Prerequisites
Students must possess a bachelor's degree in an academic field that is relevant to studies in the field of Security Informatics.
Requirements
The minimum course requirements total 36 credits: 12 credits of Security Informatics core, of which at least 3 credits must be in computer science.
Security Informatics Core (12 cr.)
Applied and Security Courses (6 cr.)
Computer Science Networking Electives (9 cr.)
General Electives (9 cr.).
| Security Informatics Core (12 Credits) | |
| INFO I538 Cryptographic Protocols | 3 |
| INFO I539 Advanced and Current Topics in Security | 3 |
| INFO I537 Legal and Social Informatics of Security | 3 |
| INFO I525 Organizational Informatics and Economics of Security | 3 |
| INFO I536 Foundational Cryptography | 3 |
Note only one of INFO I537 or INFO I525 is required, but both may be taken with one credited as an elective.
| Applied Security Courses (6 Credits) | |
| CIT 515 Advanced Network Administration | 3 |
| CIT 506 Advanced Network Security | 3 |
The minimum of 9 credits in Computer Science Networking Electives will be earned in the courses listed below or in courses approved as computer science and networking electives by the Program Chair.
| Course Name | Credit Hours |
| CSCI P436 Introduction to Operating Systems | 4 |
| CSCI P438 Computer Networks | 4 |
| CSCI B534 Distributed Systems | 3 |
| CSCI P538 Computer Networks | 4 |
| CSCI B649 Internet Services and Protocols | 3 |
| CSCI P536 Advanced Operating Systems | 3 |
| CSCI B649 Trusted Computing | 3 |
The student must then take 9 credit hours of electives, which may or may not come from the above lists
| Security Informatics Core | 12 |
| Applied Security Informatics | 6 |
| Computer Science and Networking Electives | 9 |
| Electives | 9 |
| Total Credits | 36 |
Courses
- INFOI525 Organizational Informatics and Economics of Security (3 cr.) Organizational processes embed implicit and explicit decisions and information con-trol. Security technologies and implementations make explicit organizational choices that determine individual autonomy within an organization. Security implementations allocate risk, determine authority over processes, make explicit relationships in over-lapping hierarchies, and determine trust extended to organizational participants. This is a graduate case-based course that will examine implementations of security in organizations. This course requires a team project that includes a work plan, a timeline, and peer evaluation. Thus the students should obtain both insight into or-ganizational theory, and the reality of teamwork in practice. The course also requires professional student presentations.
- NFO I430/I530 Security of Networked Systems (3 cr.) This course includes definitions and concepts: confidentiality, integrity, availability, threats, vulnerabilities, attacks, policy, mechanisms, trust, and assurance. There will be a strong focus on deployed systems. The cryptography basics covered include symmetric/asymmetric, key management, digital signatures, secure hash, and proto-cols.
- INFO I433/I533 Protocol Design & Analysis (3 cr.) This course explores the design of protocols that satisfy specific security goals, ad-dress system vulnerabilities and mitigate threats. Understanding and analyzing sys-tem goals, vulnerabilities and threats is a fundamental part of Security Informatics. We explore various topics and areas including: privacy, resource access control, se-cret communication, and authentication of information. We will also explore various attack scenarios including: dictionary attacks, denial of service, social engineering, impersonation, insider and malware attacks, theft, abuses of privacy, man-in-the-middle attacks. We will explore these topics and attack scenarios in various comput-ing environments including: wired, wireless, data intensive, etc.
- INFO I537 Legal and Social Informatics of Security (3 cr.) Security technologies make explicit organizational choices that allocate power. Secu-rity implementations allocate risk, determine authority, reify or alter relationships, and determine trust extended to organizational participants. The course begins with an introduction to relevant definitions (security, privacy, trust) and then moves to a se-ries of timely case studies of security technologies. This course may be taken as an alternative I525. The course also requires a project, including a work plan, a timeline, peer evaluations, and professional presentations.
- INFO I536 Foundational Cryptography (3 cr.) Cryptography is the art of securing information against adversaries. Practicing that art requires a specific if eclectic mathematical and computer science theoretic back-ground. This course is designed to provide an introduction to that set of mathematics and theoretical computer science that is required for INFO I538 and INFO I539. This is not a general topical mathematical course.
- INFO I538 Cryptographic Protocols (3 cr.) This class considers issues of network security, treating in depth the topics covered in INFO I536. In particular, the class involves adversarial modeling, a detailed treat-ment of security primitives, and methods for analysis of security. It spans the ethics and technology of security, with examples drawn both from deployed and proposed protocols. Topics to be covered include studies of rational and malicious cheating, symmetric and asymmetric cryptography, security reductions and heuristics.
- INFO I539 Advanced and Current Topics in Security (3 cr.) This class will cover current and timely topics in the field of Security Informatics. Top-ics will vary from year to year. Examples of topics that could have been covered in recent years include phishing & cyberfraud, trusted computing basis, electronic vot-ing, and digital rights management systems.
- CSCI B438/B538 Computer Networks (4 and 3 cr. respectively) Pre-requisite: A systems course or an undergraduate class in networking, sockets programming experience. Our goal in this class is to learn about computer networks. We will do this by understanding how the networks work today and why they are de-signed the way they are. The course will primarily focus on the Internet but will also cover other past and present network technologies to put things in perspective. Since applications play an important role in the evolution of the Internet we will also study DNS, peer-to-peer networks, multicast, and security. Topics to be covered in-clude: Error control, medium access, switching and routing, congestion control, end-to-end transport, TCP/IP, IEEE 802.11 networks, security, and applications.
- CSCI B649 Internet Services and Protocols (3 cr.) The Internet has experienced unprecedented growth in the past few years. To the credit of its designers its core protocols have continued to perform reasonably well in the face of growth, application heterogeneity, changed trust relationships among its users, and higher available bandwidths. Networking research, both in industry and academia, is actively trying to understand how the Internet scales and performs un-der ever-evolving demands; They are also trying to determine what the next genera-tion Internet services and protocols should be like. The goals in this course are to understand the various issues facing the Internet today through research papers and RFCs (Requests for Comments) available online.
- CSCI B534 Distributed Systems (3 cr.) This course covers the principles of distributed systems including naming, consis-tency, concurrency, and security and their role in distributed file systems and file sharing systems. This includes the study of and current best practices in distributed computing models. The models include peer-to-peer, grid and distributed object model computing.
- CSCI B536 Advanced Operating Systems (3 cr.) Advanced topics in operating systems are covered in this course. Topics could in-clude any of the following: multi-tasking, synchronization mechanisms, distributed system architecture, client-server models, distributed mutual exclusion and concur-rency control, agreement protocols, load balancing, failure recovery, fault tolerance, cryptography, multiprocessor operating systems.
- CSCI B649 Trusted Computing (3 cr.) A Trusted Computing Platform (TCP) is a device that uses some amount of hardware enhancement to provide increased trustworthiness. These enhancements often in-clude separate processor and memory that enable the execution of code and stor-age of data in a protected space. TCPs differ from secure platforms in that TCPs can attest that they are operating as expected, while current secure platforms cannot. The ability to attest operating behavior is of fundamental importance when trying to determine whether Alice can trust the computation that is occurring on Bob's ma-chine. This question becomes important when considering multi-party computation scenarios that are common to distributed applications. For example, take an online credit card transaction that requires computation on both the client and server. While the Secure Socket Layer (SSL) protocol may be used to authenticate the server and establish a secure communications channel, it cannot insure that the server applica-tion will process and manage the data in the expected manner. In the first half of this course, we will survey various instantiations of TCPs and analyze their use in differ-ent multi-party computation scenarios. The second half of the course will be devoted to course projects. IBM has loaned several cryptographic coprocessor adapters, IBM 4764, which we will use to develop trusted applications.
- CSCI P436 Introduction to Operating Systems (3 cr.) This course covers the organization and construction of computer systems that manage computational resources. Topics include specification and implementation of concurrency, process scheduling, storage management, device handlers, mecha-nisms for event coordination.
- CIT 406/506 - Advanced Network Security (3 cr.) This course provides students with the in-depth study and practice of advanced con-cepts in applied systems and networking security, including security policies, access controls, IP security, authentication mechanisms and intrusion detection and protec-tion.
- CIT 415/515 - Advanced Network Administration (3 cr.) This course teaches individual machine administration and network administration. The course deals with both Unix and Windows systems, as appropriate to the indi-viduals in the course. The course includes configuring and managing security tools (auditing, monitoring,) as well as configuring and securing web browsers and servers. Students coming out of this course will have applied scripting skills and un-derstand the fundamentals of network administration. The course additionally deals with technical management of users, both well-behaved and malicious.
HCI - Security Informatics Degree Program
The HCI-Cybersecurity (HCI-S) master's degree program is a new program built upon the high quality and flexibility of the HCI program to train designers to assess and build security interfaces. The designers will not be designing security protocols but rather using security tools to build security into interfaces which they design.
Upon graduation, students in this program will be design professionals with an area of specialization within cybersecurity. The students will be particularly valuable to e-commerce companies struggling with customer trust; enterprises trying to implement identity management; and others for whom security is a strategic tool rather than a goal in and of itself.
Proposed Security Informatics Degree
This program is built upon three core competencies. First there is the understanding of networks and systems. Second is the understanding of informatics core, expanded to include a course on social or organizational informatics of security. Third is the networking core, complemented by the other two. Finally, there is a professional element that requires application of the three areas of knowledge in a comprehensive applied manner.
The professional development hands-on sector of the program takes the place of the thesis or capstone. Challenges to the students will be of a practical nature, requiring an understanding of the network to evaluate the problem, an understanding of security to understand possible solutions, and an understanding of the context to select the appropriate socio-technical responses. Strategies examined will include responses to cyber-attacks, user interactions (including the ethical questions of monitoring) and policy development for systems.
