• The Cybersecurity TAF consists of three core teaching units :

    •  Operating system security (Resp. Ahmed Bouabdallah et Gilles Guette, slot B) :  This course covers security for the most commonly used operating systems, such as Linux, Windows, and Android, as well as advanced security mechanisms, including access control models, Active Directory, SELinux, and OS hardening. The course also addresses cloud security and the security of hypervisors (heavy virtualization) and container managers (lightweight virtualization).  Because this course is offered at the beginning of the academic year, it includes a review of cryptography and public/private key management infrastructure, which is necessary for understanding all the technical course units in the TAF.
      • PASS data sheet ==> ici 

     

    • Network security (Resp. Ahmed Bouabdallah et Guillaume Doyen, slot C) : First, this EU introduces network access security. Then, network flow security is addressed via the generic concept of virtual private networks (VPNs), which can be introduced at different protocol layers (IPsec at layer 3 and TLS/DTLS at layer 4). Next, the security of a website accessible on the Internet is analyzed using routing and access control policies. This involves segmenting the site into different sub-entities to organize and control the overall flow of traffic using filtering mechanisms, such as firewalls. A series of practical exercises on relevant platforms illustrates the various concepts and helps students understand their importance.
      • PASS data sheet ==> ici

     

    • Cybersecurity law and policy (Resp. Léonie Marion, slot A) : This EU will include: (1) Measures to ensure a high level of information security in the European Union (NIS Directive); (2) Protection of personal data and privacy, focusing on the security obligations of data controllers, within the general framework of the GDPR, Police Directive, Privacy Directive, and proposed Privacy Regulation.  (3) Combating cyberattacks, including penalties for computer fraud (Godfrain Act) and legal means of cyber surveillance (military programming law and the concept of operators of vital importance). (4) Measures to combat illegal content, including the responsibility of internet companies (the Law on Confidence in the Digital Economy and case law), the fight against hate speech online (the PPL Avia law), and the fight against terrorist content (the Terrorism Regulation). An introduction to risk analysis provides a link with the technical dimension of security.
      • PASS data sheet ==> ici


    These three core teaching units are supplemented by nine elective units, which are described below. Students also have the option of taking two prerequisite units common to all TAFs in Rennes : Network fundamentals. (PASS data sheet ==> ici) and Operating system (PASS data sheet ==> ici)  :

     

    • Introduction to penetration testing (Resp. Guillaume Doyen, slot E) : 

      This EU serves as an introduction to penetration testing (pentesting). It is divided into five sections that follow the standard methodology for compromise.
      0. Introduction
      1. Reconnaissance
      2. Web Applications
      3. Linux system
      4. Post-Exploitation
      Theoretical lessons are accompanied by practical exercises in the form of simple challenges, examples, and more comprehensive virtual machines that can be compromised.

      • PASS data sheet ==> ici

     

    • Hardware security (Resp. Hélène Le Bouder, slot E) : This course introduces the physical security of circuits and microarchitectures. Topics include physical attacks through observation and fault injection, as well as memory and microarchitecture security.  

     

    • Advanced cryptology and data protection (Resp. Gouenou Coatrieux and Johanne Vincent, slot F) : The focus of this EU is data security. It covers modern cryptography basics, such as integrity, confidentiality, authentication, and non-repudiation; digital watermarking; and data traceability. The tools presented in cryptography are encryption, hash functions, and signatures..
      • PASS data sheet ==> ici

     

    • Blockchain and consensus: cooperation in digital platforms (Resp. Romaric Ludinard, slot F) : From the perspective of different technological approaches, this EU addresses the issue of interactions between entities with a common goal or, conversely, different interests. Technological choices related to interaction vary depending on the context (e.g., communication method, temporal and failure assumptions, trust, and implementation of strong, secure traceability). The consequences in terms of operations and economics are also addressed. These elements can easily be applied to other fields, such as cooperation between individuals or companies. 
      • PASS data sheet ==> ici

     

    • IoT security (Resp. Marc-Oliver Pahl and Fabien Autrel,  slot F) : Security in interconnected environments and in industrial and embedded systems.
      • PASS data sheet ==> ici

     

    • Application security (Resp. Ahmed Bouabdallah and Renzo Navas, slot G) : This unit first addresses the security mechanisms used on the internet, such as single sign-on (SSO), authentication delegation, and access control with OpenID Connect and OAuth 2.0. These mechanisms are then illustrated through the presentation of iconic internet communication services, including asynchronous services, such as email, and real-time services, such as VoIP and WebRTC.
      • PASS data sheet ==> ici

     

    • DevSecOps (Resp. Ahmed Bouabdallah, slot G) : This unit covers the key points of managing physical and virtual network infrastructure. An introduction to DevSecOps enables students to understand the concept, its origins, and its importance in an engineer's current work cycle. DevSecOps is also a culture and mindset that students must understand because companies increasingly use it to promote collaboration and security integration from the beginning of the development cycle.  Its key principles are security automation, continuous integration and deployment with built-in security, and real-time monitoring. 

     

    • Theory of cryptology (Resp. Hélène Le Bouder, slot H) : This course provides an introduction to cryptology. It covers the fundamentals of modern cryptography and cryptanalysis, presenting the two main types of encryption (symmetric and asymmetric), the most commonly used hashing techniques, message authentication codes (MACs), and the concepts of digital signatures and certificates. The course also introduces quantum cryptography. The course includes detailed lectures and practical exercises on public/private key management infrastructures and associated security services.
      • PASS data sheet ==> ici

     

    • System supervision and security audit (Resp. Fabien Autrel and Guillaume Doyen, slot H) : This course has two main parts. First, it addresses intrusion detection by monitoring networks, nodes, and applications to detect and understand attacks. It presents alert generation and management to enable identification of attacks and correlation of alerts to detect multi-stage attacks. Second, the course covers auditing information systems and intrusion testing to ensure the robustness and accuracy of security mechanisms within information systems. It also presents security certification aspects and security evaluation criteria.
      • PASS data sheet ==> ici

     

    Students also have the opportunity to take courses from other TAFs in Rennes, such as: :

    • 4G-5G mobile networks in the TAF IoT (slot F).
      • PASS data sheet ==> ici