Cybersecurity Programs at Johns Hopkins University, Lecture notes of Computer Networks

Download Cybersecurity Programs at Johns Hopkins University and more Lecture notes Computer Networks in PDF only on Docsity! Cybersecurity 1 CYBERSECURITY The part-time Cybersecurity program balances theory with practice, providing students with the highly technical knowledge and skills needed to protect and defend information systems from attack. Students choose from focus area that explore cyber attacks from within a system, protect information assets, and identify anomalies and unexpected patterns. Courses are offered at the Applied Physics Laboratory and online. Program Committee Lanier Watkins, Program Chair Senior Professional Staff JHU Applied Physics Laboratory Robert S. Grossman, Vice Program Chair Emeritus Principal Professional Staff (retired) JHU Applied Physics Laboratory Anthony N. Johnson, Program Manager Senior Professional Staff JHU Applied Physics Laboratory Eleanor Boyle Chlan Senior Professional Staff (retired) JHU Applied Physics Laboratory Theodore Colbert, III Executive Vice President, The Boeing Company President and Chief Executive Officer, Boeing Global Services Anton Dahbura Co-Director, Institute for Assured Autonomy Johns Hopkins University Mary Galvin Alumni JHU Engineering for Professionals John Hurley Professor, Cyberspace Strategies and Data Analytics National Defense University Tom Longstaff CTO, Software Engineering Institute Carnegie Mellon University John A. Piorkowski Principal Professional Staff JHU Applied Physics Laboratory William Robinson Interim Vice Provost for Strategic Initiatives Vanderbilt University Ralph Semmel Director JHU Applied Physics Laboratory J. Miller Whisnant Principal Professional Staff JHU Applied Physics Laboratory Programs • Cybersecurity, Master of Science (https://e-catalogue.jhu.edu/ engineering/engineering-professionals/cybersecurity/cybersecurity- master-science/) • Cybersecurity, Post-Master’s Certificate (https://e-catalogue.jhu.edu/ engineering/engineering-professionals/cybersecurity/cybersecurity- post-masters-certificate/) Courses EN.695.601.  Foundations of Information Assurance.  3 Credits.   This course surveys the broad fields of enterprise security and privacy, concentrating on the nature of enterprise security requirements by identifying threats to enterprise information technology (IT) systems, access control and open systems, and system and product evaluation criteria. Risk management and policy considerations are examined with respect to the technical nature of enterprise security as represented by government guidance and regulations to support information confidentiality, integrity and availability. The course develops the student’s ability to assess enterprise security risk and to formulate technical recommendations in the areas of hardware and software. Aspects of security-related topics to be discussed include network security, cryptography, IT technology issues, and database security. The course addresses evolving Internet, Intranet, and Extranet security issues that affect enterprise security. Additional topics include access control (hardware and software), communications security, and the proper use of system software (operating system and utilities). The course addresses the social and legal problems of individual privacy in an information processing environment, as well as the computer “crime” potential of such systems. The class examines several data encryption algorithms. Course Note(s): This course can be taken before or after 605.621 Foundations of Algorithms. It must be taken before other courses in the degree. EN.695.611.  Embedded Computer Systems-Vulnerabilities, Intrusions, and Protection Mechanisms.  3 Credits.   While most of the world is preoccupied with high-profile network-based computer intrusions, this online course examines the potential for computer crime and the protection mechanisms employed in conjunction with the embedded computers that can be found within non-networked products (e.g., vending machines, automotive onboard computers, etc.). This course provides a basic understanding of embedded computer systems: differences with respect to network-based computers, programmability, exploitation methods, and current intrusion protection techniques, along with material relating to computer hacking and vulnerability assessment. The course materials consist of a set of eight study modules and five casestudy experiments (to be completed at a rate of one per week) and are augmented by online discussion forums moderated by the instructor. This course also includes online discussion forums that support greater depth of understanding of the materials presented within the study modules. Prerequisite(s): EN.605.202 Data Structures; EN.695.601 Foundations of Information Assurance, a basic understanding and working knowledge of computer systems, and access to Intel-based PC hosting a Microsoft Windows environment. 2 Cybersecurity EN.695.612.  Operating Systems Security.  3 Credits.   Have you ever wondered how hardware and software faults could affect the security and privacy of a computing environment? Modern general- purpose operating systems have become the lifeline for business and personal use.Throughout the course, students will examine and analyze the modern security mechanisms (e.g. MACs, ASLR, SMEP/SMAP, CFI, PAC, TPMs, and more) and learn the strengths and weaknesses of each approach, ensuring a solid defense against APTs and rootkits. Examining both software and hardware implementations, students will compare how effective these security components are amongst the major OS vendors. As virtualization has become ubiquitous in computing, students will also utilize KVM to build customized virtual machine solutions. Finally, students will examine how these mechanisms compare and are applied to modern mobile operating systems environments.Prerequisite(s): Familiarity with operating system concepts. EN.695.614.  Security Engineering.  3 Credits.   This course covers cybersecurity systems engineering principles of design. Students will learn the foundational and timeless principles of cybersecurity design and engineering. They will learn why theories of security come from theories of insecurity, the important role of failure and reliability in security, the fundamentals of cybersecurity risk assessment, the building blocks of cybersecurity, intrusion detection design, and advanced topics like cybersecurity situational understanding and command and control. The course develops the student’s ability to understand the nature and source of risk to a system, prioritize those risks, and then develop a security architecture that addresses those risks in a holistic manner, effectively employing the building blocks of cybersecurity systems— prevention, detection, reaction, and attack- tolerance. The student will learn to think like a cyber-attacker so that they can better design and operate cybersecurity systems. Students will attain the skill of systematically approaching cybersecurity from the top down and the bottom up and have confidence that their system designs will be effective at addressing the full spectrum of the cyber-attack space. The course also addresses how the cybersecurity attack and defense landscape will evolve so that the student is not simply ready to address today’s problems, but can quickly adapt and prepare for tomorrow’s. The course is relevant at any stage in a student’s curriculum: whether at the beginning to enable the student to understand the big picture before diving into the details, at the end as a capstone, or in the middle to integrate the skills learned to date. Prerequisite(s): EN.695.601 Foundations of Information Assurance. EN.695.615.  Cyber Physical Systems Security.  3 Credits.   The age of Cyber-Physical Systems (CPS) has officially begun. Not long ago, these systems were separated into distinct domains, cyber and physical. Today, the rigid dichotomy between domains no longer exists. Cars have programmable interfaces, Unmanned Aerial Vehicles (UAVs) roam the skies, and critical infrastructure and medical devices are now fully reliant on computer control. With the increased use of CPS and the parallel rise in cyber-attack capabilities, it is imperative that new methods for securing these systems be developed. This course will investigate key concepts behind CPS including: control systems, protocol analysis, behavioral modeling, and Intrusion Detection System (IDS) development. The course will be comprised of theory, computation, and projects to better enhance student learning and engagement . The course will begin with the mathematics of continuous and digital control systems and then shift the focus to the complex world of CPS, where both a general overview for the different domains (Industrial Control, Transportation, Medical Devices, etc.) and more detailed case studies will be provided . Students will complete a number of projects, both exploiting security vulnerabilities and developing security solutions for UAVs and industrial controllers. Several advanced topics will be introduced including behavioral analysis and resilient CPS.Course Notes: There are no prerequisite courses; however, students will encounter many concepts and technologies in a short period of time. Student should have a basic understanding of python programming, networking, matrices, and Windows and Linux operating systems. EN.695.621.  Public Key Infrastructure and Managing E-Security.  3 Credits.   This course describes public key technology and related security management issues in the context of the Secure Cyberspace Grand Challenge of the National Academy of Engineering. Course materials explain Public Key Infrastructure (PKI) components and how the various components support e-business and strong security services. The course includes the basics of public key technology; the role of digital certificates; a case study that emphasizes the content and importance of certificate policy and certification practices; identification challenges and the current status of the National Strategy for Trusted Identities in Cyberspace; and essential aspects of the key management lifecycle processes that incorporate the most recent research papers of the National Institute of Standards and Technology. Students will examine PKI capabilities and digital signatures in the context of the business environment, including applicable laws and regulations. The course also presents the essential elements for PKI implementation, including planning, the state of standards, and interoperability challenges. The course also provides an opportunity for students to tailor the course to meet specific cybersecurity interests with regard to PKI and participate in discussions with their peers on contemporary cybersecurity topics. Cybersecurity 5 EN.695.712.  Authentication Technologies.  3 Credits.   Authentication plays a strong role in cybersecurity, and is a critical layer underpinning the “CIA triad.” This course will explore current technologies, issues, and policies surrounding practical authentication. Grouped by something you know, something you have, and something you are, topics will include passwords, certificates and public key infrastructures, graphical authentication, smart cards, biometrics, trusted computing, location authentication, identity federation, and a range of other topics determined by class interest. Each topic will be examined from the perspective of technical strengths, weaknesses, mitigations, and human factors, and will include discussions of authentication policies, trends, and privacy perspectives. Related background is developed as needed, allowing students to gain a rich understanding of authentication techniques and the requirements for using them in a secure environment including systems, networks, and the Internet. Students will prepare and present a research project that reflects an understanding of key issues in authentication. Recommended: EN.695.621 Public Key Infrastructure and Managing E-Security. Prerequisite(s): EN.605.202 Data Structures; 6EN.95.601 Foundations of Information Assurance. EN.695.621 Public Key Infrastructure and Managing E-Security is recommended. EN.695.715.  Assured Autonomy.  3 Credits.   Autonomic systems leverage the growing advances in control, computer vision, and machine learning coupled with technological advances in sensing, computation, and communication. While this emerging highly connected, autonomous world is full of promise, it also introduces safety and security risks that are not present in legacy systems. This course focuses on the complexities inherent in autonomous systems and the multifaceted and multilayered approaches necessary to assure their secure and safe operation. As these systems become more pervasive, guaranteeing their safe operation even during unforeseen and unpredictable events becomes imperative. There are currently no real solutions to provide these runtime guarantees necessitating cutting edge research to provide state awareness, intelligence, control, safety, security, effective human-machine interaction, robust communication, and reliable computation and operation to these systems. This course follows a seminar-style format where students are expected to lead class discussions and write a publication-quality paper as part of a course project. EN.695.721.  Network Security.  3 Credits.   This course covers concepts and issues pertaining to network security and network security architecture and evolving virtualization and related cloud computing security architecture. Topics include mini-cases to develop a network security context. For example, we will assess the NIST (National Institute of Standards and Technology) unified information security framework. This framework is supported by information security standards and guidance, such as a risk management framework (RMF) and continuous monitoring (CM) process. Applied cryptography and information security—encryption algorithms, hash algorithms, message integrity checks, digital signatures, security assessment and authentication, authorization and accounting (AAA), security association, and security key management (generation, distribution, and renewal) —are discussed with consideration given to emerging cryptographic trends, such as the evolution and adoption of NSA’s (National Security Agency’s) Suite B cryptography. This course presents network and network security architecture viewpoints for selected security issues, including various security mechanisms, different layers of wired/wireless security protocols, different types of security attacks and threats and their countermeasures or mitigation, Next Generation Network (NGN) security architecture that supports the merging of wired and wireless communications, and Internet Protocol version 6 implementation and transition. The course concludes with more comprehensive cases that consider network security aspects of virtualization and cloud computing architecture. Prerequisite(s): EN.605.202 Data Structures; EN.695.601 Foundations of Information Assurance and EN.605.671 Principles of Data Communications Networks or EN.635.611 Principles of Network Engineering. EN.695.722.  Covert Channels.  3 Credits.   This course will be a survey course for covert channels and information leakage (side channel) with hands-on investigations into building and defeating covert channels. We will begin with the long history of covert channels dating back to the 1970’s up to the present and beyond by looking at current research in this area. We will explore both storage and timing covert channels and information leakage from general purpose computers, mobile devices, and modern industrial control system devices. It is necessary to be able to write code in at least 1 language (python is preferred), be familiar with computer networking and the use of network packet sniffers. Prerequisite(s): EN.695.642 Intrusion Detection AND intermediate knowledge of Python. EN.695.737.  AI for Assured Autonomy.  3 Credits.   This is an introductory course in Artificial Intelligence It teaches the basic concepts, principles, and fundamental approaches to Artificial Intelligence. Its main topics include AI Fundamentals, Probability and Statistics, Python Essentials, Supervised Machine Learning, Unsupervised Machine Learning, Neural Networks, Reinforcement Learning, Deep Learning, Natural Language Processing, Decision Tree/Search Algorithms and Intro to Assured Autonomous Systems. Prerequisites: The student should have taken an undergraduate level course on, or be otherwise familiar with, operating systems and networks. Prior programming experience with C, Python or Java is highly recommended. Knowledge of algebra and discrete mathematics is also recommended. 6 Cybersecurity EN.695.741.  Information Assurance Analysis.  3 Credits.   This course exposes students to the world of information assurance analysis by discussing foundational concepts and frameworks that can be used to analyze various technologies, mediums, protocols and platforms. Analysis is a fundamental part of the information assurance process and effective implementation can inform policy, forensic and incident response procedures, and cyber security practices. Students will be able to perform analysis activities by using the theoretical knowledge gained on case studies, assignments, and hands-on labs resulting in a richer understanding for information assurance. Topics include the collection, use, and presentation of data from a variety of sources (e.g., raw network traffic data, traffic summary records, and log data collected from servers and firewalls). This data is used for a variety of analytical techniques, such as collection approach evaluation, population estimation, hypothesis testing, experiment construction and evaluation, and developing evidence chains for forensic analysis. The course will also cover Internet of Things (IoT’s), Artificial Intelligence, Mobile Application Security, addressing, Border Gateway Protocols (BGP), lookups, anonymization, Industrial Control Systems (ICS), as well as analyzing DNS, HTTP, SMTP, and TCP protocols. Students will primarily use SiLK, NetFlow, Wireshark, Splunk, Zeek (new name Bro), Node-Red IoT framework, and TCPDump tools. Students will also be introduced to various IoT and ICS protocols; WNAN, ZigBee, EMV, and SIGFOX, as well as, CIP, MODBUS, DNP3, OPC, HART, BACnet, and ICCP, respectively. Prerequisite(s): EN.695.601 Foundations of Information Assurance. Familiarity with basic statistical analysis. EN.695.642 Intrusion Detection or EN.695.611 Embedded Computer SystemsVulnerabilities, Intrusions, and Protection Mechanisms is recommended. EN.695.742.  Digital Forensics Technologies and Techniques.  3 Credits.   Digital forensics focuses on the acquisition, identification, attribution, and analysis of digital evidence of an event occurring in a computer or network. This course provides a broader scientific understanding of the technologies and techniques used to perform digital forensics. In particular, various signature extraction techniques, detection, classification, and retrieval of forensically interesting patterns will be introduced. This will be complemented by studying fundamental concepts of data processing technologies like compression, watermarking, steganography, cryptography, and multiresolution analysis. Emerging standards along with issues driving the changing nature of this topic will be explored. Antiforensic techniques that are used to counter forensic analysis will also be covered. Students will be exposed to relevant theory, programming practice, case studies, and contemporary literature on the subject. Prerequisite(s): EN.605.612 Operating Systems. EN.695.744.  Reverse Engineering and Vulnerability Analysis.  3 Credits.   Have you ever wondered why software vulnerabilities lead to security issues? Or how malicious actors exploit vulnerabilities? The Reverse Engineering course will help answer these questions and more! Throughout the course, students will use industry standard tools and develop customized solutions to help further binary/code analysis. Using real-world vulnerability classes, students will examine how attackers identify flaws in modern software and exploit these flaws bypassing state-of-the-art protection mechanisms found in modern operating systems. Students will also identify how to patch these issues and develop extensions of protection mechanisms to thwart attacks, raising the bar for the attacker and improving the security posture of a system. Using a combination of static analysis, dynamic analysis, fault injection and fuzzing, this course will provide students with the modern skills needed to help stop attackers!Prerequisite(s): Familiarity with computer architecture concepts. EN.695.749.  Cyber Exercise.  3 Credits.   Students will learn about the nature and purpose of cyber exercises and their role in training and assessing people, teams, technology, and procedures. During the course of the semester, students will design a cyber exercise that meets the specific needs of their organization. At the conclusion of the class, students will have a model template they can use to design, build, and execute their own exercise. Prerequisite(s): EN.695.641 Cryptology EN.695.791.  Information Assurance Architectures and Technologies.  3 Credits.   This course explores concepts and issues pertaining to information assurance architectures and technologies (IAA), such as a three- level enterprise and cybersecurity architecture offered as one of the security common languages from the National Institute of Standards and Technology (NIST). Key NIST Cybersecurity Center of Excellence (NCCoE) Practice guides pertaining to IAA issues are introduced and analyzed. NIST/NCCoE security guidance and metrics for Zero Trust Architecture (ZTA), continuous diagnostics and mitigation (CDM), and artificial intelligence/machine learning (AI/ML) security guidance and metrics are applied to analysis of selected enterprise and cybersecurity programs, such the Department of Defense (DoD) Zero Trust Reference Architecture, Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA) Trusted Internet Connections Program (CISA TIC), Federal Aviation Administration (FAA) Air Traffic Modernization (NextGen) process, and Food and Drug Administration (FDA) (for approval of medical devices). Cloud computing security architecture issues for IAA technologies including FedRAMP (Federal Resources Analysis and Management Program) authorization are analyzed. Topics include protecting control systems from non-control systems for information technology (IT) and operational technology (OT) enterprise and cybersecurity risk management. For example, these IT/ OT interface issues are critical for the NIST Smart Grid Cybersecurity Strategy, Architecture, and High-Level Requirements. IAA analyses include enterprise Internet of Things (IoT) mobility issues and a virtual laboratory project based on selected Amazon Web Services (AWS) security capabilities for Zero Trust Architecture (ZTA). Prerequisite(s): EN.605.202 Data Structures; EN.695.601 Foundations of Information Assurance or equivalent, and EN.605.671 Principles of Data Communications Networks or EN.635.611 Principles of Network Engineering. Cybersecurity 7 EN.695.795.  Capstone Project in Cybersecurity.  3 Credits.   This course permits graduate students in cybersecurity to work with other students and a faculty mentor to explore a topic in depth and apply principles and skills learned in the formal cybersecurity courses to a real world problem. Students will work in self-organized groups of two to five students on a topic selected from a published list. Since students will have selected different courses to meet degree requirements, students should consider the combined strengths of the group in constituting their team. Each team will prepare a proposal, interim reports, a final report, and an oral presentation. The goal is to produce a publication quality paper and substantial software tool. This course has no formal content; each team should meet with their faculty mentor at least once a week and is responsible for developing their own timeline and working to complete it within one semester. The total time required for this course is comparable to the combined class and study time for a formal course. Course prerequisite(s): Seven cybersecurity graduate courses including two courses numbered 695.7xx, all CyS foundation courses, and meeting the track requirement; or admission to the post-master's certificate program. Students must also have permission of a faculty mentor or academic advisor, and the program chair. Course note(s): Students may not receive graduate credit for both 695.795 and 695.802 Independent Study in Cybersecurity II. This course is only offered in the spring. EN.695.801.  Independent Study in Cybersecurity I.  3 Credits.   This course permits graduate students in cybersecurity to work with a faculty mentor to explore a topic in depth or conduct research in selected areas. Requirements for completion include submission of a significant paper or project. Prerequisite(s): Seven Cybersecurity graduate courses including the foundation courses, three track-focused area courses, and two courses numbered at the 700 level or admission to the post- master’s certificate program. Students must also have permission from the instructor. Prerequisite(s): EN.695.601 AND EN.695.401 AND EN.605.421 Foundations of Algorithms EN.695.802.  Independent Study in Cybersecurity II.  3 Credits.   Students wishing to take a second independent study in Cybersecurity should sign up for this course. Prerequisite(s): 695.801 Independent Study in Cybersecurity I and permission of a faculty mentor, the student’s academic advisor, and the program chair. Prerequisite(s): EN.695.801