None
None
Methodical approaches for collecting and preserving evidence of computer crimes, laws /regulations, and industry standards. Hands on experience on identifying, analyzing, and addressing cyber base crimes. Ethical issues associated with information systems security. Foundational concept such as file system structures, MAC times, and network protocols. Use of tool of evidence recovery. Use of established forensic methods in handling of electronic evidence. Rigorous audit/logging and date archival practice. Prevention, detection, apprehension and prosecution of security violations and cyber criminals and general legal issues. Pre-Requisite: SEC 521
Security of wireless networks such as cellular networks, wireless LANs, mobile ad hoc networks, wireless mesh networks, and sensor networks. Overview of wireless networks. Study of threats and types of attacks, including attacks on MAC protocols. Selfish and malicious behavior in wireless routing protocols. Countermeasures/solutions and their limitations. Encryption and authentication. Secure hand-off techniques. Energy-aware security mechanisms. Secure multicasting. Key pre-distribution and management in wireless networks.
Web applications security requirements, threats and countermeasures. Contemporary web application vulnerabilities and exploitation techniques, based on the Open Web Application Security Project (OW ASP). Web defacement and server penetration techniques. Content-based attacks and effective countenneasures. Intellectual property protection and watermarking. Auditing and scanning Web applications and infrastructure for security weaknesses. Analysis of Web applications for key vulnerabilities and attacks. Security mechanisms and protocols and their roles in securing Web applications. Secure Web programming mechanisms in ASP.NET, Java, PHP, XML and SQL. Secure Web applications for e-commerce, e-banking and e-government transactions. Numerous hands-on exercises and projects on using tools and writing secure Web applications.
Secret key encryption; Block and stream ciphers, Encryption standards; Number theory: Divisibility, Modular arithmetic, Group theory and Finite fields; Public key encryption: RSA, ElGamal and Rabin cryptosystems; Diffie-Hellman key exchange; Cryptographically secure hashing; Authentication and digital signatures; Digital signature standard (DSS), Randomized encryption; Cryptocurrency, Blockchain models and applications. Security issues and their solutions in Blockchain models and applications. Blockchain payment networks. Note: Cannot be taken for credit with ICS 440
Introduction to penetration testing and ethical hacking, requirements and legal issues, setting up virtual lab; Exploring Kali Linux and Metasploit framework, hacking and penetration testing phases; Information gathering through passive and active reconnaissance, footprinting, social engineering, port scanning; Advanced fuzzing techniques; Exploitation, password attacks and gaining access to remote services; Web penetration testing and web-based exploitation; Maintaining access with backdoors and rootkits; Bypassing defense applications; Wireless and mobile device hacking techniques; Writing penetration testing report; Tools and programming available for penetration testers in both Windows and Linux platforms such as Kali Linux, OpenVAS, Burp, NMAP, Netcat, Python, etc.
None
Study of various security models and techniques for embedded systems both from a hardware as well as a software perspective. Smart card security. RFID attack models (including power analysis, side channel, and timing attacks), and security techniques. Security in wireless sensor networks (key management techniques, attack models, detection and prevention techniques). eHealth (embedded medical systems) security. Cryptographic hardware. Industrial control systems (SCADA). Physical hardware. Security for System-on-chip, and Internet-devices such as Internet thermostats and automated doors.
None
None
Graduate students are required to attend seminars given by the faculty members, visiting scholars, and fellow graduate students. Additionally, each student must deliver at least one presentation on the contemporary research topic. Among other things, this course is designed to give the student an overview of how to conduct research, research methodology, journal specifications and submission requirements, and on professional societies. The course grade is Pass or Fail.
This course is intended to allow the student to conduct research in advanced problems in his MS research area. The faculty offering the course should submit a research plan to be approved by the graduate program committee. The student is expected to deliver a public seminar and a report on his research outcomes at the end of the courses. Graded on a Pass or Fail basis.
None
Pre-Requisites: SEC599
Review of number theory, set algebra and finite fields. Computations in finite fields using standard and non standard base. High performance algorithms and architectures for cryptographic applications. Side channel analysis attack resistant computing.
A graduate student will arrange with a faculty member to conduct an industrial research project related to the cybersecurity as the field of the study. Subsequently the students shall acquire skills and gain experiences in developing and running actual industry-based project. This project culminates in the writing of a technical report, and an oral technical presentation in front of a board of professors and industry experts. Prerequisite: Completion of at least 12 credit hours.
Intrusion detection and prevention systems. Security engineering processes. Advanced firewall considerations. Honeynets. Network forensics. Distributed denial of service attacks (Botnet, Rootkits, Zero-Day Exploits). Cyber crime and cyber war. Enterprise security policy development. Complex enterprise security infrastructure design and integration. Web and email security. P2P network security, and trust management
Advanced security research topics in operating systems and emerging computing paradigm such as grid and cloud computing. Secure operating system requirements, fundamentals and definitions. Security in traditional and popular operating systems such as Unix, Linux, OpenBS,D and Windows. Security kernels. Verifiable security goals, trusted processes, and information flow integrity. Secure capability systems. Security in virtualization and secure virtual machine systems. Security issues and countermeasures in cloud computing. Data security and storage in the Cloud. Security management in the cloud services: PaaS, SaaS, and IaaS . Case Studies of secure systems, design, and evaluation: SELinux and Solaris.