650.412 (E)

JAVA SECURITY (3) Llanso   Limit 40 Prereq: 600.120 or 600.121  Open to MSSI students  Perm Req’d. for non-MSSI students  This course examines security topics in the context of Java and the emerging area of web services. Emphasis is placed on security services such as confidentiality, integrity, availability, and non-repudiation. Specific topics include mobile code, class loading, bytecode verification, security managers, protection domains, policy files, key management and use, data encryption, hashing, signature generation and verification, certificates, and sealed objects. Various supporting APIs are also considered, such as the JAVA Cryptography Architecture (JCA), Java Cryptography Extension (JCE), and Java Secure Sockets Extension (JSSE). Web services topics may include XML digital signatures and encryption, Security Assertions Markup Language (SAML), XML Key Management Specification(XKMS), Extensible Access Control Markup Language (XACML) and WS-Security. The course includes multiple programming assignments and a project. Core Technology course for MSSI degree

Sec. 01

M 4:30-7:15pm

550.438(E,Q)

STATISTICAL METHODS IN COMPUTER INTRUSION DETECTION (3) Marchette   Limit 25 This course will give an introduction to the data and methodologies of computer intrusion detection. The focus will be on statistical and machine learning approaches to detection of attacks on computers. Topics will include network monitoring and analysis, including techniques for studying the Internet, and estimating the number and severity of attacks; network-based attacks such as probes and denial of service attacks; host-based attacks such as buffer overflows and race conditions; malicious code such as viruses and worms.  Statistical pattern recognition methods will be described for the detection and classification of attacks. Techniques for the visualization of network data will be discussed. The book will be supplemented with readings of various articles. Course added 01/15/08

Sec. 01

T 9:30-11:50

650.460 (E)

SOFTWARE VULNERABILITY ANALYSIS (3) Stubblefield   Limit 17 Prereq: Experience in C++ Programming Course will examine vulnerabilities in C source, stack overflows, writing shellcode etc.   Also vulnerabilities in web applications: SQL Injection, cookies forceful browsing, As well as vulnerabilities in C binaries fuzzing, exploint development without source among others.

Sec. 01

Online

600.472 (E,Q)

THEORETICAL CRYPTOGRAPHY (3) Hohenberger   Limit 40  Prereq: 600.471 recommended.    The focus of this course is on the definitions and constructions of various cryptographic primitives and protocols, such as one-way functions, pseudo-random generators, digital signature schemes, encryption schemes, zero-knowledge and multiparty computation. We will study how to formulate definitions that capture desired security properties as well as techniques for designing and then proving that a construction realizes these properties. Students should be comfortable with the basics of number theory and proof writing. [Analysis]

Sec. 01

TTh 1:30-2:45

600.625

COMPUTER AND NETWORK FORENSICS Monrose    Limit 25 Prereq: Operating Systems and Systems Programming    This course exposes students to a myriad of fundamental concepts and techniques for recovering and inferring information in computer systems and networks. Topics include (but are not limited to) file system forensics, kernel-level rootkits and associated challenges, reconstructing malware evolution and dynamics, analysis of anonymization and privacy preserving techniques, advanced network traceback, traffic classification, biometrics and digital evidence, data integrity and audit trails, secure remote logging, and system call introspection. A semester-long course project is required. Students will also be responsible for presenting and discussing selected research papers on topics pertinent to the course. Some familiarity with low-level system programming is assumed. [Applications]
Cross-listed with Computer Science Course canceled 12/27/07

Sec. 01

WF 1:30-2:45

650.630

MORAL AND LEGAL FOUNDATIONS OF PRIVACY Siegel Limit 25  This course explores the ethical and legal underpinnings of privacy.  Inquiries into the values that underline the right; constitutional and common law foundations; balancing privacy against other rights and interests.  Core Policy course for MSSI degree

Sec. 01

W 10-12:20

650.632

LAW AND POLICY OF INFORMATION ASSURANCE  Lavine  Limit 25   This course introduces information assurance as a response to changes in technology, asymmetric threats and computer crime.  It traces the concepts through civilian applications as OMB and NIST standards as well as private sector issues related to privacy, contingency response, and reliable infrastructures.  It examines these concepts from a risk assessment and
standards based approach central to government planning and the private sector.

Sec. 01

Online

650.633

COMPUTER SECURITY ARCHITECTURES Masson  Limit 20 This course will study information security and assurance methodologies from the perspective of implementation and performance on reduced instruction set architectures. All 1st year MSSI students (starting with the Spring 2008 entering class) will be required to take this course. Course added 11/09/07

Sec. 01

TTh 3-4:15pm

600.642

ADVANCED TOPICS IN CRYPTOGRAPHY Ateniese  Limit 20  Prereq: 600.442 or 600.443  This course will focus on advanced cryptographic protocols with an emphasis on open research problems. [Applications]
Cross-listed with Computer Science

Sec. 01

TTh 3-4:15

600.643

ADVANCED TOPICS IN COMPUTER SECURITY Rubin     Limit 20   Prereq: Either 600.442 or 600.443  This course will focus on advanced cryptographic protocols with an emphasis on open research problems. [Applications]  
Cross-listed with Computer Science

Sec. 01

MW 1:30-2:45

650.652

HEALTH CARE SECURITY MANAGEMENT Lacey  Limit 25 Open to MSSI students or Perm. Req’d. The course will address information security in the public health and medical fields, with special emphasis on clinical care, research and the role of the academic medical center. In many respects, the course builds on 650.651 Health Information, Privacy, Law and Policy’s treatment of privacy and how such privacy is protected in the health and medical arena, including but not limited to HIPAA

Sec. 01

Th 4:30-7:15pm 4-6:45pm

650.737

INFORMATION SECURITY PROJECTS Staff  Limit 20  Open to MSSI students  Perm Req’d. for non-MSSI students  All MSSI programs must include a project involving a research and development oriented investigation focused on an approved topic addressing the field of information security and assurance from the perspective of relevant applications and/or theory. There must be project supervision and approval involving a JHUISI affiliated faculty member. A project can be conducted individually or within a team-structured environment comprised of MSSI students and an advisor. A successful project must result in an associated report suitable for on-line distribution.  When appropriate, a project can also lead to the development of a so-called "deliverable" such as software or a prototype system. Projects can be sponsored by government/industry partners and affiliates of the Information Security Institute, and can also be related to faculty research programs supported by grants and Contracts. A project can count for as much as 3 course credits towards the MSSI requirements by means of enrolling in 650.736/746.  Satisfactory/ Unsatisfactory only  Core Technology course for MSSI degree

Sec. 01

F 4-5:20

The following courses are taught through the Carey School of Business and must be registered for Interdivisionally. Descriptions and times are found in the Carey School catalogue, on the JHUISI website, and outside of Wyman 407.

769.418 (W)

PRINCIPLES OF E-COMMERCE Burnett  Limit 10 Class begins 4/23/08 and ends 6/25/08 Students must register interdivisionally Counts as elective policy class Course added 12/13/07

Sec. 18

W 5:45-9:30pm

774.717

IMPLEMENTING EFFECTIVE INFORMATION SECURE PROGRAMS Kociemba   Limit 25  This course focuses on the personnel, legal, regulatory, and privacy issues that constitute many of the basic management areas that must be considered in developing and implementing an effective information security program. The course also emphasizes the need for reasonable policies and procedures to ensure compliance.Core Management course for MSSI degree.

Sec. 01

F 4-6:30pm