Curriculum

This course covers the most important issues and topics in the huge area of computer and network security. Topics include encryption techniques (DES, AES, contemporary symmetric ciphers, public key cryptography, and RSA), message authentication and hash functions, digital signatures and authentication protocols, IP security (IPsec), SNMP vulnerabilities, email security, secure socket layer (SSL) and transport layer security, web security, intruders, malicious software, and firewalls.

The objective of this course is to get you thinking seriously about how people interact and communicate with computers. There are several specific goals: to examine basic concepts and design guidelines for human-computer interaction (HCI), to acquire practical experience in the implementation and evaluation of interfaces, to explore appropriate uses of multimodal input and output methods, to answer the challenge of designing for universal accessibility, and to discover the state of the art in HCI research. We will discuss principles that can be applied to improving how people interact with all kinds of systems, such as: desktop machines, the web, handheld devices, and nontraditional systems such as the new NYC subway trains. Throughout the semester, the emphasis will be on learning through watching and doing, rather than on formal lectures.

Reliability is a key attribute of software quality. It is defined as the probability of failure-free software operation for a specified period of time in a specified environment. The course focuses on modeling, measuring, and improving software reliability. It also covers the place of dependability in reliability. This course introduces different software reliability models, which are metrics to assess and techniques to improve software reliability. It also looks at the specific roles of auditing, testing, standards, and processes in the context of quality.

This course covers software validation and verification techniques and their role in the software engineering process and quality assessment. Testing processes, metrics, and a variety of testing techniques (including unit, black box / white box, structural, security, and performance testing) and supportive tools are introduced. The course also addresses the use of logic to specify and prove properties of programs using model checking and theorem proving.

This course covers technologies for securing e-commerce web applications against vicious hacker attacks in both business-to-client (B2C) and business-to-business (B2B) environments. Server-side topics include web server security, web service security, secure transactions, intrusion detection, access control, firewall management, log analysis, SSL, digital certificate generation, and defense against attacks like denial-of-service. Client-side topics include applet sandbox security model, digital certificate management, cookie management, and defense against attacks like virus and JavaScript-enabled spoofing. Data security topics include cryptography basics, non-repudiation, dematerialized monies, virtual purses, EDI and its security, and defense against various e-commerce frauds.

This course discusses information security from organizational and managerial perspectives. For an organization, information security is a continuous management process. Security technology alone cannot facilitate this process without security professionals being aware of the trade-offs and various policy issues embedded in this process. This course will provide students with a background in managing information security in organizations. Topics include risk identification and assessment, security policy and planning, personnel and security, privacy, security auditing, and legal issues.