Courses

A focus on cybersecurity enhances any degree.

Students who understand the complexities of protecting computer networks and data from attacks, and who are prepared to help mitigate them, are valuable assets in virtually every sector.

Term: Fall

Instructor: Kartik Nayak

Blockchains form a key infrastructure for decentralizing trust from a single entity to multiple different entities. Many fields such as finance, supply chain industry, and the design of central bank digital currencies today are considering the use of blockchains to decentralize trust. A critical component that underlies blockchain technology is consensus among a group of parties running it despite some of them being malicious. In this course, we will study classical results and recent advances in the design of consensus protocols that underlie blockchain technology today.

We will study the different problem formulations — Byzantine Broadcast, Byzantine Agreement, and state machine replication (or blockchains); different settings such as the permissionless and permissioned model; different modeling assumptions related to types of faults, network timing, use of cryptography, setup, adversarial adaptivity, and other assumptions (proof-of-work, proof-of-stake), and lower bounds under some of these settings. We will discuss different approaches (such as Nakamoto-style and classical BFT) to design scalable and practical protocols in terms of confirmation latency, transaction throughput, finality, energy consumption, and accountability for misbehaving participants. At the end of this course, you should understand the similarities and differences that underlie blockchain designs such as Paxos, PBFT, HotStuff (underlies Diem blockchain), Bitcoin, Ethereum, Internet Computer, and Algorand, among others.

Term: Fall

Instructor:

Synopsis: This course focuses on the design of data science algorithms and characterizing properties of privacy and fairness. Our daily lives are actively being monitoring on web browsers, social networks, wearable devices and even robots. These data are routinely analyzed by statistical and machine learning tools to infer aggregate patterns of our behavior (with applications to science, medicine, advertising, IoT, etc). However, these data also contain private information about us that we would not like revealed to others (e.g., medical history, sexual orientation, locations visited, etc.). Disclosure of such data leads to our privacy being breached. Moreover, acting on data with such sensitive information could result in physical or financial harm, and discrimination, leading to issues in fairness.

A grand challenge that pervades all fields of computer science (and more generally scientific) research is: how to learn from data collected from individuals while provably ensuring that (a) private properties of individuals are not revealed by the results of the learning process, and (b) the decisions taken as a result of data analysis ensure fairness.

In this course, we will study recent work in computer science that mathematically formulates these societal constraints. For privacy, we will study differential privacy, a breakthrough privacy notion: an algorithm is differentially private if its output is insensitive to (small) changes in the input. Differential private algorithms have found applications in developing algorithms with provable privacy guarantees while learning from data from varied domains (e.g., social science, medicine, communications) and in varied modalities (e.g., tables, graphs, streams), and is used by government organizations and internet corporations like Google and Apple to collect and analyze data. Differential privacy has also been shown to help design better learning algorithms. We will also investigate how to formulate the notion of fairness in data analysis mathematical. We will study both the theory and practice of designing private and fair data analysis algorithms and their applications to data arising from real-world systems.

Prerequisites:

The course is open to interested graduate and undergraduate students with sufficient mathematical maturity. Basic knowledge in algorithms, proof techniques, and probability will be assumed. Familiarity with databases and machine learning would help but is not necessary.

Term:

Instructor: Jeffrey S. Chase

This course provides a programmer's view of how computer systems execute programs and store information. It examines key computational abstraction levels below modern high-level languages; introduction to C, number and data representations, computer memory, assembly language, memory management, the operating-system process model, high-level machine architecture including the memory hierarchy, and introduction to concurrency. Prerequisite: Computer Science 201. Not open to students who have taken Computer Science 250D.

Term:

Instructor:

Basic concepts and principles of multiprogram med operating systems. Processes, interprocess communication, CPU scheduling, mutual exclusion, deadlocks, memory management, I/O devices, file systems, and protection mechanisms. Also taught Electrical and Computer Engineering 353. Prerequisites: Computer Science 201; and either Computer Science 210D, Computer Science 250D, or Electrical and Computer Engineering 250D.

Term: Fall

Instructor: Michael Reiter, Kartik Nayak

The goal of this course is to explain the principles behind computer security threats and countermeasures seen today or emerging soon.  In particular, we will place an emphasis on principles and, where possible, rigor.  Developing exploits will not be a focus of the class, though some assignments will involve implementing some attack code. The target audience for this class is computer science students, especially those planning to go on to software architect/developer jobs in industry or to pursue graduate studies. This class may be useful for system administrators, but the course will not focus on specific products or how to configure them.

Through this course, students will accumulate familiarity with the following technologies:  access control and authentication in distributed systems; cryptography and cryptographic protocols (mainly key exchange protocols); user authentication; software vulnerabilities and software engineering to reduce vulnerabilities; firewalls and related technologies; technologies to support online privacy; and selected advanced topics.

Term: Spring

Instructor: Michael Reiter

Cryptography refers to algorithmic techniques for protecting information from adversaries. While traditional goals of cryptography include preventing unintended disclosure of that information or detecting its unauthorized alteration, the field has grown in the last 40 years to include much richer primitives and protocols. Cryptographic techniques are already the basis for many security mechanisms in common use today, including secure communication protocols (e.g., TLS, IPSec), disk encryption facilities (e.g., Microsoft’s BitLocker),  and signed code updates. The use of cryptography will undoubtedly grow in the future, and so an understanding of modern cryptography is warranted for anyone developing technologies for use in environments where adversaries might be present. This class will focus on cryptographic primitives that are in common use today, with an emphasis on understanding why they are secure and for what purposes they should be used. Topics that will be covered include:

  • Basics of abstract algebra;
  • Pseudorandom functions and permutations;
  • Symmetric encryption algorithms;
  • Cryptographic hash functions;
  • Message authentication codes;
  • Information-theoretic security;
  • Number theory and number-theoretic primitives;
  • Asymmetric encryption;
  • Digital signature schemes;
  • Elliptic curve algorithms; and
  • Side-channel attacks. 

Time permitting, the class will also cover more advanced topics, such as interactive proofs and zero-knowledge proofs, and post-quantum cryptography.

Term:

Instructor:

Principles of securing the creation, storage, and transmission of data and ensuring its integrity, confidentiality, and availability. Topics include access control and authentication in distributed systems; cryptography and cryptographic protocols (mainly key exchange protocols); user authentication; software vulnerabilities and software engineering to reduce vulnerabilities; firewalls and related technologies; technologies to support online privacy; and selected advanced topics. Prerequisite: Computer Science 201 and 230 and (210 or 250).

Term:

Instructor: Matthew Lentz

Focus on architectural approaches to building secure, trustworthy software systems. Motivated by a discussion of real-world threat models and vulnerabilities. Analyzes enabling mechanisms (e.g., trusted hardware) in terms of abstractions, implementations, security guarantees, and hardware-software decomposition. Surveys systems across a wide range of application scenarios. Briefly considers other approaches to improving the security of software systems (e.g., formal verification). Primarily driven by reading and discussing research papers along with a research project. Prerequisite: Operating Systems (CompSci 310 or equivalent).

Term:

Instructor: Richard Biever

This course provides an overview of the domains, concepts, and elements and reviews current and emerging trends in Cybersecurity. Students will learn the National Institute of Standards and Technology (NIST) Cybersecurity Framework considering IT systems components, operating systems concepts, basic data analysis, and networking concepts including networking technologies and protocols. Real-world examples will be used to cover significant types of security incidents and their impact and remediation. Fundamental security design principles, information assurance fundamentals, and the significance of cryptography. Readings in different media will be used to demonstrate how quickly the threat and vulnerability landscape is changing across different industries.

Term: Fall

Instructor: Arturo F Ehuan

In their first fall term, Cybersecurity students are required to complete one semester of the professional development Seminar and workshop course, Cybersec 501. This course engages industry leaders in a speaker series on applied financial technology and entrepreneurship. 

Course requirements include completion of three (3) professional development workshops, including the sessions Achieving Objectives in Organizations and Time Management.  Students may choose the third workshop from the offerings provided by Pratt's professional development program for master's students. 0 units.

Term:

Instructor: Kim Leslie Kotlar

This Cybersecurity and Interdisciplinary Law/Ethics/Policy/Privacy Considerations course will introduce students to the legal, regulatory and policy topics that relate to cybersecurity, privacy and emerging technologies, and will provide:

  1. An overview of today's threat landscape, the legal frameworks governing data breaches, cybercrime and cyberwarfare;
  2. An examination of data privacy laws and the issues surrounding governments' collection of personal data; and
  3. An exploration of the impact emerging technologies have on regulatory agencies and public and private policies.

Term: Spring

Instructor:

Rapid progress in global digital transformation and connectivity requires us to think and act differently in the cyber domain. National security, economic security, and business interests are impacted by vulnerable information systems. Domestic and international cybercrime is on the rise. Hostile governments infiltrate public and private sector systems with relative impunity causing billions of dollars in financial damage and undermining public trust and confidence. Our notion of privacy is also changing. Students will explore cybersecurity through a non-technical lens by studying U.S. government responsibilities, law, and public policy as they relate to selected topics including finance, health care, and trade. Students will also gain an understanding of privacy, cybersecurity standards manifested in public policy, and how cybercrime is prosecuted.

Term: Fall

Instructor:

Understanding and measuring the risk involved with real and potential cybersecurity threats and vulnerabilities are fundamental for an organization or enterprise to invest in and to protect its information and operational infrastructure, its constituents, its relationships, and its reputation. Students will learn and apply various modeling techniques to identify and quantify risk and how they are used to determine the value and criteria for managing that risk. Risk management concepts and standards will be explored including its essential elements, effective governance, understanding the appetite for risk, and the need for developing appropriate policies and procedures to mitigate risk. These concepts and standards will be addressed across different industries and environments.

Term: Fall

Instructor: Arturo F Ehuan

Current and emerging technologies and processes to monitor, detect and respond to security incidents in systems, networks, and clouds will be covered including automation and analytics. Best practices for developing effective incident response plans, including regulatory and legal considerations, will be studied. Also studied is how to build resilience into development, manufacturing, or other business processes in the case of an incident.

Term:

Instructor: Jon Ticknor

This course is designed to provide students hands-on experience with machine learning, particularly in cybersecurity applications. This course will delve into the historical, current, and future applications of this technology in broad domains, including network defense and disinformation campaigns. Students will learn about state-of-the-art techniques being deployed today in security products, as well as burgeoning research areas for future growth. Students will also be exposed to the adversarial mindset and introduced to techniques seeking to disrupt defensive machine learning applications.

Term: Fall

Instructor: Michael Patrick Roman

The use of machine learning and AI is becoming more prevalent for collecting and analyzing data as its consolidation increases in value. Cyberattacks seek to steal, deny access, misrepresent (such as deepfakes), or compromise the privacy of information. Students will explore the power of machine learning and AI’s use in enhancing Cybersecurity tools across the NIST Framework and detecting and exploiting vulnerabilities in timeframes and ways previously unthinkable

Term:

Instructor: Dave Chatterjee

To effectively prepare and respond to the ever-increasing and evolving cyberattacks, organizations must not only have a comprehensive plan but also execute that plan with great precision and consistency. Cybersecurity readiness is a critical and distinctive organizational competency, and this course is designed to enhance managerial awareness and capability to develop and sustain this competency. This course will provide a holistic and comprehensive insight into the different aspects of cybersecurity program management from development to administration, evaluation, and improvement of processes.

Term: Spring

Instructor: Arturo F Ehuan

Students will examine the life cycle of a cybersecurity program from development, administration, evaluation, and improvement processes. Operational and strategic roles including the chief information security officer (CISO) in a representative security team will be studied and current and evolving areas where the team is placed in the enterprise. Best practices and models for how a security team’s performance can be measured will be learned with some real-world examples.

Term:

Instructor: Ramanarao Chamarty

This course will explore the everyday tasks and procedures that the IT security team employs to manage user and admin identities for authentication and access management. Students will learn the latest technologies and practices for multifactor authentication, single sign-on, and real-time privileges administration and what are the best practices for different use cases.

Term: Spring

Instructor: Ramanarao Chamarty

This course will explore the everyday tasks and procedures that the IT security team employs to manage user and admin identities for authentication and access management. Students will learn the latest technologies and practices for multi-factor authentication, single sign-on, and real-time privileges administration and what are the best practices for different use cases.

Term: Fall

Instructor:

Most cybersecurity attacks and breaches are due to social engineering techniques like phishing to obtain user identities and access privileges to circumvent an enterprise’s defense mechanisms and to access sensitive data and control systems. The student will study these techniques and current and emerging practices to prevent or minimize unintentional user errors or deliberate illegal insider threats. How to create an effective security awareness program and integrate it into all relevant business processes will be one of the key topics covered.

Term:

Instructor:

Introduction to Cybersecurity Threat Intelligence (CTI) and analysis functions in an organization. The course will familiarize the student with the role of intelligence, CTI and how disparate information/data is analyzed to identify threat adversary intentions and activity that may cause risk to the business. Students will learn the skills necessary to write cyber threat reports from their analysis of Tactics, Techniques and Procedures (TTP’s) and Indicators of Compromise (IOC’s) utilized by threat actors.

Term: Fall

Instructor:

This course will introduce the benefits that offensive cybersecurity operations (ethical hacking) can provide in protecting an organization from malicious attackers. The student will be familiarized with methodologies for conducting ethical hacking of an external, internal and cloud environment.  The course will cover the Tactics, Techniques, Procedures (TTPs) that adversaries use when attacking an organization (Red Team) and provide processes that defenders can use to protect the organization (Blue Team). Hands-on ethical hacking exercises to develop the skills taught will be using virtual cyber ranges. 

Term: Fall

Instructor: David Faraone

With the rapid adoption of emerging technologies being delivered by major cloud providers and software as a service (SaaS) providers, security capabilities must keep pace by creating methods to ensure the confidentiality, integrity, and availability of critical business processes leveraging cloud workloads. This course will provide students with practical and operational knowledge of industry-accepted cloud security practices and strategies for managing the evolving cloud risk landscape.

Term: Spring

Instructor:

Since the early 2000s, researchers and a variety of adversaries, ranging from cyber criminals to nation-states, have turned their attention to discovering and exploiting vulnerabilities in industrial control systems (ICS), which control infrastructures ranging from electricity grids to manufacturing facilities. Every 60 seconds a business will have a cybersecurity breach. Some of the breaches are just hackers testing their skills, other breaches focus on extracting sensitive information or planting viruses to cause financial and business disruptions to companies and critical infrastructure. In today’s industrial environments, it is not a question of “if” a company will be breached, it is the question of “when”. Enacting a business continuity plan during a cyber event will help companies contain and understand the impacts of the breach or effects on operations. When companies know how to respond internally to maintain operations and have defined and clear roles of stakeholders, the whole event can be contained and limit the losses incurred. The key to having an effective plan and implementation is training and practice. Building an effective business continuity plan means testing the response and identifying best practices.

Term: Fall

Instructor: Neil Gong

An introductory course to computer and information security. Includes discussion and practical exercises in software security, applied cryptography, web security, network security, mobile security, and AI security.

Term: Spring

Instructor: Kyle Bradbury

In almost every field, there is a need to draw inferences from or make decisions based on data. The goal of this course is to introduce machine learning that is approachable to diverse disciplines and empowers students to become proficient in the foundational concepts and tools. You will learn to (a) structure a machine learning problem and determine which algorithmic tools are appropriate, (b) evaluate the performance of your solution using field-appropriate metrics and practices, and (c) accurately interpret your model output and communicate your results to interdisciplinary audiences. This course is a fast-paced, applied introduction to machine learning that through extensive practice with foundational tools, helps you to develop strengths in your knowledge of foundational machine learning concepts and provides practical experience with those tools to prepare you for practice or future study.

Term: Fall

Instructor: Shane T Stansbury

This course will introduce the dynamic and evolving field of cyber law and policy.  The course will be team-taught by multiple instructors with expertise in various government and industry sectors. The goal is to introduce students to the legal and policy frameworks that guide lawyers and decision-makers in a world of rapid technological change, with a primary emphasis on cybersecurity and privacy. We will discuss today’s threat landscape and approaches to data breaches, cybercrime by state and non-state actors, and cyber warfare. We will also consider the legal and policy issues surrounding the collection and use of personal data, with a focus on both domestic and international data privacy protections. Other topics will also be explored, such as the impact of emerging technologies and markets (e.g., machine learning, digital currencies, platform media) and the ethical responsibilities of lawyers. Real-world case studies will be employed to allow students to weigh in on some of the most pressing issues of our time.   This course is introductory, and no technical background is necessary. Note: Students who have taken Law 609, Readings in Cyber Law with Stansbury, may not take Law 316, Intro to Cyber Law. 

Term: Spring

Instructor: David Alfred Hoffman

Policy and technical elements of activity in cyberspace will continue to impact and shape global society. Provide a basic understanding of fundamentals of cyber technologies and threats, national and international cyber policies and frameworks, and key topical issues in cyber. Students will be required to complete a written mid-term based on lectures and readings, present short classroom briefings, and engage in class discussions. The final will be a capstone written and oral presentation on a realistic cyber scenario applying knowledge from classwork and their research. No prior skills or knowledge is required.

Term: Spring

Instructor:

The course will explore the intelligence discipline through an examination of the US Intelligence Enterprise. Students will review pivotal intelligence policies, the organizational design of the US intelligence apparatus, and contemporary ethical issues associated with intelligence collection, both foreign and domestic. Through team projects and active learning exercises, students will be exposed to the sub-disciplines of intelligence collection and analysis. Open to undergraduate sophomores and juniors.

Term: Spring

Instructor: David H. Schanzer

Students will participate in a seven-week national security simulation where they will have an assigned role as a state or non-state actor and work with teams to develop policy responses to a security crisis that changes and develops over time. This simulation will involve domestic terrorism, white nationalism, and state efforts to persuade through propaganda. Participants will need to gain an understanding of the facts through a complex information environment that is polluted with misinformation that allows actors to engage in manipulation and deception. No prior national security coursework is required. Juniors, seniors and sophomores that have declared their major may take the course at the 500-level (PPS 590-1).  

Term: Spring

Instructor: Peter D. Feaver

Addresses complex US intelligence enterprise that has been established to support our national security priorities. First, students review and discuss current structure of national intelligence apparatus. Case studies are used for Internal and external sources of American Foreign Policy, including the role of ethnicity, nationality, and distinct world views of Americans and other peoples. The formulation and conduct of American foreign policy in different historical periods with an examination of foreign policy in the post-Cold War era and prospects for alternative futures. Instruction is provided in two lectures and one small discussion meeting each week.

Term: Fall

Instructor:

The course explores the delicate art of national security decision-making through a deeper understanding of the national security apparatus, analysis of elements of national power (examination of historical examples of application), and application of analysis to assess the merits of various approaches to national security decision-making.

Term: Spring

Instructor:

This class evaluates the effectiveness and design of intelligence agencies and their accompanying capabilities. Finally, students conduct independent research on select intelligence agencies and organizations. Instructor consent is required.

Term: Spring

Instructor:

This course examines the role of diplomatic and military intelligence in the making of policy. We will explore some of the most significant international events of the 20th century considering the contribution of both covert and overt intelligence, focusing on the histories of several of the major 20th-century intelligence organizations. The course will not be concerned with the intricacies of tradecraft, but with the interplay between intelligence and policy. In our final week, we will consider the correlation between the growth of intelligence communities, their legitimization, and delegitimization, and the popular image of spying represented contemporaneously in fiction and film.

Term: Fall

Instructor: David Alfred Hoffman

The course examines issues of cybersecurity and privacy. It focuses on the roles that different government organizations play in protecting cybersecurity. The course also examines the issues raised by the government's acquisition and storage of information in the interests of national security. Examines the intersection between commercial privacy and cybersecurity, business planning and government surveillance in the global economy, focusing on the US and the EU, with particular attention to the tensions that have arisen in the aftermath of the Snowden revelations of NSA surveillance activity, various large scale cybersecurity breaches and questions as to the trustworthiness of technology.

Term: Spring

Instructor: David Alfred Hoffman

In recent years health data has expanded beyond just clinical and pharmaceutical research data to also include a broad set of information from which health observations can be inferred. This health data landscape change has caused concern that existing health privacy and cybersecurity policy frameworks like HIPAA may need modification. This class will use interactive exercises to analyze the issues of how best to optimize health data public policy for the innovative and ethical use of data to enable better health outcomes and lower costs.

Term:

Instructor:

This course will introduce several security and privacy topics that have strong human factors components. Some of the themes that we cover throughout this course include an overview of User Research Methods and Ethics, Equity and Inclusivity in Security and Privacy, Challenges In Designing Usable Security and Privacy Tools, Security and Privacy Education and Awareness, and Human-Centered Security and Privacy in Emerging Technologies. This course includes weekly reading commentaries, a midterm exam, and a final group research project. Recommended prerequisite: user research methods and CompSci 201 or equivalent programming experience.