,  1h lecture)

  • An introduction to the concepts of Identity, Authentication, and Authorization
  • Authentication and authorisation for distributed research 
  • Methods for communicating authentication and authorization: Certificates, SAML, OAuth
  • How these technologies fit within research infrastructures

Security architecture fundamentals (Barbara Krasovec, 1h lecture and 1h exercises)

  • fundamental security principles
  • develop skills to be a security architect
  • how to design and provide secure computing infrastructure
  • security standards and frameworks
  • physical security
  • network security

Virtualisation and cloud security (Barbara Krasovec, 1h lecture)

  • virtualisation security fundamentals
  • cloud service models
  • authentication and key management
  • data security in the cloud
  • DevSecOps
  • security in private and public cloud
  • common threats in the cloud
  • security tools

Container security (Daniel Kouril, 1h lectures and 1h exercises)

  • key concepts of containers (namespaces, cgroups etc.) and Docker
  • container security, threat landscape
  • vulnerability and patch management

Risk and vulnerability management (Sven Gabriel, 1h lecture)

  • risk analysis and risk mitigation
  • vulnerability lifecycle, monitoring, scanning
  • CVE, CVSS, CPE, CWE and related standards
  • special cases: vulnerable hardware, EOL systems etc.

Track 2: Detection

Logging and traceability (David Crooks, 1h lecture)

  • host-based logs (system and application level), network monitoring
  • the importance of central logging
  • tools and technologies
  • data privacy, dealing with personal and sensitive data, log retention
  • traceability challenges

Intrusion detection with SOC( David Crooks, 2h lectures and 3h exercises)

  • indicators of compromise (IoCs), threat intelligence sharing, TLP protocol
  • tools and technologies: MISP, Zeek, OpenSearch etc.
  • deploying a Security Operation Center
  • security incidents: detecting and alerting

Track 3: Response

Digital forensics (Daniel Kouril, 2h lecture and 3h exercises)

  • digital evidence handling
  • data acquisition (live systems, storage etc.)
  • data analysis (OS, file system, network, executables etc.)
  • reporting

Defensible security architecture: How to implement security principles (Barbara Krasovec, 1h lecture)

  • data security
  • endpoint security: hardware, host, OS, BMC, security, system hardening
  • application security
  • future security trends

Incident response management (Barbara Krasovec, 1h lecture)

  • incident management and coordination
  • incident analysis and investigation
  • communication with stakeholders
  • containment and eradication
  • recovery
  • lessons learnt

Incident response exercise (Sebastian Lopienski, Tom Dack, David Crooks, Romain Wartel, 3h role-playing exercise)

  • incident management and coordination
  • Sirtfi and trust frameworks
  • communication with local users, external communities, and other stakeholders
  • working with law enforcement
  • privacy aspects

Additional talks

Student lightning talks session