This course will introduce many fundamental cybersecurity concepts. The course will teach students to think about information systems using an adversarial mindset, evaluate risk to information systems, and introduce controls that can be implemented to reduce risk. Topics will include authentication systems, data security and encryption, risk management and security regulatory frameworks, networking and system security, application security, organizational and human security considerations, and societal implications of cybersecurity issues. These topics will be discussed at an introductory level with a focus on applied learning through hands-on virtual lab exercises.

Access control and authentication systems are some of the most critical components of cybersecurity ecosystems. This course covers the theory, design, and implementation of systems used in identification, authentication, authorization, and accountability processes with a focus on trust at each layer. Students will examine formal models of access control systems and approaches to system accreditation, the application of cryptography to authentication systems, and the implementation of IAAA principles in modern operating systems. A special focus will be placed on preparing students to research and write about future topics in this area.

This course introduces methods and technologies for establishing trust in modern computing systems, including classic approaches (e.g., boot chain-of-trust, secure boot, exception/privilege levels, and Trusted Platform Modules - TPMs) and more recent trusted execution architectures that enable the creation of hardware-isolated secure sub-domains (e.g., ARM TrustZone) and enclaved sub-process execution (e.g., Intel Secure Guard eXtensions - SGX). The course also includes a list of special topics within trusted computing discussing new developments in the field.

Students will work with a supervising faculty member on a project of mutual interest. Project design and evaluation will be determined through discussion with the supervising faculty member and documented through completion of an independent study form to be filed with the department of computing security.

This course covers some of the foundational technologies for establishing trust in modern computing systems, including classic methods (e.g., boot chain-of-trust, secure boot, exception/privilege levels, and Trusted Platform Modules - TPMs) and more recent trusted computing architectures such as ARM TrustZone and Intel Secure Guard eXtensions (SGX), which are increasingly popular and widely adopted in both academic research and industry. The latter part of the course will touch upon more advanced and research-oriented aspects in the intersection of trusted computing and various realms of Computing Security & Privacy. A key component of the course will be an exploratory research project aiming to use trusted computing technologies to address a security/privacy problem. To be successful in this course students should be knowledgeable in applied cryptography and basic security technologies.

The graduate independent study offers students the opportunity to investigate a topic not covered in an available course in the MS program in conjunction with a faculty sponsor. Working cooperatively, the faculty sponsor and the student draft a proposal of the work to be completed, the deliverables expected from the student, the number of credits assigned, and the means by which the student’s work will be evaluated. The proposal must be approved by the graduate program director before a student can be registered for independent study.