17-631 Information Security, Privacy, and Policy
As layers upon layers of technology mediate increasingly rich business processes and social interactions, issues of information security and privacy are growing more complex too. This course takes a multi-disciplinary perspective of information security and privacy, looking at technologies as well as business, legal, policy and usability issues. The objective is to prepare students to identify and address critical security and privacy issues involved in the design, development and deployment of information systems. Examples used to introduce concepts covered in the class range from enterprise systems to mobile and pervasive computing as well as social networking. Format: Lectures, short student presentations on topics selected together with the instructor, and guest presentations Target Audience: Primarily intended for master students with a CS background or equivalent. Also open to motivated undergrads as well as PhD students interested in a more practical, multi-disciplinary understanding of information security and privacy.
17-662 Law of Computer Technology (A1 6-unit mini)
This course consists of the first half of the 12-unit course 17-762. It is both a survey of computer law and an examination of how courts evaluate technological evidence in their decision-making. It deals with the most important and controversial issues in technology law today. The material is divided into six primary subjects: 1. Legal process: how courts operate, how lawsuits are conducted, what happens in appeals, who has to obey the determination of a court, over whom can a court exercise power, and regulatory law. 2. Evidence: what has to be proven to a court and how it is done, rules of evidence, burdens of proof, expert testimony. 3. Business Transactions: software licenses, clickwrap contracts, electronic transactions. 4. Personal Intrusions: social media, libel and defamation, data privacy, position monitoring. 5. Intellectual Property: trade secrets and confidentiality agreements. No legal background is required or assumed. This is not a law school course. Great effort is expended to keep the syllabus current based on breaking legal events. Therefore, the content and ordering of lectures may vary somewhat as the course progresses.
17-731 Foundations of Privacy
Privacy is a significant concern in modern society. Individuals share personal information with many different organizations - healthcare, financial and educational institutions, the census bureau, web services providers and online social networks - often in electronic form. Privacy violations occur when such personal information is inappropriately collected, shared or used. We will study privacy in a few settings where rigorous definitions and enforcement mechanisms are being developed - statistical disclosure limitation (as may be used by the census bureau in releasing statistics), semantics and logical specification of privacy policies that constrain information flow and use (e.g., by privacy regulations such as the HIPAA Privacy Rule and the Gramm-Leach-Bliley Act), principled audit and accountability mechanisms for enforcing privacy policies, anonymous communication protocols - and other settings in which privacy concerns have prompted much research, such as in social networks, location privacy and Web privacy (in particular, online tracking & targeted advertising).
As new technologies are developed, they increasingly raise privacy concerns- the Web, wireless location-based services, and RFID are a few examples. In addition, the recent focus on fighting terrorism has brought with it new concerns about governmental intrusions on personal privacy. This course provides an in depth look into privacy, privacy laws, and privacy-related technologies. Students will study privacy from philosophical, historical, legal, policy, and technical perspectives and learn how to engineer systems for privacy. This course is appropriate for graduate students, juniors, and seniors who have strong technical backgrounds. 8-733 is for PhD students. 8-533 and 19-608 are for undergraduate students. Masters students may register for any of the course numbers. This course will include a lot of reading, writing, and class discussion. Students will be able to tailor their assignments to their skills and interests, focusing more on programming or writing papers as they see fit. However, all students will be expected to do some writing and some technical work. A large emphasis will be placed on research and communication skills, which will be taught throughout the course.
17-734 Usable Privacy and Security
Our “Usable Privacy and Security” course, developed at CMU in 2006 by faculty in three departments, is designed to introduce students to usability and user interface problems related to privacy and security and to give them experience in designing studies aimed at helping to evaluate usability issues in security and privacy systems. The course was designed for students interested in privacy and security who would like to learn more about usability, as well as for students interested in usability who would like to learn more about security and privacy. In addition to faculty and guest lectures, students present and discuss usable privacy and security research papers. Students work in interdisciplinary teams on a project throughout the semester under the guidance of faculty mentors.
17-735 Engineering Privacy in Software
Privacy harms that involve personal data can often be traced back to software failures, which can be prevented through sound engineering practices. In this course, students will learn how to engineer privacy using modern methods and tools for software requirements, design and testing. This integration includes how to collect and analyze software and privacy requirements, how to reconcile ambiguous, inconsistent and conflicting requirements, and how to develop and evaluate software designs based on established privacy principles, including how to analyze design alternatives to reduce threats to personal privacy. After completing this course, students will know how to integrate privacy into the software development lifecycle and how, and when, to interface with relevant stakeholders, including legal, marketing and other developers in order to align software designs with relevant privacy laws and business practices.
These are examples of some of the electives that will be offered. This list will change each semester. Students may count independent study credits or other courses as electives with the approval of their advisor.
Security and privacy courses14-741/18-631 Introduction to Information Security
This course introduces the technical and policy foundations of information security. The main objective of the course is to enable students to reason about information systems from a security engineering perspective, taking into account technical, economic and policy factors.
14-829 Mobile Security
Mobile devices continue to evolve and penetrate our everyday lives, leading to increased importance of mobile security - a topic living in the intersection of wireless communication, mobile computing, and computer security. This course focuses on aspects of information and network security that arise in this challenging and ever-evolving space of mobile communication systems, primarily focusing on smartphones and mobile telecommunication systems, but also including aspects of mobile ad hoc and sensor networks. One of the main goals of the course is to improve knowledge and awareness of security issues faced by mobile application and system developers. Material will cover standards and research challenges in both deployed and future systems. Possible topics of study include (but are not limited to) telecom vulnerabilities; smartphone security; mobile Internet security; mobile location privacy; and ad hoc, mesh, and sensor network security. In addition to short homework assignments, students will survey and present recent research papers and participate in an intensive group project involving significant research and/or implementation.
18-730 Introduction to Computer Security
This course provides a principled introduction to techniques for defending against hostile adversaries in modern computer systems and computer networks. Topics covered in the course include operating system security, network security, user authentication technologies, security for network servers, web security, and security for mobile code technologies.
18-731 Network Security (Spring)
This course provides an in-depth study of network attack techniques and methods to defend against them. Topics include firewalls and virtual private networks; network intrusion detection; denial of service (DoS) and distributed denial-of-service (DDoS) attacks; worm and virus propagation; tracing the source of attacks; traffic analysis; techniques for hiding the source or destination of network traffic; secure routing protocols; protocol scrubbing; and advanced techniques for reacting to network attacks. [requires prior security courses]
18-732 Secure Software Systems (Spring)
This course studies approaches, mechanisms, and tools used to make software systems more secure. The course includes four main modules: architectural approaches to building secure software (e.g., confinement, virtual machines, trusted computing); software analysis (e.g., static analysis and testing, model checking); language-based approaches to building secure software (e.g., type systems, proof-carrying code); and run-time enforcement of security policies (e.g., dynamic taint analysis). The course also covers topics such as the importance of usability to building secure software systems. [requires prior security courses]
14-761 Applied Information Assurance (Fall & Spring)
This course focuses on practical applications of Information Assurance (IA) policies and technologies in enterprise network environments. The course will include lecture and demonstrations, but is designed around a virtual lab environment and scenario that provides for robust and realistic hands-on experiences in dealing with a range of information assurance topic areas. Students will be provided numerous practical opportunities to apply information security practices and technologies to solve real-world IA problems.
14-788 Information Security Risk Policy and Management (Conflict Spring 18)
The goal of this course is to provide an overview of security marketplace, an understanding of decision making when multiple parties are involved and the role of policy making in the context of information security. Policy is treated broadly and need not be necessarily government laws and regulations. Policy can be intra-organization. For example, it is an organization policy to disconnect an unpatched computer from its network. We will discuss the role of market and competition on security provision and then some of the key causes of market failure, namely externalities. We will then analyze how various policy tools can be applied to mitigate market failure. We will also discuss some key laws and regulation on product liability, and security standards. The course also aims to provide an overview of security industry (that is key trends, technologies and various strategies by vendors and users) as well. By the end of the course, the students are expected to know key managerial and policy issues surrounding information security provision and when and how policy intervention is needed. There is no text book and all the reading material is provided on the first day of class. Some understanding of economics is expected. Students are expected to have read the relevant reading material before class and come prepared for discussion. All reading material can be downloaded from blackboard. Case material will be distributed in class.
Human computer interaction courses
05-410 User Centered Research and Evaluation (Spring)
This course provides an introduction to the field of human-computer interaction (HCI). It introduces students to tools, techniques, and sources of information about HCI and provides a systematic approach to design. The course increases awareness of good and bad design through observation of existing technology, and teaches the basic skills of task analysis, and analytic and empirical evaluation methods.
05-820 Social Web (Conflict Spring 18)
This course, jointly taught by a computer scientist and a behavioral scientist, will examine how the social web operates, teach students how to build online communities, and help them understand the social impact of spending at least part of their lives online. We will examine what works and what fails to work in these online environments.
05-813 Human Factors (Fall)
This course uses theory and research from human factors, cognitive science, and social science to understand and design the interactions of humans with the built world, tools, and technology. The course will emphasize both individual human factors and organizational arrangements that can amplify or correct human factors problems.
Mobile and Pervasive Computing courses
08-781 Mobile and Pervasive Computing Services (Spring)
With over 5 billion mobile phone users worldwide, including a billion people accessing the mobile Web via 3G, new wireless and pervasive computing services are changing the way enterprises interact with both their customers and their employees. The explosion in smart phone ownership, the adoption of faster wireless standards, and the emergence of different mobile social networking and location-sensitive apps are but a few factors contributing to rapid developments in this area. These include mobile commerce apps, mobile social software services, enterprise applications all the way to more futuristic pervasive computing services. Objective: The objective of the course is to introduce participants to the technologies, services and business models associated with Mobile and Pervasive Commerce. It also provides an overview of future trends and ongoing research in this new and fast growing area. You will learn to evaluate critical design tradeoffs associated with different mobile technologies, architectures, interfaces and business models and how they impact the usability, security, privacy and commercial viability of mobile and pervasive computing services. Topics Include: Mobile Communication and Mobile Internet technologies, Mobile and Wireless Security, Mobile OS, Mobile Development Environments, Mobile Commerce Applications (e.g. mobile banking, mobile ticketing, mobile payment, mobile infotainment, mobile social networking), location tracking and location-based services, RFID, mobile enterprise and mobile government applications, context awareness, pervasive computing. The course looks at relevant technologies and architectures as well as the many security, privacy, usability and business models entailed by this fast growing area.
Social and decision sciences courses
88-703 Human Judgment and Decision Making (Spring)
This course reviews the processes underlying decision making, including judgment and choice, including the study of normative, descriptive, and prescriptive theories of decision making, heuristics and biases, cognitive and affective processes.
Other computer science courses
08-801 Dynamic Network Analysis (Spring)
This course provides an overview of the dominant perspectives on organizations and networks from a macro perspective. Topics covered include knowledge management, organizational design, organizational learning, organizational evolution and population ecology, organizational culture, organizations as complex systems, social and organizational networks, and dynamic network analysis.
15-780 Grad Artificial Intelligence (Spring)
This course is targeted at graduate students who want to learn about and perform current-day research in artificial intelligence---the discipline of designing intelligent decision-making machines. Techniques from probability, statistics, game theory, algorithms, operations research and optimal control are increasingly important tools for improving the intelligence and autonomy of machines. This AI course is a review of a selected set of these tools. The course will cover the ideas underlying these tools, their implementation, and how to use them or extend them in your research. [technical elective]
11-791 Design and Engineering of Intelligent Information Systems (Fall)
11-791 is a one-semester, 12-unit course which covers the fundamental principles of software engineering for information technology. The focus includes both project management (estimation, planning, tracking, risk) and software methodology (analysis, design, implementation, testing). A basic understanding of programming is required. During the second half of the course, students will exercise the principles they have learned by analyzing, designing, and planning a specific software project.
15-896 Algorithms, Games, and Networks (Conflict Spring & Fall 18)
Algorithms, Games, and Networks is an interdisciplinary course that covers selected theoretical topics at the interface of computer science and economics. The course's topics include: solution concepts in game theory, such as Nash equilibrium and correlated equilibrium, their computation, and connections to learning theory; the price of anarchy in routing and congestion games; computational social choice: voting rules as maximum likelihood estimators, the axiomatic approach to ranking systems and crowdsourcing, manipulation of elections and ways to circumvent it; algorithmic mechanism design, focusing on truthful approximation algorithms; market design, with an emphasis on optimization and incentives in kidney exchange; diffusion of technologies and influence maximization in social networks; and procedures for fair division, such as cake cutting algorithms. [technical elective]
14-740 Fundamentals of Telecommunications Networks (Conflict Spring & Fall 18)
A graduate-level, first-course in computer and telecommunication networks. There is no pre-requisite of an undergraduate equivalent, but basic computer, programming and probability theory background is required. The primary objective of this course is for you to learn the fundamental principles underlying computer and telecommunication networks. Using a top-down approach, we will cover topics in the application, transport, network and link layers of the protocol stack. We will also go over advanced topics, including network management, traffic engineering, and router internals. Besides learning about the nuts and bolts, you will gain an understanding as well in engineering tradeoffs made and design principles used in computer and telecommunication networks. Another objective is for you to apply some of this knowledge in the context of systems projects. We will follow an aggressive pace in this course. [technical elective]
36-749 Experimental Design for Behavioral and Social Sciences (Conflict Spring & Fall 18)
Statistical aspects of the design and analysis of planned experiments are studied in this course. The design aspect will concentrate on choice of models, sample size and order of experimentation. The analysis phase will cover data collection and computation, especially analysis of variance and will stress the interpretation of results.
19-713 Policies of Wireless Systems and the Internet (Conflict Spring & Fall 18)
This course will address public policy issues related to wireless systems, and to the Internet. It begins by investigating policies related to a wide variety of emerging wireless systems and technologies, including wifi computer networks, broadband to the home, broadcast radio and television, and satellite communications. This can include the government role in facilitating the creation of infrastructure, in advancing competition among broadcasters and communications service providers, in managing spectrum, and in protecting privacy and security. The course will then address Internet policy issues, which can include Internet governance and the domain name system, taxation, privacy and security, and intellectual property. Because these are inherently interdisciplinary issues, the course will include detailed discussions of technology, economics, and law, with no prerequisites in any of these areas.