Pittsburgh MSISTM Core Course Descriptions
The following are the core courses all students are required to take as part of the curriculum of the MSISTM Program:
Management Requirement
14-786 and 14-788
14-786: Information Security Risk Analysis
Prerequisite: Either prior coursework in probability theory or 95-796: Statistics for IT Managers
14-788: Information Security Risk Policy and Management
Prerequisite: 95-710: Economic Analysis or equivalent coursework
Networking and Systems Requirement
(18-345 or 14-740 or 18-756) and (15-410 or 18-842)
18-345: Introduction to Telecommunication Networks
This class introduces the fundamental concepts of telecommunication networks. Underlying engineering principles of telephone networks, computer networks and integrated digital networks are discussed. Topics in the course include: telephone and data networks overview; OSI layers; data link protocol; flow control, congestion control, routing; local area networks (Ethernet, Token Rind and FDDI); transport layer; introduction to high-speed networks; performance evaluation techniques.
14-740: Fundamentals of Telecommunications and Computer Networks
14-740 is a graduate-level, first-course in computer and telecommunication networks. There is no pre-requisite of an undergraduate equivalent, but basic computer, programming and probability theory background is required. The primary objective of this course is for you to learn the fundamental principles underlying computer and telecommunication networks. Using a top-down approach, we will cover topics in the application, transport, network and link layers of the protocol stack. We will also go over advanced topics, including network management, traffic engineering, and router internals. Besides learning about the nuts and bolts, you will gain an understanding as well in engineering tradeoffs made and design principles used in computer and telecommunication networks. Another objective is for you to apply some of this knowledge in the context of systems projects. We will follow an aggressive pace in this course. Note: This class has a limited enrollment.
18-756: Packet Switching and Computer Networks
This class is designed to provide graduate students an understanding of the fundamental concepts in computer networks of the present and the future. In the past, the scarce and expensive resource in communication networks has been the bandwidth of transmission facilities. Accordingly, the techniques used for networking and switching have been chosen to optimize the efficient use of this resource. These techniques have differed according to the type of information carried: circuit switching for voice and packet switching for data. It is expected that elements of circuit and packet switching will be used in the integrated networks. This course focuses on packet switching for computer networks and protocol design. Topics in the course include: computer networks over-view; OSI layers, queueing theory; data link protocol; flow control; congestion control; routing; local area networks; transport layer. The current networks and applications will be introduced through the student seminars in the last weeks of the course. Prerequisite: 18-345: Introduction to Telecommunication Networks.
15-410: Operating System Design and Implementation
Operating System Design and Implementation is a programming-intensive OS class. The core experience is writing a small Unix-inspired OS kernel, in C with some x86 assembly language, which runs on a PC hardware simulator called Simics (and on actual PC hardware if you wish). Work is done in two-person teams, and "team programming" skills (source control, modularity, documentation) are emphasized. Core concepts include the process model, virtual memory, threads, synchronization, and deadlock. Prerequisites include either 15-213 (Systems Programming in C, Basic Architecture) or 18-347 (Computer Architecture). Students should be able to write and debug C code, should know what a register is, should not be mystified by 2's-complement arithmetic, etc. Prerequisite: 15-213: Introduction to Computer Systems.
18-842: Distributed Systems
The primary objective of this class is to learn the fundamental principles underlying distributed systems, and apply some of this knowledge in developing a real system in a course project (such as a networked multimedia system or a groupware system with built-in mechanisms for supporting high availability). Topics include: models of distributed systems, distributed transactions, distributed filesystems, infrastructures for building distributed systems, distributed algorithms, cryptography and distributed security, overview of distributed multimedia applications, systems and networking support for distributed multimedia systems, distributed real-time systems. Prerequisite: 18-342: Fundamentals of Embedded Systems or 15-410: Operating System Design and Implementation.
Security Requirement
18-730 and one advanced security course (18-731 or 18-733 or 18-732) and one additional security course (must be approved by advisor)
18-730: Introduction to Computer Security
This course provides a principled introduction to techniques for defending against hostile adversaries in modern computer systems and computer networks. Topics covered in the course include operating system security; network security, including cryptography and cryptographic protocols, firewalls, and network denial-of-service attacks and defenses; user authentication technologies; security for network servers; web security; and security for mobile code technologies, such as Java and Javascript. More advanced topics will additionally be covered as time permits, such as: intrusion detection; techniques to provide privacy in Internet applications; and protecting digital content (music, video, software) from unintended use. Offered in the Fall. Prerequisites: 1) 15-211 2) 18-345 OR 15-441.
18-731: Network Security
Some of today's most damaging attacks on computer systems involve the exploitation of network infrastructure, either as the target of attack or as a vehicle to advance attacks on end systems. This course provides an in-depth study of network attack techniques and methods to defend against them. Topics include firewalls and virtual private networks; network intrusion detection; denial of service (DoS) and distributed denial-of-service (DDoS) attacks; DoS and DDoS detection and reaction; worm and virus propagation; tracing the source of attacks; traffic analysis; techniques for hiding the source or destination of network traffic; secure routing protocols; protocol scrubbing; and advanced techniques for reacting to network attacks. Offered in the Spring. Prerequisites: Introduction to Computer Security (18-730).
18-733: Applied Cryptology
A wide array of communication and data protections employ cryptographic mechanisms. This course explores modern cryptographic (code making) and cryptanalytic (code breaking) techniques in detail. This course emphasizes how cryptographic mechanisms can be effectively used within larger security systems, and the dramatic ways in which cryptographic mechanisms can fall vulnerable to cryptanalysis in deployed systems. Topics covered include cryptographic primitives such as symmetric encryption, public key encryption, digital signatures, and message authentication codes; cryptographic protocols, such as key exchange, remote user authentication, and interactive proofs; cryptanalysis of cryptographic primitives and protocols, such as by side-channel attacks, differential cryptanalysis, or replay attacks; and cryptanalytic techniques on deployed systems, such as memory remanence, timing attacks, and differential power analysis. Offered in the Spring. Prerequisites: Introduction to Computer Security (18-730).
18-732: Secure Software Systems
Poor software design and engineering are the root causes of most security vulnerabilities in deployed systems today. Moreover, with code mobility now commonplace---particularly inthe context of web technologies and digital rights management---system designers are increasingly faced with protecting hosts from foreign software and protecting software from foreign hosts running it. This class takes a close look at software as a mechanism for attack, as a tool for protecting resources, and as a resource to be defended. Topics covered include the software design process; choices of programming languages, operating systems, databases and distributed object platforms for building secure systems; common software vulnerabilities, such as buffer overflows and race conditions; auditing software; proving properties of software; software and data watermarking; code obfuscation; tamper resistant software; and the benefits of open and closed source development. Offered in the Spring. Prerequisites: Introduction to Computer Security (18-730).
14-735: Secure Software Engineering
This course will enable students to understand how software coding defects lead to software vulnerabilities, develop secure software, and manage teams that develop secure software. This course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course covers secure software development tools and processes while focusing on low-level technical security issues intrinsic to the C and C++ programming languages and associated libraries. Proficiency in C and C++ are required. Prerequisites: None.
|