Courses-MSIT-Privacy Engineering - Carnegie Mellon University


Core courses

08-731  Information Security and Privacy
As layers upon layers of technology mediate increasingly rich business processes and social interactions, issues of information security and privacy are growing more complex too. This course takes a multi-disciplinary perspective of information security and privacy, looking at technologies as well as business, legal, policy and usability issues. The objective is to prepare students to identify and address critical security and privacy issues involved in the design, development and deployment of information systems. Examples used to introduce concepts covered in the class range from enterprise systems to mobile and pervasive computing as well as social networking. Format: Lectures, short student presentations on topics selected together with the instructor, and guest presentations Target Audience: Primarily intended for master students with a CS background or equivalent.  Also open to motivated undergrads as well as PhD students interested in a more practical, multi-disciplinary understanding of information security and privacy.

08-733 Privacy Policy, Law and Technology
As new technologies are developed, they increasingly raise privacy concerns- the Web, wireless location-based services, and RFID are a few examples.  In addition, the recent focus on fighting terrorism has brought with it new concerns about governmental intrusions on personal privacy.  This course provides an in depth look into privacy, privacy laws, and privacy-related technologies.  Students will study privacy from philosophical, historical, legal, policy, and technical perspectives and learn how to engineer systems for privacy.  This course is appropriate for graduate students, juniors, and seniors who have strong technical backgrounds.  8-733 is for PhD students.  8-533 and 19-608 are for undergraduate students.  Masters students may register for any of the course numbers.  This course will include a lot of reading, writing, and class discussion. Students will be able to tailor their assignments to their skills and interests, focusing more on programming or writing papers as they see fit.  However, all students will be expected to do some writing and some technical work.  A large emphasis will be placed on research and communication skills, which will be taught throughout the course.

08-734 Usable Privacy and Security
Our “Usable Privacy and Security” course, developed at CMU in 2006 by faculty in three departments, is designed to introduce students to usability and user interface problems related to privacy and security and to give them experience in designing studies aimed at helping to evaluate usability issues in security and privacy systems. The course was designed for students interested in privacy and security who would like to learn more about usability, as well as for students interested in usability who would like to learn more about security and privacy. In addition to faculty and guest lectures, students present and discuss usable privacy and security research papers. Students work in interdisciplinary teams on a project throughout the semester under the guidance of faculty mentors.

08-632 Law of Computer Technology (A1 6-unit mini)
This course consists of the first half of the 12-unit course 08-732.  It is both a survey of computer law and an examination of how courts evaluate technological evidence in their decision-making. It deals with the most important and controversial issues in technology law today. The material is divided into six primary subjects: 1. Legal process: how courts operate, how lawsuits are conducted, what happens in appeals, who has to obey the determination of a court, over whom can a court exercise power, and regulatory law. 2. Evidence: what has to be proven to a court and how it is done, rules of evidence, burdens of proof, expert testimony. 3. Business Transactions: software licenses, clickwrap contracts, electronic transactions. 4. Personal Intrusions: social media, libel and defamation, data privacy, position monitoring. 5. Intellectual Property: trade secrets and confidentiality agreements. No legal background is required or assumed. This is not a law school course. Great effort is expended to keep the syllabus current based on breaking legal events. Therefore, the content and ordering of lectures may vary somewhat as the course progresses.

18734/08-604 Foundations of Privacy
Privacy is a significant concern in modern society. Individuals share personal information with many different organizations - healthcare, financial and educational institutions, the census bureau, web services providers and online social networks - often in electronic form. Privacy violations occur when such personal information is inappropriately collected, shared or used. We will study privacy in a few settings where rigorous definitions and enforcement mechanisms are being developed - statistical disclosure limitation (as may be used by the census bureau in releasing statistics), semantics and logical specification of privacy policies that constrain information flow and use (e.g., by privacy regulations such as the HIPAA Privacy Rule and the Gramm-Leach-Bliley Act), principled audit and accountability mechanisms for enforcing privacy policies, anonymous communication protocols - and other settings in which privacy concerns have prompted much research, such as in social networks, location privacy and Web privacy (in particular, online tracking & targeted advertising).

08-605 Engineering Privacy in Software
Privacy harms that involve personal data can often be traced back to software failures, which can be prevented through sound engineering practices. In this course, students will learn how to engineer privacy using modern methods and tools for software requirements, design and testing. This integration includes how to collect and analyze software and privacy requirements, how to reconcile ambiguous, inconsistent and conflicting requirements, and how to develop and evaluate software designs based on established privacy principles, including how to analyze design alternatives to reduce threats to personal privacy. After completing this course, students will know how to integrate privacy into the software development lifecycle and how, and when, to interface with relevant stakeholders, including legal, marketing and other developers in order to align software designs with relevant privacy laws and business practices.

17-639  Management of Software Development for Technology Executives (6-unit mini)
The course will explore software development from a managerial perspective with emphasis on the selection of appropriate lifecycle processes specific to a problem, estimating effort and development times, in understanding the unintended consequences of common project management actions within and across projects and challenges of outsourcing and working with distributed teams. The course will start by explaining the overall software development process in terms of standard processes and how these processes are implemented in particular lifecycles, e.g., sequential, incremental, iterative. Among the criteria to select the most appropriate lifecycle we will consider goals specificity and technology readiness. The impact of new business models such as Software as a Service and Product Lines in the selection of lifecycle models will be explored. The second theme of the course is estimation, because in the words of F. Brooks, one of the pioneers of the software engineering discipline, “More projects have gone awry for lack of calendar time than for any other reasons combined” and balancing ambitions with resources is an undeniable management responsibility. The third theme of the course is to present a framework to evaluate common project management actions such as requiring people to work longer hours, adding new personnel in the middle of a project and reducing scope. Finally the course will address the challenges presented by global development and enterprise project management and take a look at project management offices (PMOs) as a mechanism to coordinate the use of shared resources across the organization.

Elective Courses

These are examples of some of the electives that will be offered. This list will change each semester. Students may count independent study credits or other courses as electives with the approval of their advisor.

Security and privacy courses

18-630/19-631/95-830 Introduction to Security and Policy
This course introduces junior graduate students to the technical foundations of computer and communications security using deployed systems as case studies. The course assumes a basic working knowledge of computers and networks, but no prior exposure to topics in computer or communications security.

14-741/18-631 Introduction to Information Security This course introduces the technical and policy foundations of information security. The main objective of the course is to enable students to reason about information systems from a security engineering perspective, taking into account technical, economic and policy factors.

14-829 Mobile Security
Mobile devices continue to evolve and penetrate our everyday lives, leading to increased importance of mobile security - a topic living in the intersection of wireless communication, mobile computing, and computer security. This course focuses on aspects of information and network security that arise in this challenging and ever-evolving space of mobile communication systems, primarily focusing on smartphones and mobile telecommunication systems, but also including aspects of mobile ad hoc and sensor networks. One of the main goals of the course is to improve knowledge and awareness of security issues faced by mobile application and system developers. Material will cover standards and research challenges in both deployed and future systems. Possible topics of study include (but are not limited to) telecom vulnerabilities; smartphone security; mobile Internet security; mobile location privacy; and ad hoc, mesh, and sensor network security. In addition to short homework assignments, students will survey and present recent research papers and participate in an intensive group project involving significant research and/or implementation.

18-730 Introduction to Computer Security
This course provides a principled introduction to techniques for defending against hostile adversaries in modern computer systems and computer networks. Topics covered in the course include operating system security, network security, user authentication technologies, security for network servers, web security, and security for mobile code technologies.

18-731 Network Security
This course provides an in-depth study of network attack techniques and methods to defend against them. Topics include firewalls and virtual private networks; network intrusion detection; denial of service (DoS) and distributed denial-of-service (DDoS) attacks; worm and virus propagation; tracing the source of attacks; traffic analysis; techniques for hiding the source or destination of network traffic; secure routing protocols; protocol scrubbing; and advanced techniques for reacting to network attacks. [requires prior security courses]

18-732 Secure Software Systems
This course studies approaches, mechanisms, and tools used to make software systems more secure. The course includes four main modules: architectural approaches to building secure software (e.g., confinement, virtual machines, trusted computing); software analysis (e.g., static analysis and testing, model checking); language-based approaches to building secure software (e.g., type systems, proof-carrying code); and run-time enforcement of security policies (e.g., dynamic taint analysis). The course also covers topics such as the importance of usability to building secure software systems. [requires prior security courses]

95-762 Privacy in the Digital Age
This “mini” course, taught over half a semester, combines technical, economic, legal, and policy perspectives to present a holistic view of privacy and its role and value in the digital age. It begins by comparing early definitions of privacy to the current information-focused debate. It then focuses on technological aspects, economic aspects, legal aspects, managerial implications, and policy aspects of privacy.

90-820  Health Care Information Security
Data breaches rose sharply in 2008 as the past year brought issues of data security and privacy closer to the legal and regulatory forefront than ever before. The enterprise threat landscape continues to evolve with the proliferation of a new generation of security threats targeting sensitive data and exposing organizations to the risk of losing revenue employee productivity customer relationships and market reputation. As healthcare providers continue to leverage technology to improve patient care and services the risk of a data breach grows greater. Such risks combined with a renewed focus on electronic medical records and corporate accountability require that prepared healthcare workforce members recognize the need for better IT security controls to govern private healthcare information. This course aims to explore current and emerging issues in healthcare security privacy and regulatory compliance. It will discuss the challenges of maintaining secure health information technology networks the current regulatory framework for health information security (including HIPPA) and the tools that health care managers have at their disposal to be guardians of sensitive patient information.

14-761  Applied Information Assurance
This course focuses on practical applications of Information Assurance (IA) policies and technologies in enterprise network environments. The course will include lecture and demonstrations, but is designed around a virtual lab environment and scenario that provides for robust and realistic hands-on experiences in dealing with a range of information assurance topic areas. Students will be provided numerous practical opportunities to apply information security practices and technologies to solve real-world IA problems.

14-788  Information Security Risk Policy and Management
The goal of this course is to provide an overview of security marketplace, an understanding of decision making when multiple parties are involved and the role of policy making in the context of information security. Policy is treated broadly and need not be necessarily government laws and regulations. Policy can be intra-organization. For example, it is an organization policy to disconnect an unpatched computer from its network. We will discuss the role of market and competition on security provision and then some of the key causes of market failure, namely externalities. We will then analyze how various policy tools can be applied to mitigate market failure. We will also discuss some key laws and regulation on product liability, and security standards. The course also aims to provide an overview of security industry (that is key trends, technologies and various strategies by vendors and users) as well. By the end of the course, the students are expected to know key managerial and policy issues surrounding information security provision and when and how policy intervention is needed. There is no text book and all the reading material is provided on the first day of class. Some understanding of economics is expected. Students are expected to have read the relevant reading material before class and come prepared for discussion. All reading material can be downloaded from blackboard. Case material will be distributed in class.

Human computer interaction courses

05-410 Human-Computer Interaction Methods
This course provides an introduction to the field of human-computer interaction (HCI). It introduces students to tools, techniques, and sources of information about HCI and provides a systematic approach to design. The course increases awareness of good and bad design through observation of existing technology, and teaches the basic skills of task analysis, and analytic and empirical evaluation methods.

05-810 Computer Supported Cooperative Work
Distributed Groups and Online Communities  - The internet has made it possible to collaborate in ways that were not imagined in the days before the world was wired. Such collaborators have adopted a range of technologies, from conventional software development tools such as version control and change management systems, to more general collaboration technologies such as e-mail, chat, and wikis. We consider such phenomena as social loafing, communication and memory within organizations, and group decision making, as well as more applied topics, including the effect of video, participation in online communities, and the nature of large electronic groups.

05-417 Computer-mediated communication
This course examines fundamental aspects of interpersonal communication and considers how different types of computer-mediated communications (CMC) technologies affect communication processes. Topics include: conversational structure and CMC, tools to support nonverbal and paralinguistic aspects of communication such as gesture and eye gaze, and social and cultural dimensions of CMC.

05-820 Social Web
This course, jointly taught by a computer scientist and a behavioral scientist, will examine how the social web operates, teach students how to build online communities, and help them understand the social impact of spending at least part of their lives online. We will examine what works and what fails to work in these online environments.

05-813 Human Factors
This course uses theory and research from human factors, cognitive science, and social science to understand and design the interactions of humans with the built world, tools, and technology. The course will emphasize both individual human factors and organizational arrangements that can amplify or correct human factors problems.

Introduction to Human Computer Interaction for Technology Executives (08-763)
Human computer interaction (HCI) is an interdisciplinary field in which computer scientists, engineers, psychologists, social scientists, and design professionals play important roles. The goal of HCI is to solve real problems in the design and use of technology, making computer-based systems easier to use and more effective for people and organizations. Ease of use and effectiveness are critical to the success of any systems that interact with people, including software systems, home, office and factory appliances, and web and phone applications. This course provides an overview and introduction to the field of human-computer interaction, with a focus on how it applies to managers, technology executives, and others who will work with HCI professionals. Particular emphasis will be placed on what HCI methods and HCI-trained specialists can bring to design and development teams. The course will introduce students to proven tools and techniques for creating and improving user interfaces, such as Contextual Inquiry, Rapid Prototyping, Heuristic Analysis, and Think-Aloud User Testing. Students at the end of the course will have learned some useful techniques and an understanding of systematic procedures for creating usable and useful designs and systems. The class welcomes everyone from non-programmers to expert programmers.

Mobile and Pervasive Computing courses

08-781 Mobile and Pervasive Computing Services
With over 5 billion mobile phone users worldwide, including a billion people accessing the mobile Web via 3G, new wireless and pervasive computing services are changing the way enterprises interact with both their customers and their employees. The explosion in smart phone ownership, the adoption of faster wireless standards, and the emergence of different mobile social networking and location-sensitive apps are but a few factors contributing to rapid developments in this area. These include mobile commerce apps, mobile social software services, enterprise applications all the way to more futuristic pervasive computing services. Objective: The objective of the course is to introduce participants to the technologies, services and business models associated with Mobile and Pervasive Commerce. It also provides an overview of future trends and ongoing research in this new and fast growing area. You will learn to evaluate critical design tradeoffs associated with different mobile technologies, architectures, interfaces and business models and how they impact the usability, security, privacy and commercial viability of mobile and pervasive computing services. Topics Include: Mobile Communication and Mobile Internet technologies, Mobile and Wireless Security, Mobile OS, Mobile Development Environments, Mobile Commerce Applications (e.g. mobile banking, mobile ticketing, mobile payment, mobile infotainment, mobile social networking), location tracking and location-based services, RFID, mobile enterprise and mobile government applications, context awareness, pervasive computing. The course looks at relevant technologies and architectures as well as the many security, privacy, usability and business models entailed by this fast growing area.

05-837 Ubiquitous Computing
In this course, we will look at current research topics in ubiquitous computing by reading and discussing the recent literature drawn primarily from conferences such as Ubicomp, Pervasive, CHI, and UIST, as well as from magazines and journals such as IEEE Pervasive and Personal and Ubiquitous Computing. Students will be exposed to ubicomp applications, tools for building ubicomp systems, sensing systems, and issues with evaluating and using ubicomp systems. As this course is housed in the HCI Institute, there will be a particular emphasis on human-computer interaction issues. However, it will also cover topics in distributed systems, software engineering, and hardware design. There are no prerequisites for this class, and students from all backgrounds are invited to participate.

Social and decision sciences courses

88-702 Behavioral Economics
This course examines the role of social, cognitive and emotional factors on economic decisions, and the processes by which economic principles can be applied to behavior in non-financial domains. Behavioral economics is grounded in comparison to the rationality, or lack thereof, of economic agents, integrating insights from psychology with classical economic theory.

88-703 Human Judgment and Decision Making
This course reviews the processes underlying decision making, including judgment and choice, including the study of normative, descriptive, and prescriptive theories of decision making, heuristics and biases, cognitive and affective processes.

88-706 Game Theory
The course will deal exclusively with non-cooperative games. The first half will develop the basic theory; in the second half special topics will be discussed. Throughout the emphasis will be on concepts and results rather than detailed technical proofs. This is an introductory course and no significant previous exposure to game theory will be assumed.

Other computer science courses

15-834 Applied Machine Learning
This class is meant to teach the practical side of machine learning for applications, such as mining newsgroup data or building adaptive user interfaces. The emphasis is on learning the process of applying machine learning effectively to a variety of problems rather than emphasizing an understanding of the theory behind what makes machine learning work. This course does not assume any prior exposure to machine learning theory or practice. [technical elective]

08-801 Dynamic Network Analysis
This course provides an overview of the dominant perspectives on organizations and
 networks from a macro perspective. Topics covered include knowledge management,
 organizational design, organizational learning, organizational evolution and population ecology, organizational culture, organizations as complex systems, social and
 organizational networks, and dynamic network analysis.

08-803 Empirical Methods for Socio-technical research
Empirical methods play a key role in the evaluation of tools and technologies, and in testing the social and technical theories they embody. This course is a survey of empirical methods, appropriate for PhD students in disciplines that involve the relationship between technology and humans, such as Software Engineering and Computation, Organizations, and Society. This course is designed to acquaint you with several basic types of empirical methods including exploratory data analysis, ethnography, interviews, surveys, content analysis, archival analysis, and experimental and quasi-experimental design.

15-780 Advanced AI Concepts
This course is targeted at graduate students who want to learn about and perform current-day research in artificial intelligence---the discipline of designing intelligent decision-making machines. Techniques from probability, statistics, game theory, algorithms, operations research and optimal control are increasingly important tools for improving the intelligence and autonomy of machines. This AI course is a review of a selected set of these tools. The course will cover the ideas underlying these tools, their implementation, and how to use them or extend them in your research. [technical elective]

15-781 Machine Learning
Machine learning studies the question "how can we build computer programs that automatically improve their performance through experience?"   This includes learning to perform many types of tasks based on many types of experience.  This course is designed to give PhD students a thorough grounding in the methods, theory, mathematics and algorithms needed to do research and applications in machine learning. [technical elective]

11-791 Software Engineering for Information Systems
11-791 is a one-semester, 12-unit course which covers the fundamental principles of software engineering for information technology. The focus includes both project management (estimation, planning, tracking, risk) and software methodology (analysis, design, implementation, testing). A basic understanding of programming is required. During the second half of the course, students will exercise the principles they have learned by analyzing, designing, and planning a specific software project.

15-896 Algorithms, Games, and Networks
Algorithms, Games, and Networks is an interdisciplinary course that covers selected theoretical topics at the interface of computer science and economics.  The course's topics include: solution concepts in game theory, such as Nash equilibrium and correlated equilibrium, their computation, and connections to learning theory; the price of anarchy in routing and congestion games; computational social choice: voting rules as maximum likelihood estimators, the axiomatic approach to ranking systems and crowdsourcing, manipulation of elections and ways to circumvent it; algorithmic mechanism design, focusing on truthful approximation algorithms; market design, with an emphasis on optimization and incentives in kidney exchange; diffusion of technologies and influence maximization in social networks; and procedures for fair division, such as cake cutting algorithms. [technical elective]

14-740 Fundamentals of Telecommunications Networks
A graduate-level, first-course in computer and telecommunication networks. There is no pre-requisite of an undergraduate equivalent, but basic computer, programming and probability theory background is required. The primary objective of this course is for you to learn the fundamental principles underlying computer and telecommunication networks. Using a top-down approach, we will cover topics in the application, transport, network and link layers of the protocol stack. We will also go over advanced topics, including network management, traffic engineering, and router internals. Besides learning about the nuts and bolts, you will gain an understanding as well in engineering tradeoffs made and design principles used in computer and telecommunication networks. Another objective is for you to apply some of this knowledge in the context of systems projects. We will follow an aggressive pace in this course. [technical elective]

Other courses

36-743 Statistical Methods for the Behavioral and Social Sciences
This course covers statistical techniques common to behavioral and social sciences, including multiple regression, logistic regression, analysis of variance, and non-parametric analyses.

36-749 Experimental Design for Behavioral and Social Sciences
Statistical aspects of the design and analysis of planned experiments are studied in this course. The design aspect will concentrate on choice of models, sample size and order of experimentation. The analysis phase will cover data collection and computation, especially analysis of variance and will stress the interpretation of results.

11-772 Analysis of Social Media
The most actively growing part of the web is "social media" (wikis, blogs, bboards, and collaboratively-developed community sites like Flikr and YouTube). This course will review selected papers from recent research literature that address the problem of analyzing and understanding social media. Topics to be covered include: -Text analysis techniques for sentiment analysis, analysis of figurative language, authorship attribution, and inference of demographic information about authors (age or sex). -Community analysis techniques for detecting communities, predicting authority, assessing influence (in viral marketing), or detecting spam. -Visualization techniques for understanding the interactions within and between communities. -Learning techniques for modeling and predicting trends in social media, or predicting other properties of media (user-provided content tags.) Students should have a machine learning course (10-601 or similar) or consent of the instructor. Readings will be based on research papers. Grades will be based on class participation, paper presentations, and a project. More specifically, students will be expected to: -Prepare summaries of the papers discussed in class. Summaries will be posted on this wiki. -Present and summarize one or more "optional" papers from the syllabus (or some other mutually agreeable paper) to the class. -Do a course project in a group of 2-3 people. The end result of the project will be a written report, with format and length appropriate for a conference publication.

08-765/46-865 Innovation Ecosystems
Innovation, the only sustainable source of competitive advantage, seldom happens in a vacuum. Networks are key to bringing knowledge to bear in new contexts, and in remixing ideas in fruitful and unexpected ways. This course will cover innovation ecosystems from management, social science, and technical perspectives. The students will gain intellectual and practical tools needed to prosper in todays highly interconnected business environments. Topics Covered: Platform leadership, Ecosystem roles and business models, Formation and life cycle of innovation networks, Platform design, The case for open innovation, Platform openness and ecosystem governance, Users as sources of innovation, The power of informal networks and weak ties, Innovation networks within the enterprise. Format: Lectures, case discussions, short student presentations on agreed topics, guest presentations. Students will develop, analyze, and present a proposal for an innovative, ecosystem-based business.

91-828 Ethical Issues in Management
Ethical Issues in Management is a course designed to survey various controversial problems dilemmas and quandaries encountered by private public or nonprofit managers in the contemporary organization. The course will be divided into two interrelated sections. First issues dealing with managerial mischief will be examined. Topics considered in this area include: the causes of illegal unethical or questionable managerial conduct controls available to minimize corrupt behavior in organizations the efficacy of codes of conduct organizational values and unethical conduct conflicts of interest and other questionable managerial practices. The second part of the course will examine the many moral mazes in management. Topics here addressed include: managing AIDS in the workplace whistleblowing sexual harassment employee rights employee screening tests inside information confidentiality in the workplace managing problem employees workplace privacy employment and post-employment restrictions and the use and abuse of managerial deception. The course will rely heavily upon the case analysis method group discussion and video presentations. There is only one project for the course. This project will form the basis of the student's grade in the course. The project will be discussed in detail at the first class session.

19-713 Policies of Wireless Systems and the Internet
This course will address public policy issues related to wireless systems, and to the Internet. It begins by investigating policies related to a wide variety of emerging wireless systems and technologies, including wifi computer networks, broadband to the home, broadcast radio and television, and satellite communications. This can include the government role in facilitating the creation of infrastructure, in advancing competition among broadcasters and communications service providers, in managing spectrum, and in protecting privacy and security. The course will then address Internet policy issues, which can include Internet governance and the domain name system, taxation, privacy and security, and intellectual property. Because these are inherently interdisciplinary issues, the course will include detailed discussions of technology, economics, and law, with no prerequisites in any of these areas.