With the prevalence of mobile computing, the advantages of cloud computing, the ubiquity of computing in general, and the issues of securing big data caused by the world-wide explosion of eBusiness and eCommerce today, secure computing environments and appropriate information management have become critical issues to all sizes and types of organizations. Therefore, there is a vital and growing need for all computing professionals to have a foundation in the issues critical to information security and how they apply to their specific disciplines. The minor consists of two required courses and three electives chosen by the student from the computing security advanced course clusters. There are many elective course choices to provide flexibility. Therefore, the minor provides any computing major outside of the computing security degree program with basic knowledge of the issues and technologies associated with computing security and allows students the opportunity to select a set of security electives that are complementary to their majors. Before beginning the minor in students must possess prerequisite knowledge that can be obtained from various programming sequences and courses in calculus and discrete math.
Notes about this minor:
This minor is closed to students majoring in computing security or any BS/MS degree option that includes the BS in computing security.
Posting of the minor on the student's academic transcript requires a minimum GPA of 2.0 in the minor.
Notations may appear in the curriculum chart below outlining pre-requisites, co-requisites, and other curriculum requirements (see footnotes).
The program code for Computing Security Minor is COMPSEC-MN.
Students must complete one of the following two-course programming sequences:
Computer Science I
This course serves as an introduction to computational thinking using a problem-centered approach. Specific topics covered include: expression of algorithms in pseudo code and a programming language; functional and imperative programming techniques; control structures; problem solving using recursion; basic searching and sorting; elementary data structures such as lists, trees, and graphs; and correctness, testing and debugging. Assignments (both in class and for homework) requiring a pseudo code solution and an implementation are an integral part of the course. An end-of-term project is also required.
Computer Science II
This course delves further into problem solving by continuing the discussion of data structure use and design, but now from an object-oriented perspective. Key topics include more information on tree and graph structures, nested data structures, objects, classes, inheritance, interfaces, object-oriented collection class libraries for abstract data types (e.g. stacks, queues, maps, and trees), and static vs. dynamic data types. Concepts of object-oriented design are a large part of the course. Software qualities related to object orientation, namely cohesion, minimal coupling, modifiability, and extensibility, are all introduced in this course, as well as a few elementary object-oriented design patterns. Input and output streams, graphical user interfaces, and exception handling are covered. Students will also be introduced to a modern integrated software development environment (IDE). Programming projects will be required.
Computational Problem Solving in the Information Domain I
A first course in using the object-oriented approach to solve problems in the information domain. Students will learn to design software solutions using the object-oriented approach, to visually model systems using UML, to implement software solutions using a contemporary programming language, and to test these software solutions. Additional topics include thinking in object-oriented terms, and problem definition. Programming projects will be required.
Computational Problem Solving in the Information Domain II
A second course in using the object-oriented approach to solving problems in the information domain. Students will learn: basic design principles and guidelines for developing graphical user interfaces, and use of the Event Model to implement graphical interfaces; algorithms for processing data structures; multithreading concepts and use of the Multithreading Model to design and implement advanced processing methods. Additional topics include the relational model of information organization, and the Client-Server model. Individual implementation projects are required. A team implementation exercise is used to provide students an opportunity to apply basic software development and project management practices in the context of a medium-scale project.
Computational Problem Solving in the Network Domain I
A first course in using the object-oriented approach in the network domain. Students will learn to design software solutions using the object-oriented approach, to implement software solutions using a contemporary programming language, and to test these software solutions. Topics include thinking in object-oriented terms, problem definition, designing solutions using the object-oriented approach, implementing solutions using a contemporary programming language, and testing software solutions. Programming projects will be required.
Computational Problem Solving in the Network Domain II
A second course in object-oriented problem solving in the network domain. Students will learn to develop software for the applications layer of the protocol stack. Topics include data structures, network processes, network protocols, and network security. Programming projects will be required.
Game Software Development I
This course introduces students within the domain of game design and development to the fundamentals of computing through problem solving, abstraction, and algorithmic design. Students will learn the basic elements of game software development, including problem decomposition, the design and implementation of game applications, and the testing/debugging of their designs.
Game Software Development II
This course furthers the exploration of problem solving, abstraction, and algorithmic design. Students apply the object-oriented paradigm of software development, with emphasis upon fundamental concepts of encapsulation, inheritance, and polymorphism. In addition, object structures and class relationships comprise a key portion of the analytical process including the exploration of problem structure and refactoring. Intermediate concepts in software design including GUIs, threads, events, networking, and advanced APIs are also explored. Students are also introduced to data structures, algorithms, exception handling and design patterns that are relevant to the construction of game systems.
Computational Problem Solving I
This is the first course in a two-course sequence in computational problem solving of engineering and scientific problems. The problems solved will stress the application of sequence, selection, repetitive, invocation operations, and arrays. The development of proper testing procedures to ensure computational accuracy will be stressed. Students, upon successful completion of this course, will be able to analyze introductory engineering and scientific problems, design, code, test, and document procedural software solutions.
Computational Problem Solving II
This is the second course in a two-course sequence in computational problem solving of engineering and scientific problems. The problems solved will stress the application of data structures and object oriented classes. Data encapsulation, data management, and design robustness will be stressed. Students, upon successful completion of this course, will be able to analyze complex engineering and scientific problems, design, code, test, and document objected-oriented software solutions.
Students must complete a two-course calculus sequence†:
Project-based Calculus I
This is the first in a two-course sequence intended for students majoring in mathematics, science, or engineering. It emphasizes the understanding of concepts, and using them to solve physical problems. The course covers functions, limits, continuity, the derivative, rules of differentiation, applications of the derivative, Riemann sums, definite integrals, and indefinite integrals.
Project-based Calculus II
This is the second in a two-course sequence intended for students majoring in mathematics, science, or engineering. It emphasizes the understanding of concepts, and using them to solve physical problems. The course covers techniques of integration including integration by parts, partial fractions, improper integrals, applications of integration, representing functions by infinite series, convergence and divergence of series, parametric curves, and polar coordinates.
Student must complete one of the following courses in discrete mathematics:‡
This course is an introduction to the topics of discrete mathematics, including number systems, sets and logic, relations, combinatorial methods, graph theory, regular sets, vectors, and matrices.
Discrete Mathematics for Computing
This course introduces students to ideas and techniques from discrete mathematics that are widely used in Computer Science. Students will learn about the fundamentals of propositional and predicate calculus, set theory, relations, recursive structures and counting. This course will help increase students’ mathematical sophistication and their ability to handle abstract problems.
Discrete Mathematics and Introduction to Proof
Choose one of the following:
Fundamentals of Computing Security
An introduction to the fundamental issues, concepts and tools common to all areas of computing security. Topics include identifying attackers and their motivations. Essential techniques will be introduced covering the areas of anti-virus, monitoring, virtual machines, account control, and access rights management. Various security models will be investigated. Concept areas such as confidentiality, integrity, availability and privacy will be studied.
Information Assurance and Security
Computer-based information processing is a foundation of contemporary society. As such, the protection of digital information, and the protection of systems that process this information has become a strategic priority for both the public and private sectors. This course provides an overview of information assurance and security concepts, practices, and trends. Topics include computing and networking infrastructures, risk, threats and vulnerabilities, legal and industry requirements for protecting information, access control models, encryption, critical national infrastructure, industrial espionage, enterprise backup, recovery, and business continuity, personal system security, and current trends and futures.
Choose one of the following:
Cryptography and Authentication
As more users access remote systems, the job of identifying and authenticating those users at distance becomes increasingly difficult. The growing impact of attackers on identification and authentication systems puts additional strain on our ability to ensure that only authorized users obtain access to controlled or critical resources. This course introduces encryption techniques and their application to contemporary authentication methods.
Introduction to Cryptography
This course provides an introduction to cryptography, its mathematical foundations, and its relation to security. It covers classical cryptosystems, private-key cryptosystems (including DES and AES), hashing and public-key cryptosystems (including RSA). The course also provides an introduction to data integrity and authentication.
Choose three of the following:
Computer System Security
This course will discuss the areas of liability, exposure, opportunity, ability and function of various weaknesses in computer security. The course will cover forms of attack and the methods to detect and defend against them. The issues and facilities available to both the intruder and administrator will be examined and evaluated with appropriate out-of-class laboratory exercises to illustrate their effect.
Network Security and Forensics
This course investigates the many facets of network security and forensics. Students will examine the areas of intrusion detection, evidence collection, network auditing, network security policy design and implementation as well as preparation for and defense against attacks. The issues and facilities available to both the intruder and data network administrator will be examined and evaluated with appropriate laboratory exercises to illustrate their effect.
Computer System Forensics
An investigation of the tasks of incident response and computer system forensics will be pursued. Students will learn the basic procedure for incident response as well as the tools needed to uncover the activities of computer users (deleted and hidden files, cryptographic steganography, illegal software, etc). Students will also learn to employ the activities needed to gather and preserve this evidence to ensure admissibility in court.
Network and System Security Audit
This course will provide students with an introduction to the processes and procedures for performing a technical security audit of systems and networks. Students will explore state-of-the-art auditing techniques and apply appropriate tools to audit systems and network infrastructure components. In addition, students will write and present their audit reports on vulnerabilities as well as recommendations to fix any problems discovered.
Mobile Device Security and Forensics
This course will be an in-depth study of security, incident response, and forensics as applied to the hardening and protection of mobile devices. Students will learn issues specific to the security of and vulnerabilities of mobile devices as well as forensics tools and incident response techniques used to reveal activities and information related to mobile devices.
Risk Management for Information Security
The three key elements of risk management will be introduced and explored. These are risk analysis, risk assessment, and vulnerability assessment. Both quantitative and qualitative methodologies will be discussed as well as how security metrics can be modeled, monitored, and controlled. Several case studies will be used to demonstrate the risk management principles featured throughout the course. Students will work in teams to conduct risk assessments on the selected case study scenarios. They will develop mitigation plans and present the results of their analysis both in written reports and oral presentations.
Covert communications have been employed in the past in traditional information warfare. Today with huge amounts of digital information exchanged in our cyber space and covert communication will become a potential tool for information warfare inside the space. Students will be introduced to the history, theory, methodology and implementation of various kinds of covert communications. Students will explore future techniques and uses of covert communications. More specifically students will explore possible uses of covert communications in the management of botnets. Students will conduct research in this topic area and will write a research paper on their research. Students will be required to submit their paper for publication in a peer-reviewed venue.
Penetration Testing Frameworks & Methodologies
The process and methodologies employed in negotiating a contract, performing a penetration test, and presenting the results will be examined and exercised. Students will be exposed to tools and techniques employed in penetration testing. Assignments will explore the difficulties and challenges in planning for and conducting an assessment exposing potential vulnerabilities. Students will develop a metric used to evaluate the security posture of a given network and will develop a coherent and comprehensive report of their findings to present to their client. Particular attention will be paid to the ramifications of the findings toward the security of the targets.
Authentication and Security Models
As more users access remote systems, the job of identifying and authenticating those users at distance becomes increasingly difficult. The growing impact of attackers on identification and authentication systems puts additional strain on our ability to ensure that only authorized users obtain access to controlled or critical resources. This course reviews basic cryptology techniques and introduces their application to contemporary authentication methods.
Cyber Defense Techniques
Students will study, build, defend and test the security of computer systems and networking infrastructure while potentially under attack. Students will gain an understanding of standard business operations, timelines and the value of risk and project management. Techniques as related to security guidelines and goals will be studied. Aspects of legal requirements, inheriting existing infrastructure, techniques for backup and recovery of data and systems will be examined.
Malware Reverse Engineering
This course provides an overview of basic concepts, techniques, and tools of malware reverse engineering. Students will learn how to perform reverse engineering to discover hidden software functions and hidden network communication techniques and protocols. Students will also learn techniques to protect against software reverse engineering.
Disaster Recovery Planning and Business Continuity
Security and network professionals are increasingly being called upon to apply their knowledge to the development of disaster recovery and business continuity plans. This course will explore DRP/BC in depth using current tools and techniques. Business requirements will be analyzed from the budget, business needs and risk management perspective. Experience gained from at least one co-op is required.
Advanced Mobile Device Forensics
This course will be an in-depth study of the forensics as applied to the hardening and protection of mobile devices. Students will learn the specifics of the advanced forensic techniques of smartphones and the third-party apps that proliferate these pervasive devices. Additionally, students will examine the various implementations of security in the various operating systems, devices and third-party apps.
Advanced Mobile Device Security
This course will introduce students to the advanced concepts, techniques, and tools of mobile device security. Students will learn different security models, current malware, pen testing, reverse engineering of mobile devices. Students will perform mobile device security of the most popular operating systems in an effort to provide better security either within the device itself, or through its wireless connections. Students will also learn about mobile malware and the common practices of protection against mobile malware.
Principles of Computer Security
This course provides a broad introduction to cybersecurity principles and practices, and emphasizes policies and mechanisms for building secure and trusted computer systems. It will cover cybersecurity principles, policies and mechanisms; core knowledge areas of data, software, component, connection, system, human, organizational and societal security; and crosscutting concepts of confidentiality, integrity, availability, risk, adversarial thinking, and systems thinking. Topics in privacy, and legal and ethical aspects will also be emphasized. Presentations, reports and projects are required. This course requires the knowledge of computer science theory and concepts of computer systems.
A fast paced, informal look at current trends in the theory of computing. Each week is dedicated to a different topic and will explore some of the underlying theory as well as the practical applications of the theory. Sample topics may include: quantum cryptography, networks and complex systems, social welfare and game theory, zero knowledge protocols. Students will be evaluated on homework assignments and a final presentation. Offered every other year.
Introduction to Security Measurement
The course will introduce students into the algorithmic foundations and modern methods used for security evaluation and tools design. It will combine a theoretical revision of the methods and models currently applied for computer security evaluation and an investigation of computer security through the study of user's practice. The students will be required to complete a few homework assignments, to deliver a class presentation and to implement a team project.
Introduction to Intelligent Security Systems
The course will introduce students to the application of intelligent methodologies in computer security and information assurance systems design. It will review different application areas such as intrusion detection and monitoring systems, access control and biological authentication, firewall structure and design. The students will be required to implement a course project on design of a particular security tool with an application of an artificial intelligence methodology and to undertake its performance analysis.
Engineering Secure Software
Principles and practices forming the foundation for developing secure software systems. Coverage ranges across the entire development lifecycle: requirements, design, implementation and testing. Emphasis is on practices and patterns that reduce or eliminate security breaches in software intensive systems, and on testing systems to expose security weaknesses.
Hardware/Software Co-Design for Cryptographic Applications
The objective of this course is to establish knowledge and skills necessary for efficient implementations of cryptographic primitives on reconfigurable hardware. Implementation platform will be a field programmable gate array (FPGAs) containing general purpose processor and additional reconfigurable fabric for implementations of custom hardware accelerators. In the studio format students work on team projects that require them to design, and then compare and contrast software, custom FPGA hardware, and hybrid hardware-software co-design implementations of selected cryptographic primitives.
† An equivalent calculus sequence may be determined by the minor adviser.
‡ An equivalent discrete mathematics sequence may be determined by the minor adviser.