Computing Security Master of science degree

6603d304-22a8-417b-b239-784a6a0bc73c | 129367

Inquire Visit Apply

Admissions Contact
Philip Bradley, Assistant Director
585‑475‑5332, pmbges@rit.edu
Program Contact
Sumita Mishra, Professor
585‑475‑4475, sumita.mishra@rit.edu

Overview

Online Option

Develop a solid foundation in cyber security as you understand how integrated systems are designed and developed, and the leadership skills that are paramount for guiding an industry that’s still exploring its role and impact in society.

There is critical importance to building security and survivability into the hardware and software of computing systems as they are designed and developed, rather than trying to add it on once these systems have been designed, developed, and installed. The MS in computing security gives students an understanding of the technological and ethical roles of computing security in today's society and its importance across the breadth of computing disciplines. This cybersecurity masters enables students to develop a strong theoretical and practical foundation in secure computing, preparing them for leadership positions in the computing security industry, academia, or research careers, or to pursue a more advanced degree in a computing discipline.

The program is designed for students who have an undergraduate computing degree in an area such as computing security, computer science, information technology, networking, or software engineering, as well as those who have a strong background in a field in which computers are applied, such as computer or electrical engineering.

The curriculum consists of three required core courses, up to 6 technical electives (depending on the capstone option chosen), and a thesis, project, or capstone course for a total of 30 semester credit hours.

Electives

Students can develop a specialization in one of several security-related areas by selecting technical electives under the guidance of a faculty adviser. Students are required to choose up to six technical electives.

Industries

  • Internet and Software

  • Computer Networking

  • Government (Local, State, Federal)

  • Defense

Typical Job Titles

DevOps and Security Engineer Technology Analyst
Cyberphysical Systems Engineer Incidence Response Consultant
Network Systems Engineer Security Analyst

Latest News

  • April 23, 2019

    Three researchers sit at a desk on computers.

    RIT cyber fighters go deep on Tor security

    Recognizing that the internet is not always secure, millions of people are turning to the Tor anonymity system as a way to browse the World Wide Web more privately. However, Tor has been found to have its own vulnerabilities. This has a team of faculty and students from RIT’s Center for Cybersecurity researching the extent of the problem and ways to address it.

More News  

Curriculum

Computing security (thesis option), MS degree, typical course sequence

Course Sem. Cr. Hrs.
First Year
CSEC-742
Computer System Security
The importance of effective security policies and procedures coupled with experience and practice is emphasized and reinforced through research and practical assignments. Organization and management of security discipline and response to threats is studied. Case studies of effective and failed security planning and implementation will be examined and analyzed. The issues influencing proper and appropriate planning for security and response to attacks will be studied. To be successful in this course students should be knowledgeable in networking, systems, and security technologies.
 3
CSEC-604
Cryptography and Authentication
In this course, students will learn in depth knowledge of cryptography and authentication. Students will explore various cryptography algorithms, authentication protocols, and their design and implementation. Students will work on a project to implement a cryptographic algorithm and/or an authentication protocol. The applications of cryptography and authentications in the areas of computer networks and systems and information assurance will also be investigated.
 3
 
Research Electives
 6
 
Advanced Electives
 6
Second Year
CSEC-790
MS Thesis
This course is a capstone course in the MS in computing security program. It offers students the opportunity to investigate a selected topic and make an original contribution which extends knowledge within the computing security domain. As part of their original work students will write and submit for publication an article to a peer reviewed journal or conference. Students must submit an acceptable proposal to a thesis committee (chair, reader, and observer) before they may be registered by the department for the MS Thesis. Students must defend their work in an open thesis defense and complete a written report of their work before a pass/fail grade is awarded.
 6
 
Advanced Electives
 6
Total Semester Credit Hours
30

Computing security (project option), MS degree, typical course sequence

Course Sem. Cr. Hrs.
First Year
CSEC-742
Computer System Security
The importance of effective security policies and procedures coupled with experience and practice is emphasized and reinforced through research and practical assignments. Organization and management of security discipline and response to threats is studied. Case studies of effective and failed security planning and implementation will be examined and analyzed. The issues influencing proper and appropriate planning for security and response to attacks will be studied. To be successful in this course students should be knowledgeable in networking, systems, and security technologies.
 3
CSEC-604
Cryptography and Authentication
In this course, students will learn in depth knowledge of cryptography and authentication. Students will explore various cryptography algorithms, authentication protocols, and their design and implementation. Students will work on a project to implement a cryptographic algorithm and/or an authentication protocol. The applications of cryptography and authentications in the areas of computer networks and systems and information assurance will also be investigated.
 3
 
Research Electives
 6
 
Advanced Electives
 6
Second Year
CSEC-792
MS Project
 3
 
Advanced Electives
 9
Total Semester Credit Hours
30

Computing security (capstone course option), MS degree, typical course sequence

Course Sem. Cr. Hrs.
First Year
CSEC-742
Computer System Security
The importance of effective security policies and procedures coupled with experience and practice is emphasized and reinforced through research and practical assignments. Organization and management of security discipline and response to threats is studied. Case studies of effective and failed security planning and implementation will be examined and analyzed. The issues influencing proper and appropriate planning for security and response to attacks will be studied. To be successful in this course students should be knowledgeable in networking, systems, and security technologies.
 3
CSEC-604
Cryptography and Authentication
In this course, students will learn in depth knowledge of cryptography and authentication. Students will explore various cryptography algorithms, authentication protocols, and their design and implementation. Students will work on a project to implement a cryptographic algorithm and/or an authentication protocol. The applications of cryptography and authentications in the areas of computer networks and systems and information assurance will also be investigated.
 3
 
Research Electives
 6
 
Advanced Electives
 6
Second Year
CSEC-793
Capstone for Computing Security
Students will apply their knowledge learned through the program to solve real world problems various areas of computing security. Large size projects will be defined for students to work on throughout the semester. At the end of semester students will present their results and demonstrate their knowledge and skills in problem solving and critical thinking in a setting open to the public.
 3
 
Advanced Electives
 9
Total Semester Credit Hours
30

Elective courses

Course
CMPE-661
Hardware and Software Design for Cryptographic Applications
The objective of this course is to build knowledge and skills necessary for efficient implementations of cryptographic primitives on reconfigurable hardware. The implementation platform will be a field programmable gate array (FPGA) containing a general purpose processor and additional reconfigurable fabric for implementations of custom hardware accelerators. In the studio format, team projects require design of selected cryptographic primitives followed by comparison and contrast of various implementation alternatives, such as software, custom FPGA hardware, and hybrid hardware-software co-design. Project teams are ideally composed of one Computer Engineering student and one Software Engineering or Computer Science student. Computer Engineering students lead the hardware design portions of each project, and Software Engineering and Computer Science students lead the software development portions. Topics may include binary finite field arithmetic, block ciphers, hash functions, counter mode of operation for block ciphers, public key cryptosystems, hardware/software co-design methodologies with FPGAs, software development and profiling, high level synthesis, on-chip buses, hardware/software interfaces, custom hardware accelerators and side channel attacks.
CSEC-730
Advanced Computer Forensics
This course provides students with the latest techniques and methods needed for extracting, preserving and analyzing volatile and nonvolatile information from digital devices. Students will gain exposure to the spectrum of available computer forensics tools along with developing their own tools for “special need” situations. The core forensics procedures necessary for ensuring the admissibility of evidence in court, as well as the legal and ethical implications of the process, will be covered on both Unix and Windows platforms, under multiple file systems. Therefore, students must possess a knowledge of available filesystems on both platforms.
CSEC-731
Web Server and Application Security Audits
This course discusses the processes and procedures to perform a technical security audit of web servers and web based applications. Students will not only explore Web Servers and Applications/Services threats, but also apply the latest auditing techniques to identify vulnerabilities existing in or stemming from web servers and applications. Students will write and present their findings and recommendations in audit reports on web servers and application vulnerabilities. To be successful in this course students should be knowledgeable in a scripting language and comfortable with the administration of both Linux and Windows platforms.
CSEC-732
Mobile Device Forensics
Techniques and limitations related to the seizure and interrogation of a variety of digital devices will be explored. Various mobile phone and tablet platforms will be interrogated with the intent of gaining better access and understanding of the organization of data in the devices. The infusion of digital storage and identification devices such as MP3 players, RFID and tokens into our everyday lives requires the study of their weaknesses and forensic exploit-ability. As personal information is frequently gathered and stored on these devices, the loss of a device could adversely affect individuals and organizations. The examination, collection, and removal of such information will be studied. To be successful in this course students should be knowledgeable in basic networking, systems, and security technologies.
CSEC-733
Information Security Risk Management
This course will provide students with an introduction to the principle of risk management and its three key elements: risk analysis, risk assessment and vulnerability assessment. Students will also learn the differences between quantitative and qualitative risk assessment, and details of how security metrics can be modeled/monitored/controlled and how various types of qualitative risk assessment can be applied to the overall assessment process. Several industry case studies will be studied and discussed. Students will work together in teams to conduct risk assessments based on selected case studies or hypothetical scenarios. Finally, they will write and present their risk assessment reports and findings.
CSEC-741
Sensor and SCADA Security
This course is designed to provide students with knowledge of sensor network security with respect to practical implementations. In particular, secure sensor network design for Supervisor Control And Data Acquisition (SCADA) is discussed. SCADA encompasses technologies that manage and control much of the infrastructure that we depend on every day without realizing it. The failure or corruption of SCADA systems can not only be inconvenient but also hazardous when the resource is critical or life threatening. Securing SCADA systems is of great strategic importance. The role of sensor networks in SCADA is discussed and sensor security protocols for SCADA applications are evaluated and studied. To be successful in this course students should be knowledgeable in basic networking, systems, and security technologies.
CSEC-742
Computer System Security
The importance of effective security policies and procedures coupled with experience and practice is emphasized and reinforced through research and practical assignments. Organization and management of security discipline and response to threats is studied. Case studies of effective and failed security planning and implementation will be examined and analyzed. The issues influencing proper and appropriate planning for security and response to attacks will be studied. To be successful in this course students should be knowledgeable in networking, systems, and security technologies.
CSEC-743
Computer Viruses and Malicious Software
Computer malware is a computer program with malicious intent. In this course, students will study the history of computer malware, categorizations of malware such as computer viruses, worms, Trojan horses, spyware, etc. Other topics include, but are not limited to, basic structures and functions of malware, malware delivery mechanism, propagation models, anti-malware software, its methods and applications, reverse engineering techniques. Students will conduct research to understand the current state of the computer malware defense and offense.
CSEC-744
Network Security
Students will examine the areas of intrusion detection, evidence collection, network auditing, network security policy design and implementation as well as preparation for and defense against attacks. The issues and facilities available to both the intruder and data network administrator will be examined and evaluated with appropriate laboratory exercises to illustrate their effect. The students will be provided with an understanding of the principles and concepts of wired and wireless data network security. Students will perform a series of laboratory or homework experiments in order to explore various mechanisms for securing data networks including physical layer mechanisms, filters, applications and encryption. Students will engage in attack/defend scenarios to test their deployments against other teams. Students should be knowledgeable in networking technologies.
CSEC-750
Covert Communications
Students will be introduced to the history, theory, methodology and implementation of various kinds of covert communications. Students will explore future techniques and uses of covert communications. More specifically students will explore possible uses of covert communications in the management of botnets. To be successful in this course students should be knowledgeable in networking, systems, and security technologies.
CSEC-751
Information Security Policy and Law
This course explores Information Security Policy development and deployment as well as laws (US and International) that impact information security. Students in this class will develop policies and analyze how policy impacts an organization. Students will also determine how federal, state, and international laws impact the information security policies of an organization.
CSCI-620
Introduction to Big Data
This course provides a broad introduction to the exploration and management of large datasets being generated and used in the modern world. First, practical techniques used in exploratory data analysis and mining are introduced; topics include data preparation, visualization, statistics for understanding data, and grouping and prediction techniques. Second, approaches used to store, retrieve, and manage data in the real world are presented; topics include traditional database systems, query languages, and data integrity and quality. Case studies will examine issues in data capture, organization, storage, retrieval, visualization, and analysis in diverse settings such as urban crime, drug research, census data, social networking, and space exploration. Big data exploration and management projects, a term paper and a presentation are required.
CSCI-622
Secure Data Management
This course examines policies, methods and mechanisms for securing enterprise and personal data and ensuring data privacy. Topics include data integrity and confidentiality; access control models; secure database architectures; secure transaction processing; information flow, aggregation, and inference controls; auditing; securing data in contemporary (relational, XML and other NO SQL) database systems; data privacy; and legal and ethical issues in data protection. Programming projects are required.
CSCI-642
Secure Coding
This course provides an introduction to secure coding including topics such as principles of secure coding, security architectures and design, operational practices and testing, programmatic use of cryptography, and defenses against software exploitation. Other topics include software based fault isolation, type-safe languages, certifying compilers; proof-carrying code, and automated program analysis and program rewriting. Programming projects, presentations, and a term paper will be required.
CSCI-662
Foundations of Cryptography
This course provides an introduction to cryptography, its mathematical foundations, and its relation to security. It covers classical cryptosystems, private-key cryptosystems (including DES and AES), hashing and public-key cryptosystems (including RSA). The course also provides an introduction to data integrity and authentication. Note: students who complete CSCI-462 may not take CSCI-662 for credit.
CSCI-720
Big Data Analytics
This course provides a graduate-level introduction to the concepts and techniques used in data mining. Topics include the knowledge discovery process; prototype development and building data mining models; current issues and application domains for data mining; and legal and ethical issues involved in collecting and mining data. Both algorithmic and application issues are emphasized to permit students to gain the knowledge needed to conduct research in data mining and apply data mining techniques in practical applications. Data mining projects, a term paper, and presentations are required.
CSCI-734
Foundations of Security Measurement and Evaluation
The course will introduce students into the algorithmic foundations and modern methods used for security evaluation. It will combine a theoretical revision of the methods and models currently applied for computer security evaluation and an investigation of computer security through study of user's practice. The students will be required to complete a few home assignments, to deliver a class presentation, to implement a team project, to lead the team's work and to undertake research on the topic assigned.
CSCI-735
Foundations of Intelligent Security Systems
The course will introduce students to the application of intelligent methodologies applications in computer security and information assurance system design. It will review different application areas such as intrusion detection and monitoring systems, access control and biological authentication, firewall structure and design. The students will be required to implement a course project on design of a particular security tool with an application of an artificial intelligence methodology and to undertake research and analysis of artificial intelligence applications in computer security.
CSCI-736
Neutral Networks and Machine Learning
The course will introduce students into the current state of artificial neural networks. It will review different application areas such as intrusion detection and monitoring systems, pattern recognition, access control and biological authentication, and their design. The students will be required to conduct research and analysis of existing applications and tools as well as to implement a course programming project on design of a specified application based on neural networks and/or fuzzy rules systems.
CSCI-762
Advanced Cryptography
This course investigates advanced topics in cryptography. It begins with an overview of necessary background in algebra and number theory, private- and public-key cryptosystems, and basic signature schemes. The course will cover number theory and basic theory of Galois fields used in cryptography; history of primality algorithms and the polynomial-time test of primality; discrete logarithm based cryptosystems including those based on elliptic curves; interactive protocols including the role of zero-knowledge proofs in authentication; construction of untraceable electronic cash on the net; and quantum cryptography, and one or more of digital watermarking, fingerprinting and stenography. Programming will be required.
ISTE-721
Information Assurance Fundamentals
This course provides an introduction to the topic of information assurance as it pertains to an awareness of the risks inherent in protecting digital content in today’s networked computing environments. Topics in secure data and information access will be explored from the perspectives of software development, software implementation, data storage, and system administration and network communications. The application of computing technologies, procedures and policies and the activities necessary to detect, document, and counter unauthorized data and system access will be explored. Effective implementation will be discussed and include topics from other fields such as management science, security engineering and criminology. A broad understanding of this subject is important for computing students who are involved in the architecting and creation of information and will include current software exploitation issues and techniques for information assurance.

Faculty

All Program Faculty  

Admission Requirements

To be considered for admission to the MS in computing security, candidates must fulfill the following requirements:

  • Complete a graduate application.
  • Hold a baccalaureate degree (or equivalent) from an accredited university or college in computing security, computer science, software engineering, information technology, networking, computer engineering, electrical engineering, applied mathematics, or computer engineering technology (exceptional students from other fields may be admitted on a contingent basis).
  • Submit official transcripts (in English) of all previously completed undergraduate and graduate course work.
  • Have a minimum cumulative GPA of 3.0 (or equivalent).
  • Submit a minimum of two recommendations from individuals who are well-qualified to assess the applicant’s potential for success.
  • International applicants must submit scores from the Graduate Record Exam (GRE).
  • International applicants whose native language is not English must submit scores from the TOEFL, IELTS, or PTE. A minimum TOEFL score of 88 (internet-based) is required. A minimum IELTS score of 6.5 is required. The English language test score requirement is waived for native speakers of English or for those submitting transcripts from degrees earned at American institutions.

Prerequisites

Applicants must satisfy prerequisite requirements in mathematics (integral calculus, discrete mathematics), statistics, natural sciences (physics, chemistry, etc.), and computing (programming, computer networking theory and practice, and systems administration theory and practice).

Bridge program

Students whose undergraduate preparation or employment experience does not satisfy the prerequisites required for the program may make up deficiencies through additional study. Bridge course work, designed to close gaps in a student's preparation, can be completed either before or after enrolling in the program as advised by the graduate program director. Generally, formal acceptance into the program is deferred until the applicant has made significant progress through this additional preparation.

If completed through academic study, bridge courses must be completed with a grade of B (3.0) or better. Courses with lower grades must be repeated. Bridge courses are not counted toward the 30 credit hours required for the master's degree. However, grades earned from bridge courses taken at RIT are included in a student's graduate grade point average.

A bridge program can be designed in different ways. Courses may be substituted based upon availability, and courses at other colleges may be applied. All bridge course work must be approved in advance by the graduate program director.

Learn about admissions and financial aid 

Additional Info

Study options

The program is offered online and on campus. 

Faculty

The program faculty are actively engaged in consulting and research in various areas of secure computing and information assurance, such as cryptography, databases, networking, secure software development, and critical infrastructure security. There are opportunities for students to participate in research activities towards capstone completion or as independent study work.

Maximum time limit

University policy requires that graduate programs be completed within seven years of the student's initial registration for courses in the program. Bridge courses are excluded.