Information Security -Master of Information Technology Strategy - Carnegie Mellon University

Information Security

18-731 Network Security

Some of today's most damaging attacks on computer systems involve the exploitation of network infrastructure, either as the target of the attack or as a vehicle to advance attacks on end-systems. This course provides an in-depth study of network attack techniques, and the methods used to defend against them. Topics include firewalls and virtual private networks; network intrusion detection; denial of service (DoS) and distributed denial-of-service (DDoS) attacks; DoS and DDoS detection and reaction; worm and virus propagation; tracing the source of attacks; traffic analysis; techniques for hiding the source or destination of network traffic; secure routing protocols; protocol scrubbing; and advanced techniques for reacting to network attacks.

Prerequisites: CMU 18-630 or 18-730 coursework, and senior or graduate standing.
Units:  12 
Schedule: Fall semester

18-732 Secure Software Systems

Poor software design and engineering are the root causes of most security vulnerabilities in deployed systems today. Moreover, with code mobility now commonplace, particularly in the context of web technologies and digital rights management, system designers are continually challenged with protecting hosts from foreign software, and protecting software from the foreign hosts that run it.

This class takes a close look at software as a mechanism for attack, as a tool for protecting resources, and as a resource to be defended. Topics include the software design process; choices of programming languages, operating systems, databases and distributed object platforms for building secure systems; common software vulnerabilities, such as buffer overflows and race conditions; auditing software; proving properties of software; software and data watermarking; code obfuscation; tamper resistant software; and the benefits of open and closed source development.

Prerequisites: CMU 18-730 course completion, and graduate standing. Skill in the areas of operating systems and programming languages (C and Java).  
Units:  12 
Schedule: Spring semester

18-733 Applied Cryptography

A wide array of communication and data protections employ cryptographic mechanisms. This course explores modern cryptographic (code making) and cryptanalytic (code breaking) techniques in detail. This course emphasizes how cryptographic mechanisms can be effectively used within larger security systems, and the dramatic ways in which cryptographic mechanisms can fall vulnerable to cryptanalysis in deployed systems. Topics covered include cryptographic primitives such as symmetric encryption, public key encryption, digital signatures, and message authentication codes; cryptographic protocols, such as key exchange, remote user authentication, and interactive proofs; cryptanalysis of cryptographic primitives and protocols, such as by side-channel attacks, differential cryptanalysis, or replay attacks; and cryptanalytic techniques on deployed systems, such as memory remanence, timing attacks, and differential power analysis.

Prerequisites:  18-730 and senior or graduate standing.
Units: 12 
Schedule:  Fall semester

14-735 Secure Software Engineering

This course will enable students to understand how software coding defects lead to software vulnerabilities, develop secure software, and manage teams that develop secure software. Detailed explanations of common programming errors in C and C++ are provided, along with descriptions of how these errors can lead to code that is vulnerable to exploitation. The course covers secure software development tools and processes while focusing on low-level technical security issues intrinsic to the C and C++ programming languages and associated libraries.

Prerequisite: Proficiency in C and C++.
Units:  12 
Schedule: Fall semester

14-741 Intro to Information Security

The growing importance of information systems, and their use to support safety-critical applications, has made information security a central issue for modern systems.

This course introduces the technical and policy foundations of information security. The main objective of the course is to enable students to reason about information systems from a security engineering perspective. Topics covered in the course include elementary cryptography, access control, common software vulnerabilities, common network vulnerabilities, digital rights management, policy and export control law, privacy, management and assurance, and special topics in information security.

Prerequisites: A basic working knowledge of computers, networks, C and UNIX programming; elementary mathematics background.  Prior exposure to topics in computer or communications security is not required.   14-741 is a prerequisite course for 18-731. 
Units: 12 
Schedule:  Fall semester

14-761 Applied Information Assurance

This course focuses on practical applications of Information Assurance (IA) policies and technologies in enterprise network environments.  Although the course includes lectures and demonstrations, it is designed around a virtual lab environment and scenario that provides for robust and realistic hands-on experiences in dealing with a range of information assurance topic areas. Students will be provided numerous practical opportunities to apply information security practices and technologies in an effort to solve real-world IA problems.

Prerequisites: Graduate standing or instructor’s permission.
Units:  12 
Schedule: Fall and Spring semesters

14-807 Information Security Risk Management (2012)

The goal of this course is to develop the student's capability for applying risk management concepts specifically to the challenges of information security. An in-depth examination of the information security risk assessment and control process is covered, as well as the differences between qualitative and quantitative risk management. Exposure to the economics of information security relative to risk is provided. Throughout the semester, students will work on projects that demonstrate proficiency in applying an information security risk management method.

Prerequisites:  CMU 14-800 and 14-801 course completion. 
Units:  12 
Schedule: Fall semester