Carnegie Mellon University


Core courses

17-631  Information Security, Privacy, and Policy
As layers upon layers of technology mediate increasingly rich business processes and social interactions, issues of information security and privacy are growing more complex too. This course takes a multi-disciplinary perspective of information security and privacy, looking at technologies as well as business, legal, policy and usability issues. The objective is to prepare students to identify and address critical security and privacy issues involved in the design, development and deployment of information systems. Examples used to introduce concepts covered in the class range from enterprise systems to mobile and pervasive computing as well as social networking. Format: Lectures, short student presentations on topics selected together with the instructor, and guest presentations Target Audience: Primarily intended for master students with a CS background or equivalent.  Also open to motivated undergrads as well as PhD students interested in a more practical, multi-disciplinary understanding of information security and privacy.

17-662 Law of Computer Technology (A1 6-unit mini)
This course consists of the first half of the 12-unit course 17-762.  It is both a survey of computer law and an examination of how courts evaluate technological evidence in their decision-making. It deals with the most important and controversial issues in technology law today. The material is divided into six primary subjects: 1. Legal process: how courts operate, how lawsuits are conducted, what happens in appeals, who has to obey the determination of a court, over whom can a court exercise power, and regulatory law. 2. Evidence: what has to be proven to a court and how it is done, rules of evidence, burdens of proof, expert testimony. 3. Business Transactions: software licenses, clickwrap contracts, electronic transactions. 4. Personal Intrusions: social media, libel and defamation, data privacy, position monitoring. 5. Intellectual Property: trade secrets and confidentiality agreements. No legal background is required or assumed. This is not a law school course. Great effort is expended to keep the syllabus current based on breaking legal events. Therefore, the content and ordering of lectures may vary somewhat as the course progresses.

17-731 Foundations of Privacy
Privacy is a significant concern in modern society. Individuals share personal information with many different organizations - healthcare, financial and educational institutions, the census bureau, web services providers and online social networks - often in electronic form. Privacy violations occur when such personal information is inappropriately collected, shared or used. We will study privacy in a few settings where rigorous definitions and enforcement mechanisms are being developed - statistical disclosure limitation (as may be used by the census bureau in releasing statistics), semantics and logical specification of privacy policies that constrain information flow and use (e.g., by privacy regulations such as the HIPAA Privacy Rule and the Gramm-Leach-Bliley Act), principled audit and accountability mechanisms for enforcing privacy policies, anonymous communication protocols - and other settings in which privacy concerns have prompted much research, such as in social networks, location privacy and Web privacy (in particular, online tracking & targeted advertising).

17-733 Privacy Policy, Law, and Technology
As new technologies are developed, they increasingly raise privacy concerns- the Web, wireless location-based services, and RFID are a few examples.  In addition, the recent focus on fighting terrorism has brought with it new concerns about governmental intrusions on personal privacy.  This course provides an in depth look into privacy, privacy laws, and privacy-related technologies.  Students will study privacy from philosophical, historical, legal, policy, and technical perspectives and learn how to engineer systems for privacy.  This course is appropriate for graduate students, juniors, and seniors who have strong technical backgrounds.  8-733 is for PhD students.  8-533 and 19-608 are for undergraduate students.  Masters students may register for any of the course numbers.  This course will include a lot of reading, writing, and class discussion. Students will be able to tailor their assignments to their skills and interests, focusing more on programming or writing papers as they see fit.  However, all students will be expected to do some writing and some technical work.  A large emphasis will be placed on research and communication skills, which will be taught throughout the course.

17-734 Usable Privacy and Security
Our “Usable Privacy and Security” course, developed at CMU in 2006 by faculty in three departments, is designed to introduce students to usability and user interface problems related to privacy and security and to give them experience in designing studies aimed at helping to evaluate usability issues in security and privacy systems. The course was designed for students interested in privacy and security who would like to learn more about usability, as well as for students interested in usability who would like to learn more about security and privacy. In addition to faculty and guest lectures, students present and discuss usable privacy and security research papers. Students work in interdisciplinary teams on a project throughout the semester under the guidance of faculty mentors.

17-735 Engineering Privacy in Software
Privacy harms that involve personal data can often be traced back to software failures, which can be prevented through sound engineering practices. In this course, students will learn how to engineer privacy using modern methods and tools for software requirements, design and testing. This integration includes how to collect and analyze software and privacy requirements, how to reconcile ambiguous, inconsistent and conflicting requirements, and how to develop and evaluate software designs based on established privacy principles, including how to analyze design alternatives to reduce threats to personal privacy. After completing this course, students will know how to integrate privacy into the software development lifecycle and how, and when, to interface with relevant stakeholders, including legal, marketing and other developers in order to align software designs with relevant privacy laws and business practices.

Elective Courses

These are examples of some of the electives that will be offered. This list will change each semester. Students may count independent study credits or other courses as electives with the approval of their advisor.

Students interested in taking privacy or security courses as electives should review the Privacy and Security Course list.

01-611 Natural Language Processing

02-613 Algorithims and Advanced Data Structures

05-820 Social Web

10-601 Introduction to Machine Learning

11-642 Search Engines

11-785 Introduction to Deep Learning

14-740 Fundamentals of Telecommunications Networks

14-741 Introduction to Information Security

14-761 Applied Information Assurance

14-788 Information Security Policy and Management

14-809 Introduction to Cyber Intelligence

14-823 Network Forensics

14-829 Mobile and IOT Security

17-514 Principles of Software Construction: Objects, Design and Concurrency

17-683 Data Structures for Application Programmers

18-636 Browser Security

18-637 Wireless Security

18-730 Introduction to Computer Security

18-731 Network Security

18-732 Secure Software Systems

19-639 Policies of the Internet

19-713 Policies of Wireless Systems

19-733 Cryptocurrencies, Blockchains, and Applications

36-749 Experimental Design for Behavioral and Social Sciences

94-800 Negotiation

94-808 Management Consulting

94-886 Advances in Robotic Process Automation

95-737 NoSQL Database Management

95-759 Malicious Code Analysis

95-799 Linux and Open Source

95-812 Introduction to the ITIL Framework

95-881 Web Application Development

95-882 Enterprise Web Development

95-883 Ethical Penetration Testing