Courses
Course descriptions are provided below for the Pittsburgh MSISTM Core Courses and the Cyber Forensics and Incident Response Track.
Core Courses
All students are required to take the following core courses as part of the MSISTM curriculum:
Management Requirement
14-786 and 14-788
14-786: Information Security Risk Analysis
Prerequisite: Either prior coursework in probability theory or 95-796: Statistics for IT Managers
14-788: Information Security Risk Policy and Management
Prerequisite: 95-710: Economic Analysis or equivalent coursework
Networking and Systems Requirement
(18-345 or 14-740 or 18-756) and (15-410 or 18-842)
15-441: Computer Networks
This is an introductory course in computer networks with emphasis on the basic performance and engineering tradeoffs in the design and implementation of computer networks. To make the issues more concrete, the class includes several multi-week projects requiring significant design and implementation. The goal is for students to learn not only what computer networks are and how they work today, but also why they are designed the way they are and how they are likely to evolve in the future. We will draw examples primarily from the Internet. Topics to be covered include: congestion/flow/error control, routing, addressing, naming, multi-casting, switching, internetworking and network security. Evaluation is based on homework assignments, projects and two mid-term exams.
14-740: Fundamentals of Telecommunications and Computer Networks
14-740 is a graduate-level, first-course in computer and telecommunication networks. There is no prerequisite of an undergraduate equivalent, but basic computer, programming and probability theory background is required. The primary objective of this course is for you to learn the fundamental principles underlying computer and telecommunication networks. Using a top-down approach, we will cover topics in the application, transport, network and link layers of the protocol stack. We will also go over advanced topics, including network management, traffic engineering and router internals. Besides learning about the nuts and bolts, you will gain an understanding in engineering tradeoffs made and design principles used in computer and telecommunication networks. Another objective is for you to apply some of this knowledge in the context of systems projects. We will follow an aggressive pace in this course. Note: This class has a limited enrollment.
18-756: Packet Switching and Computer Networks
This class is designed to provide graduate students an understanding of the fundamental concepts in computer networks of the present and the future. In the past, the scarce and expensive resource in communication networks has been the bandwidth of transmission facilities. Accordingly, the techniques used for networking and switching have been chosen to optimize the efficient use of this resource. These techniques have differed according to the type of information carried: circuit switching for voice and packet switching for data. It is expected that elements of circuit and packet switching will be used in the integrated networks. This course focuses on packet switching for computer networks and protocol design. Topics in the course include: computer networks over-view; OSI layers, queueing theory; data link protocol; flow control; congestion control; routing; local area networks; transport layer. The current networks and applications will be introduced through the student seminars in the last weeks of the course. Prerequisite: 18-345: Introduction to Telecommunication Networks.
15-410: Operating System Design and Implementation
Operating System Design and Implementation is a programming-intensive OS class. The core experience is writing a small Unix-inspired OS kernel, in C with some x86 assembly language, which runs on a PC hardware simulator called Simics (and on actual PC hardware if you wish). Work is done in two-person teams, and "team programming" skills (source control, modularity, documentation) are emphasized. Core concepts include the process model, virtual memory, threads, synchronization, and deadlock. Prerequisites include either 15-213 (Systems Programming in C, Basic Architecture) or 18-347 (Computer Architecture). Students should be able to write and debug C code, should know what a register is, should not be mystified by 2's-complement arithmetic, etc. Prerequisite: 15-213: Introduction to Computer Systems.
18-842: Distributed Systems
The primary objective of this class is to learn the fundamental principles underlying distributed systems, and apply some of this knowledge in developing a real system in a course project (such as a networked multimedia system or a groupware system with built-in mechanisms for supporting high availability). Topics include: models of distributed systems, distributed transactions, distributed filesystems, infrastructures for building distributed systems, distributed algorithms, cryptography and distributed security, overview of distributed multimedia applications, systems and networking support for distributed multimedia systems, distributed real-time systems. Prerequisite: You must take one of 18-342: Fundamentals of Embedded Systems or 15-410: Operating System Design and Implementation, and one of 14-740: Fundamentals of Telecommunications, 18-756: Packet Switching and Computer Networks, or 15-441: Computer Networks as a prerequisite to 18-842.
Security Requirement
18-730, one advanced security course (18-731 or 18-733 or 18-732) and one additional security course (must be approved by advisor)
18-730: Introduction to Computer Security
Fall. This course provides a principled introduction to techniques for defending against hostile adversaries in modern computer systems and computer networks. Topics covered include operating system security; network security, including cryptography and cryptographic protocols, firewalls and network denial-of-service attacks and defenses; user authentication technologies; security for network servers; web security; and security for mobile code technologies, such as Java and Javascript. More advanced topics will additionally be covered as time permits, such as: intrusion detection; techniques to provide privacy in Internet applications; and protecting digital content (music, video, software) from unintended use. Prerequisites: 1) 15-211 2) 18-345 OR 15-441.
18-731: Network Security
Spring. Some of today's most damaging attacks on computer systems involve the exploitation of network infrastructure, either as the target of attack or as a vehicle to advance attacks on end systems. This course provides an in-depth study of network attack techniques and methods to defend against them. Topics include firewalls and virtual private networks; network intrusion detection; denial of service (DoS) and distributed denial-of-service (DDoS) attacks; DoS and DDoS detection and reaction; worm and virus propagation; tracing the source of attacks; traffic analysis; techniques for hiding the source or destination of network traffic; secure routing protocols; protocol scrubbing; and advanced techniques for reacting to network attacks. Prerequisites: Introduction to Computer Security (18-730).
18-732: Secure Software Systems
Spring. Poor software design and engineering are the root causes of most security vulnerabilities in deployed systems today. Moreover, with code mobility now commonplace - particularly in the context of Web technologies and digital rights management - system designers are increasingly faced with protecting hosts from foreign software and protecting software from foreign hosts running it. This class takes a close look at software as a mechanism for attack, as a tool for protecting resources, and as a resource to be defended. Topics covered include the software design process; choices of programming languages, operating systems, databases and distributed object platforms for building secure systems; common software vulnerabilities, such as buffer overflows and race conditions; auditing software; proving properties of software; software and data watermarking; code obfuscation; tamper resistant software; and the benefits of open and closed source development. Prerequisites: Introduction to Computer Security (18-730).
18-733: Applied Cryptography
Spring. A wide array of communication and data protections employ cryptographic mechanisms. This course explores modern cryptographic (code making) and cryptanalytic (code breaking) techniques in detail. This course emphasizes how cryptographic mechanisms can be effectively used within larger security systems, and the dramatic ways in which cryptographic mechanisms can fall vulnerable to cryptanalysis in deployed systems. Topics covered include cryptographic primitives such as symmetric encryption, public key encryption, digital signatures, and message authentication codes; cryptographic protocols, such as key exchange, remote user authentication, and interactive proofs; cryptanalysis of cryptographic primitives and protocols, such as by side-channel attacks, differential cryptanalysis, or replay attacks; and cryptanalytic techniques on deployed systems, such as memory remanence, timing attacks, and differential power analysis. Prerequisites: Introduction to Computer Security (18-730).
Courses Under the Cyber Forensics and Incident Response Track
14-822: Host-Based Forensics
Spring: 12 units. Host-Based Forensics provides a systematic introduction to the field of digital forensics. The course aims to familiarize students with the forensic process and to apply forensic principles with many tools of the trade. Upon completion of this course, a student should feel confident in participating in a digital forensic investigation. This course focuses on the forensic process (planning, acquisition, analysis, reporting) as it relates to host system forensics. Class periods will consist of lecture and exercises. Pre-requisite: 14-761.
14-823: Network Forensics
Fall: 12 units. Network Forensics concentrates on the collection and analysis of evidence left on the network. Upon completion of this course, and its complement 14-822, a student will feel comfortable with the full scope of a digital forensic investigation. Class periods will consist of lecture and exercise. Students will learn about the data types that may have forensic value and will be introduced to several techniques for capturing data off the network and how each option impacts the data that is available. Students will be further presented with several incident response challenges on live networks and be tasked with determining and proving what happened. They will have to collect various logs, network traffic, create timelines and draw conclusions. Pre-requisite: 14-761.
14-824: Advanced Host-Based Forensic Analysis
Spring: 6 units. The principles taught in 14-822 stand independent of any specific platform or technology. Rather, the tools are used to illustrate the foundational skills presented in class. This mini allows the student to delve deeper into host-based forensics. While the general focus of this mini will remain constant, the specific content of the course will change based on developments in the field. This course will consist of three content areas: Data Carving, Password Recovery/Cracking and Small Scale Digital Devices. Students will conduct a course-long project related to one of the three content areas. Pre-requisite: 14-761. Co-requisite: 14-822.
14-825: Advanced Network Analysis
Fall: 6 units. The principles taught in 14-823 stand independently of any specific platform or technology. Rather, the tools are used to illustrate the foundational skills presented in class. This mini allows the student to delve deeper into network forensics. While the general focus of this mini will remain constant, the specific content of the course will change based on developments in the field. This course will consist of three content areas: P2P Networks and Communications, Internet Investigation and Wireless Traffic Interception. Students will conduct a course-long project related to one of the three content areas. Pre-requisite: 14-761. Co-requisite: 14-823.
14-826: Event Reconstruction and Correlation
Intermittent: 6 units. The principles taught in 14-822 or 14-823 stand independently of any specific platform or technology. This mini allows the student to be exposed to advanced forensics topics. While the general focus of this mini will remain constant, the specific content of the course will change based on developments in the field. The first half of this course will tackle Root Kits techniques and detection strategies; the second half of the course will deal with website and e-commerce investigations. Students will conduct a course-long project related to one of the two topic areas. 14-822 or 14-823 are not listed as prerequisites for this course, but it is highly advisable that the students have taken either of them prior to or concurrently with this class. Pre-requisite: 14-761.
NEW in SPRING 2013: 14-832: Cyber Forensics and Incident Response Capstone
Please note, the CyFIR Capstone will be a requirement for the Cyber Forensics and Incident Response Track that will replace the three mini-courses (14-824, 14-825, and 14-826).
Spring: 12 units. The CyFIR concentration capstone course challenges students by placing them in a series of hands-on exercises based on actual U.S. federally prosecuted cases. Students will work together in groups to respond to and investigate large-scale corporate and government intrusions. CERT instructors will teach advanced event correlation and reconstruction techniques as well as cutting-edge data collection and analysis approaches. Students will be required to apply and synthesize these competencies and utilize their own problem solving skills to bring these cases to court. Students must follow sound forensic methodology to protect and prepare digital evidence and expert testimony to support the capstone's mock trials. Additionally, students will learn and implement executive best practices for managing crisis situations effectively. Upon completion of this course, students will be prepared to direct enterprise information security, incident response and forensic operations for large organizations.