Award for Information Security student

Published: 18 December 2017

Mikel Izagirre, student at the master programme in Information Security at Luleå University of Technolgy, has received the ISACA Sweden Chapter Scholarship Award.

Mikel Izagirre works as a software engineer in Spain where he designs and develops software for electronic locks and access control systems. Since he wanted to deepen his knowledge in computer security, he chose to study the master programme in Information Security.

– In recent years I think that the topic has become more important than ever, as our dependence on computer systems and the internet has increased drastically so I couldn't go wrong with the Information Security programme. And in retrospective, I can say I made a great choice because I really enjoyed the programme.

In his thesis, Deception strategies for web application security: application-layer approaches and a testing, Mikel Izagirre aimed to design and evaluate a new layer of defense for web applications based on deception.

– In my thesis I designed and implemented five deception strategies, deceptive comments, deceptive request parameters, deceptive session cookies, deceptive status codes and deceptive JavaScript, and used them in the context of web application traffic. Those strategies were in charge of injecting different types of fake elements into the traffic that could be attractive for an attacker but irrelevant for a legitimate user. Those elements were used as "baits" to detect malicious activity and take appropriate actions.  

Unique programme

Ali Ismail Awad, Associate Professor of Information Systems, has been Izagirre’s supervisor.

– This was not an easy competition but the thesis was coherent conducted and also had a certain novelty. Our plan is further to publish it as a research article in a good journal, says Ali Ismail Awad.  

– This award proofs that our unique strategy of this programme, to balance between the technical and the organizational part of Information Security, really works.

Mikel Izagirre agrees on that.

– The programme has different courses to teach and develop multiple Information Security fields combining a technical, formal and informal aspect that really makes it balanced and complete.

Tags