Only the courses offered by JHUISI are described below. For those courses offered by other academic units that do not carry a JHUISI course number, please refer to the course descriptions provided by the corresponding academic units. You can also check out the school Catalog for more information on our courses by clicking here.
Core Technology Courses
650.424 (E,Q) Network Security
This course focuses on communication security in computer systems and networks. The course is intended to pro-vide students with an introduction to the field of network security. The course covers network security services such as authentication and access control, integrity and confidentiality of data, firewalls and related technologies, Web security and privacy. Course work involves implementing various security techniques. A course project is required.
Mishra 3 credits
650.445 Practical Cryptographic Systems
This semester long course will teach skill of how cryptographic systems work and fail - as part of a complete hardware and software system. The skills will be taught by examples I.e., by studyng and identifying flows in widely deployed crypto systems. We will place a particular emphasis on the failure of "security by obscurity" and the feasibility of reverse-engineering undocumented crypto systems.
Green 3 credits
650.457 (E) Computer Forensics
This course introduces students to the field of computer forensics and it will focus on the various contemporary policy issues and applied technologies. Topics to be covered include: legal and regulatory issues, investigation techniques, data analysis approaches, and incident response procedures for Windows and UNIX systems. Homework in this course will relate to laboratory assignments and research exercises. Students should also expect that a group project will be integrated into this course.
Casey/Fairbanks 3 credits
650.458 (E) Introduction to Cryptography
Prerequisites: Permission of instructor only.
Cryptography has a rich history as one of the foundations of information security. This course serves as the introduction to the working primitives, development and various techniques in this field. It emphasizes reasoning about the constraint and construction of cryptographic protocols that use shared secret key or public key. Students will also be exposed to some current open problems.
Li 3 credits
650.460 (E) Software Vulnerability Analysis
Prerequisites: Experience in C++ Programming.
This course will examine vulnerabilities in C source, stack overflows, writing shell code, etc. Also, vulnerabilities in web applications: SQL Injection, cookies, as well as vulnerabilities in C binary fuzzing, and exploit development without source among other topics.
Checkoway 3 credits
650.471 Cryptography and Coding
Prerequisites: Linear Algebra, computing experience; 550.171 or permission of instructor.
A first course in the mathematical theory of secure and reliable electronic communication. Cryptology is the study of secure communication: How can we ensure the privacy of messages? Coding theory studies how to make communication reliable: How can messages be sent over noisy lines? Topics include finite field arithmetic, error-detecting and error-correcting codes, data compressions, ciphers, one-time pads, the Enigma machine, one-way functions, discrete logarithm, primality testing, secret key exchange, public key cryptosystems, digital signatures, and key escrow.
Fishkind 3 credits
650.633 Computer Security Architectures
CSA addresses applications of information security and assurance methodologies and concepts by means of various implementations in the context of microcontrollers. A range of issues including performance and efficiency are considered. A project together with a report and associated presentation is required.
Masson 3 credits
650.654 (EN) Computer Intrusion Detection
Intrusion detection supports the on-line monitoring of computer system activities and the detection of attempts to compromise normal services. This course starts with an overview of intrusion detection tasks and activities. Detailed discussion introduces a traditional classification of intrusion detection models, applications in host-centered and distributed environments, and various intrusion detection techniques ranging from statistical analysis to biological computing. This course serves as a comprehensive introduction of recent research efforts in intrusion detection and the challenges facing modern intrusion detection systems. Students will also be able to pursue in-depth study of special topics of interest in course projects.
Li 3 credits
650.657 Advanced Computer Forensics
This course will analyze advanced topics and state of the art issues in the field of digital forensics. The course will be run in a research seminar format and students will be given both basic and applied research projects in such areas as: intrusion analysis, network forensics, memory forensics, mobile devices, and other emerging issues.
Casey/Fairbanks 3 credits
650.668 Advanced Topics in Software Security
Prerequisites: EN.600.460 or EN.650.442 or permission of instructor.
Topics vary but mainly focus on recent advances in exploitation techniques and defenses for software including software running on embedded systems software, browsers, and nontraditional devices such as microcontrollers in PCs.
Checkoway 3 credits
Elective Technology Courses
650.433 (E) Embedded Computer Systemsâ€”Vulnerabilities, Intrusions, and Protection
This ONLINE COURSE examines the potential for computer crime and the protection mechanisms employed in conjunction with the embedded computers that can be found within non-networked products (e.g., vending machines, automotive on-board computers, etc.). This course provides a basic understanding of embedded computer systems: differences with respect to network-based computers, programmability, exploitation methods, and current intrusion protection techniques along with material relating to computer hacking and vulnerability assessment. The course materials consist of a set of eight study modules and five case-study experiments (to be completed at a rate of one per week) and are augmented by online discussion forums moderated by the instructor. This course also includes online discussion forums that support greater depth of understanding of the materials presented within the study modules.
Kalb 3 credits
650.621 Critical Infrastructure Protection
Prerequisites: EN.650.424 Network Security or equivalent course; or permission by instructor.
This course focuses on understanding the history, the vulnerability, and the need to protect our Critical Infrastructure and Key Resources (CIKR). We will start by briefly surveying the policies which define the issues surrounding CIKR and the strategies that have been identified to protect them. Most importantly, we will take a comprehensive approach to evaluating the technical vulnerabilities of the 18 identified sectors, and we will discuss the tactics that are necessary to mitigate the risks associated with each sector. These vulnerabilities will be discussed from the perspective of ACM, IEEE or other technical journals/articles which detail recent and relevant network-level CIKR exploits. We will cover well known vulnerable systems such the Internet, SCADA or PLC and lesser known systems such as E911 and industrial robot. Also, a class project is required.
Watkins 3 Credits
EN.650.661 Human Factors in Information Security
The human factor is critical to any successful computer security solution since users are very often the weakest link in such systems. This course will examine a variety of human behaviors ranging from micro to macro cybernetic levels that are relevant to making the best case for information security. It is delivered through lectures on relevant findings in different disciplines of human computer interaction, human factors engineering, cognitive science, and product design; studies of useful user and security modeling frameworks and tools; and term research projects to explore security oriented topics in human machine systems. Its goal is to improve security informatics through informed decisions by the knowledge of the good and bad human characters in computer and cyber security.
Li 3 Credits
650.736/737/738 Information Security Projects
Open to MSSI students. Permission Required for non-MSSI students.
All MSSI programs must include a project involving a research and development oriented investigation focused on an approved topic addressing the field of information security and assurance from the perspective of relevant applications and/or theory. There must be project supervision and approval involving a JHUISI affiliated faculty member. A project can be conducted individually or within a team-structured environment comprised of MSSI students and an advisor. A successful project must result in an associated report suitable for on-line distribution. When appropriate, a project can also lead to the development of a so-called "deliverable" such as software or a prototype system. Projects can be sponsored by government/industry partners and affiliates of the Information Security Institute, and can also be related to faculty research programs supported by grants and Contracts.
Dahbura 3 credits
Core Policy Courses
650.414 (S) Rights in the Digital Age
This course will examine various legal and policy issues presented by the tremendous growth in computer technology, especially the Internet. The rights that various parties have with respect to creating, modifying, using, distributing, storing, and copying digital data will be explored. The concurrent responsibilities, and potential liabilities, of those parties will also be addressed. The course will focus on intellectual property issues, especially copyright law, and other legal and economic considerations related to the use and management of digital data. Copyright law and its role within the framework of intellectual property law will be presented in a historical context, with an emphasis on its applicability to emerging-technology issues. Specifically, the treatment of various works, such as music, film, and photography, that were traditionally analog in nature, will be analyzed with respect to their treatment in the digital domain; works that are by their nature digital, such as computer software, will also be analyzed. The current state of U.S. copyright law will be presented, as will relevant international treaties and foreign laws. The goal of the course is to provide those involved or interested in digital rights management with a general awareness of the rights and obligations associated with maintaining and distributing digital data.
Jacobs 3 credits
650.432 Law and Policy of Information Assurance
This course introduces information assurance as a response to changes in technology, asymmetric threats and computer crime. It traces the concepts through civilian applications as OMB and NIST standards as well as private sector issues related to privacy, contingency response, and reliable infrastructures. It examines these concepts from a risk assessment and standards based approach central to government planning and the private sector.
Staff 3 credits
650.630/640 Moral and Legal Foundations of Privacy
This course explores the ethical and legal underpinnings of the concept of privacy. It examines the nature and scope of the right to privacy by addressing fundamental questions such as: What is privacy? Why is privacy morally important? How is the right to privacy been articulated in constitutional law?
Jacobs 3 credits
Core Health Courses
650.652 (E,S) Healthcare Security Management
Open to MSSI students or Permission Required.
The course will address information security in the public health and medical fields, with special emphasis on clinical care, research and the role of the academic medical center. In many respects, the course builds on 650.651 Health Information, Privacy, Law and Policy's treatment of privacy and how such privacy is protected in the health and medical arena, including but not limited to HIPAA.
Lacey 3 credits
Core Management Courses
650.653 Financial Issues in Managing a Secure Operation
This course addresses the risks (financial, reputation, business, and third party), costs, ROI, and other business issues concerned in planning and managing a secure operation. Topics include disaster recovery, outsourcing issues; service level agreements; evaluating external security service providers; assessing security total cost of ownership; audit procedures; financial integrity; cost/benefit analyses; back-up and recovery provisions; insurance protection; contingency and business continuity plans; qualitative and quantitative risk analysis; monitoring the security of the enterprise; information economics; performance reporting; automated metrics reporting; responses to threats; effects of security policies and practices on business and customers; preparing a business case for information security investments; and developing cost-effective solutions given constraints in money, assets, and personnel. Case studies and exercises will be used to illustrate financial planning and evaluation of security operations.
Agresti 3 credits
650.655 Implementing Effective Information Security Programs
This course focuses on the personnel, legal, regulatory and privacy issues that comprise the basic security management areas that must be considered when developing and implementing an effective information security program. Specific topics include security-related legislation, government and industry security frameworks, the identification and management of risk, security controls, defense in depth, critical infrastructure protection, development and implementation of an enterprise wide security strategy, and organizational roles and responsibilities.
Kociemba 3 credits