Subsections designated by a "c" list Core courses while those with an "n" list Non-Core courses. Sections with neither designation have no Non-Core courses. The Spring 07 and Summer 07 sections list those courses being offered that semester—all links there within lead to the course descriptions under the appropriate categorial grouping.
Instructor: Marchette
This course will give an introduction to the data and methodologies of computer intrusion detection. The focus will be on statistical and machine learning approaches to detection of attacks on computers. Topics will include network monitoring and analysis, including techniques for studying the Internet, and estimating the number and severity of attacks; network-based attacks such as probes and denial of service attacks; host-based attacks such as buffer overflows and race conditions; malicious code such as viruses and worms. Statistical pattern recognition methods will be described for the detection and classification of attacks. Techniques for the visualization of network data will be discussed. The book will be supplemented with readings of various articles. (3 credits)
Prerequisites: 550.310 or 550.311, or equivalent.
Instructor: Fishkind A first course in the mathematical theory of secure and reliable electronic communication. Topics include finite field arithmetic, error ciphers, one-time pads, the Enigma machine, one way functions, discrete logarithm, primality testing, secret key exchange, public key cryptosystems, digital signatures, and key escrow. (4 credits)
Prerequisites: 550.171 (110.204 with permission of the instructor) linear algebra, computing experience)
Instructor: Llanso
Meets: M 4:00 - 6:45 p.m.
Location: Wyman 421 (Conf. Room) This course provides a comprehensive coverage of the security aspects of the Java platform. Java's security model and the VM and language features that support security are covered. Java APls relevant to development of secure software are discussed. The course concentrates on the practical aspects of using these APls. Use of the Java Cryptography APls is addressed and material on security in J2EE (Java 2 Enterprise Edition) is presented. Topics covered include the java.security.* packages, the Java Cryptography Architecture and Java Cryptography Extension (JCA and JCE), Java Secure Sockets Extension (JSSE), Java Authentication and Authorization Service (JAAS), Java Generic Security Services (Java GSS-API), and the Java Certification Path API. (3 credits)
Prerequisite: 600.120 or 600.121. Instructor: Monrose
This course focuses on communication security in computer systems and networks. The course is intended to provide students with a comprehensive introduction to the field of network security. The course covers critical network security services such as authentication and access control, integrity and confidentiality of data, routing, firewalls, virtual private networks, and web security. Where appropriate, we examine threats and vulnerabilities to specific architectures and protocols. A course project is required. (3 credits)
Prerequisites: 600.334/444, 600.226, and 600.121 (or equivalent) recommended. Students may receive credit for 600.324 or 600.424 but not both.
Instructor: Ateniese
This course focuses on algorithms and protocols for secure network communication. Topics include cryptographic algorithms (DES, Diffie-Hellman, RSA), authentication, key management, secure networking, certification, trust management, and secure electronic commerce. (3 credits)
Prerequisite: 600.226 and a 300-level or above systems course.
Instructor: Rubin
Meets: TH F 2:30 - 3:45 p.m.
Location: Shaffer 303 This course focuses on formal analysis and design of algorithms and protocols for the support of secure network communication. Topics include cryptographic algorithms (DES, Diffe-Hellman, RSA), authentication, key management, secure networking, certification, trust management, and secure electronic commerce. (3 credits) Instructor: Rubin This course focuses on the most widely used systems and protocols for security on the Internet and on the Web. The Internet refers to the infrastructure -the underlying protocols and routing. The Web refers to the applications that run on the Internet. Some of the questions addressed in the course are: How are secure network protocols designed, and how are vulnerabilities discovered? What are the effects of system vulnerabilities, and how may they be minimized? We will look at browsers, web servers, and communication protocols on the Internet, as well as how to deal with viruses and distributed denial of service attacks. Some of the protocols/systems covered in detail are TCP/IP, SSUTLS, IPsec, SSH, PGP, firewalls, IDS systems, and Kerberos. Instructor: Monrose
Meets: TH F 1:00 - 2:15 p.m.
location: Wyman 421 (Conf. Room) This course focuses on advanced research topics in communications security. The course is structured as a research seminar where students present research papers to the class. Topics include protocol analysis, security in inter-domain routing, broadcast authentication protocols, covert channels and anonymous communication, key management, advanced traceback schemes, attack propagation modeling, among others. A course project is required. [Systems] (3 credits)
Prerequisite: 600.324/424, 600.349/449 or instructor permission.
Instructor: Hohenberger
Meets: M W 3:30 - 4:45 p.m.
Location: TBA
This is a graduate-level course studying the theoretical foundations of computer science. Topics covered will be models of computation from automata to Turing machines, computability, complexity theory, randomized algorithms, inapproximability, interative proof systems and probabilistically checkable proofs. [Analysis] (3 credits)
Prerequisite: 600.271 or instructor permission.
Instructor: Hohenberger
The focus of this course is on the definitions and constructions of various cryptographic primitives and protocols, such as one-way functions, pseudo-random generators, digital signature schemes, encryption schemes, zero-knowledge and multiparty computation. We will study how to formulate definitions that capture desired security properties as well as techniques for designing and then proving that a construction realizes these properties. Students should be comfortable with the basics of number theory and proof writing. [Analysis]
Prerequisite: 600.471 recommended. Instructor: Ateniese
Meets: TH F 2:30 - 3:45 p.m.
location: Wyman 421 (Conf. Room) This course will focus on advanced cryptographic protocols with an emphasis on open research problems (Applications). (3 credits)
Prerequisites: 600.442, 600.443 or permission of the instructor.
Instructor: Rubin Topics vary but focus mainly on network perimeter protection, host-level protection, authentication technologies, intellectual property protection, formal analysis techniques, intrusion detection and similarly advanced topics. Cross listed with computer science. (3 credits)
Prerequisites: any 600 level course in security, including 600.442/443/424 or permission of instructor. Instructor: Monrose This course examines best practices for designing secure systems, with particular emphasize on software engineering. We review various criteria for designing secure systems and apply those principles to real systems. Students will be exposed to various techniques for analyzing system properties and for verifying program correctness, and will be expected to use that knowledge in examining existing protocols. Topics to be covered include the limits of techniques for software protection, such as code obfuscation, tamper-proofing and water-marking, analysis of software based attacks (and defenses), timing attacks and leakage of information, type safety, and capability systems. A course project is required. Instructor: Masson Principles of information security are addressed. Topics covered include identification and authentication, access control, security models, and issues related to operating system integrity. Practical aspects of security and assurance are addressed relative to Unix, Windows NT, and approaches to security evaluation. Distributed systems security is considered from the perspective of the World Wide Web and the Internet in terms of TCP/IP security. Multi-level security in databases relative to concurrency control and object-oriented systems are explored.
Instructor: Stubblefield
This course serves as an overview of some techniques used in the design of secure systems. The bulk of the course will focus on real-life case studies; we will examine attacks on deployed systems and then investigate how these vulnerabilities have been subsequently addressed. Additionally, the course will examine the practical advantages and shortcomings of several notions of provable security. The course's structure will include both instructor and student led lectures followed by seminar style discussion. Students will be expected to read, understand, and present recent research papers to the class. Instructor: Stubblefield This course provides advanced students the opportunity to do closely directed research in small groups on selected topics in computer security. .Students will learn how to conduct literature searches, choose suitable topics for research, analyze existing systems, construct new systems, develop metrics and models to quantify their improvements, and present their results in both written and oral forums. Each team of two will complete a short survey article, a publishable research article, and an oral presentation along with short weekly presentations of their progress. This course will satisfy the MSSI project requirement. (3 credits)
Limit: 16, Permission of instructor required. MSSI students given preference.
Instructor: Masson
This course will study information security and assurance methodologies from the perspective of implementation and performance on reduced instruction set architectures.
All 1st year MSSI students entering after Fall 07 will be required to take CSA.
Instructor: Green
This semester long course will teach skills of how cryptographic systems work and fail - as part of a complete hardware and software system. The skills will be taught by examples i.e., by studying and identifying flows in widely deployed crypto systems. We will place a particular emphasis on the failure of "security by obscurity" and the feasibility of reverse-engineering undocumented crypto systems.
Instructor: Stubblefield
This course will examine vulnerabilities in C source, stack overflows, writing shell code, etc. Also, vulnerabilities in web applications: SQL Injection, cookies, forceful browsing, as well as vulnerabilities in C binary fuzzing, and exploit development without source among other topics.
Instructor: Cha The topic of elliptic curves plays a central role in modern number theory. It has found a significant application in the most recent development of cryptography. This course covers elementary theory of elliptic curves and it’s application to cryptography.. Recommended for math majors who are interested in this area of number theory as well as for non-math majors who want to have a mathematical understanding of elliptic curve cryptosystems. (3 credits). Instructor: Stubblefield This short course serves as an introduction to how security systems are broken in the real world. The bulk of the course will focus on real-life case studies; specifically, we will be interested in how attacks have been used to break deployed systems and what lessons security engineers can learn from each failure. Topics include software flaws and reverse-engineering, protocol analysis and the misuse of cryptography, side channel attacks, and attacks on physical security measures such as locks and tamper-resistant devices. (1 credit)
Prerequisites: a security course (600.324/424, 600.442, 600.443), or permission. Instructor: Terzis CS and MSSI graduate students only, undergrads with permission.
Students receive credit for 600.349 or 600.449 but not both.
Prerequisite: (600.120,600.344/444), or permission
Recommended: (600.211 or 600.111)
Instructor: Kalb
On-line course: course website
This course provides an understanding of differences in network-based computers, program mobility, current intrusion protection technologies and exploitation methods along with material relating to computer hacking and vulnerability assessment. (3 credits) Instructor: Lavine This course introduces students to the field of computer forensics and it will focus on the various contemporary policy issues and applied technologies. Topics to be covered include: legal and regulatory issues, investigation techniques, data analysis approaches, and incident response procedures for Windows and UNIX systems. Homework in this course will relate to laboratory assignments and research exercises. Students should also expect that a group project will be integrated into this course. (3 credits).
Limit 25 Instructor: Masson This seminar course is comprised of presentations involving development and research in the Information and Security Assurance area. (1 credit - Pass/Fail)
Permission of the instructor required.
Instructor: Masson
All MSSI programs must include a project involving a research and development oriented investigation focused on an approved topic addressing the field of information security and assurance from the perspective of relevant applications and/or theory. There must be project supervision and approval involving a JHUISI affiliated faculty member. A project can be conducted individually or within a team-structured environment comprised of MSSI students and an advisor. A successful project must result in an associated report suitable for on-line distribution. When appropriate, a project can also lead to the development of a so-called "deliverable" such as software or a prototype system. Projects can be sponsored by government/industry partners and affiliates of the Information Security Institute, and can also be related to faculty research programs supported by grants and Contracts. A project can count for as much as 3 course credits towards the MSSI requirements by means of enrolling in 650.736/746 (P/F only). Instructor: Staff
Meets: TBA
Instructor: Staff
Meets: TBA
Instructor: Douihi This course focuses on digital security and the legal and social concerns raised by the efforts to combat them. Issues addressed include the need to maintain a balance for security in a networked world with the desire to protect the privacy of individuals. Consideration is given the new laws drafted to protect against digital threats in terms of whether such laws deliver effective counter-measures or is it necessary to rethink the ways in which the legal system tries to adapt to emerging technologies. The course also examines some of the most important digital threats and tools for ensuring privacy as well as the laws associated with them. (3 Credits)
Instructor: Jacobs
This course will examine various legal and policy issues presented by the tremendous growth in computer technology, especially the Internet. The rights that various parties have with respect to creating, modifying, using, distributing, storing, and copying digital data will be explored. The concurrent responsibilities, and potential liabilities, of those parties will also be addressed. The course will focus on intellectual property issues, especially copyright law, and other legal and economic considerations related to the use and management of digital data. Copyright law and its role within the framework of intellectual property law will be presented in a historical context, with an emphasis on its applicability to emerging-technology issues. Specifically, the treatment of various works, such as music, film, and photography, that were traditionally, analog in nature will be analyzed with respect to their treatment in the digital domain; works that are by their nature digital, such as computer software, will also be analyzed. The current state of U.S. copyright law will be presented, as will relevant international treaties and foreign laws. The goal of the course is to provide those involved or interested in digital rights management with a general awareness of the rights and obligations associated with maintaining and distributing digital data. (3 credits)
Instructor: Siegal
Meets: W 10:00 - 12:30 p.m.
Location: Wyman 421 (Conf. Room)
This course explores the ethical and legal underpinnings of the concept of privacy. It examines the nature and scope of the right to privacy by addressing fundamental questions such as: What is privacy? Why is privacy morally important? How is the right to privacy been articulated in constitutional law? (3 credits)
Instructor: Lavine
Meets: T 12:30 - 3:00 p.m.
Location: Wyman 421 (Conf. Room)
Information assurance is a complex and evolving doctrine and has roots in the defense and civilian sectors. It has antecedents and applications in intelligence theory, law enforcement, cyber-security, critical infrastructure protection and homeland security. This course introduces information assurance as a response to changes in technology, asymmetric threats and computer crime. It traces the concepts through civilian applications such as OMB and NIST standards as well as private sector issues related to privacy, contingency response and reliable infrastructures. We examine these concepts from a risk assessment and standards-based approach central to government planning and increasingly common in the private sector. We also consider the role of NSA, NIST and other models for building secure information systems. (3 credits)
Instructor: Douihi This seminar will focus on Digital Right management strategies and technologies (Watermarking, Encryption, XrML, etc.) and the legal structures that are designed to support them. We will especially focus on the differences in the legal perspectives between the European Commission's drafts and the proposed or existing American laws pertaining to the protection of digital copyright.
Instructor: Miller
Meets: T TH 9:00 - 10:30 a.m. -- (1/09 - 3/10)
Location: 615 N. Wolfe (East Baltimore Campus)
Instructor: Lacey
Meets: TH 4:00 - 6:45 p.m.
Location: Wyman 421 (Conf. Room)
The course will address information security in the public health and medical fields, with special emphasis on clinical care, research and the role of the academic medical center. In many respects, the course builds on 650.651 Health Information, Privacy, Law and Policy’s treatment of privacy and how such privacy is protected in the health and medical arena, including but not limited to HIPAA. It will also focus on disaster recovery and response, anonymization of records, billing, communication of public health information to communities, electronic health records and physical and administrative security (3 credits).
Instructor: Faden
Lectures and small group discussions focus on ethical theory and current ethical issues in health policy, including informed consent; resource allocation, and the right to health; lifestyle and health; and control of health hazards. Student evaluation based on class participation and a paper evaluating ethical issues in the student's area of public health specialization. (3 credits)
Students register interdivisionally through the Bloomberg School of Public Health. Instructor: Lehmann/Orlova The creation of rational health policy depends on a profound understanding of data found in multiple sources of information. This course is designed to provide practitioners within the public health profession with an understanding of the knowledge infrastructure, security and privacy issues, domain functions, tools and systems comprising the field of public health informatics. This is the rapidly developing scientific field that integrates the practice of medicine and public health with information technology. Public health informatics deals with optimizing the collection, verification and utilization of data that relates to a population for the purpose of generating knowledge to support public health practices, policy decisions, research development and public communication. (1 credit)
BSPH course - students must register Interdivisionally through their program office Instructor: Orlova Modern public health response systems are based on the coordination and communication between various public health agencies and health care organizations. This course focuses on the administrative simplification provisions of the Health Insurance Portability and Accountability Ace of 1996 (HIPAA) which mandates adoption of a variety of administrative e and financial health care standards as well as rules for electronic transactions and code sets. The material covered addresses transactions sequences and connectivity between various stakeholders, privacy and security rules, use of direct data entry services, standards for data editing and codes sets. Discussions consider approaches to provisions that will provide impetus for more comparable and secure data across the spectrum of health and health care. This course is designed to provide system implementers in the public health field with an understanding and hands-on experience with the HIPAA regulations, associated implementation implications, and a perspective to the impact on the future of the health care information infrastructure regarding the use of information technologies for providing services as well as performing research. Instructor: Lehmann This course addresses issues related to decision modeling based on health sciences data in terms of analysis, construction, and evaluation. Clinical decision support architectures are examined. An array of decision support tools is considered, and the knowledge representations employed in these tools are discussed. The course takes advantage of an availability of current related health sciences project. Instructor: Lehmann This course continues the review of health information systems through case studies in the design and evaluation processes. It will present a framework for design of systems based on user needs, functions, performed related information activities, available technology, etc. Skills taught will include the use of measures and methods for qualitative and quantitative evaluation of information systems, including cost, performance, effectiveness and benefit/outcome determination. Instructor: Lacey The course will address information security in the public health and medical fields, with special emphasis on clinical care, research and the role of the academic medical center. In many respects, the course builds on 650.651 Health Information, Privacy, Law and Policy’s treatment of privacy and how such privacy is protected in the health and medical arena, including but not limited to HIPAA. It will also focus on disaster recovery and response, anonymization of records, billing, communication of public health information to communities, electronic health records and physical and administrative security (3 credits).
Instructor: Hodge
This course pertains to issues relating to protecting health information privacy in the modern era. Theoretical and ethical discussions underlying health information privacy are covered. The primary focus of the course is to provide a modern context through which privacy protections are debated, constructed, implemented, and enforced. The course attempts to instruct students on the legal, policy, and practical issues surrounding the protection of health information privacy. The major federal and state privacy laws and policies and how these laws and policies are implemented in the public and private sectors is considered. (2 credits) Instructor: Roder The creation of rational health policy depends on a profound understanding of data found in multiple sources of information. This course is designed to provide practitioners within the public health profession with an understanding of the knowledge infrastructure, security and privacy issues, domain functions, tools and systems comprising the field of public health informatics. This is the rapidly developing scientific field that integrates the practice of medicine and public health with information technology. Public health informatics deals with optimizing the collection, verification and utilization of data that relates to a population for the purpose of generating knowledge to support public health practices, policy decisions, research development and public communication. (2 credits)
Offered through Johns Hopkins Medicine, Health Sciences Informatics Research Training Program, Division of Health Sciences Informatics. Instructor: Lehmann Computers and information technology has become major forces in transforming American medicine. We shall discuss some of the new entities---the computer-based patient record, clinical practice guidelines, and digital libraries---and their underlying technologies: networks, databases, controlled vocabularies, and decision analysis. (1 credit). Instructor: Miller This course will consist of a review of health information systems, such as patient record, patient monitoring, imaging, educational, bioinformatics and scholarly systems. Aa new course, this offering will teach the core architectures and technologies of these core systems, focusing on commonalities and differences. Goals/Objectives: The student shall: 1) demonstrate knowledge of the array of available health and health science applications; 2) demonstrate the ability to match the appropriate design to a specified need; 3 )demonstrate the ability to create specifications for a health or health science application; and 4) demonstrate the ability to provide an art historical critique of a health or health science application. The class will consist of:* an overview of health information systems, focusing both on the functional, technical, and financial goals that shaped or thinking about these clinical tools throughout their history: an overview of new technologies, and how these technologies, in concert with changes in the organization and focus of the health care sector, are changing the landscape of health information systems, including, but not limited to, changes in systems design, intended viewers of information, and novel uses of these data: a discussion of enabling technologies, including networking and database architectures, application environments, controlled vocabularies, workflow modeling tools, and organizational change techniques. To inform the students about active areas of investigation and unresolved challenges in the area of health information systems.
The creation of rational health policy depends on a profound understanding of data found in multiple sources for information. This course is designed to provide practitioners with the public health profession with an understanding of the knowledge infrastructure, security and privacy issues, domain functions, tools and systems comprising the field of public health informatics. This is the rapidly developing scientific field that integrates the practice of medicine and public health with information technology. Public health informatics deals with optimizing the collection, verification and utilization of data that relates to a population for the purpose of generating knowledge to support public health practices, policy decisions, research development and public communication. (2 credits) Instructor: Roderer The creation of rational health policy depends on a profound understanding of data found in multiple sources of information. This course is designed to provide practitioners within the public health profession with an understanding of the knowledge infrastructure, security and privacy issues, domain functions, tools and systems comprising the field of public health informatics. This is the rapidly developing scientific field that integrates the practice of medicine and public health with information technology. Public health informatics deals with optimizing the collection, verification and utilization of data that relates to a population for the purpose of generating knowledge to support public health practices, policy decisions, research development and public communication. (2 credits) Instructor: Miller This course discusses the factors that have caused computer security to become a significant problem for organizations and for society. The course defines vulnerability, exploit, threat, risk, impact, and exposure as these terms relate to information assurance. The course discusses good password administration exploring the customary tests of feasibility. The effects of HIPPAA privacy regulations and safeguards are explored and the impact on all groups and activities that are affected are examined. The course also defines what a Business Associate is under the HIPAA regulations and where Business Associate Agreements be used, and what they are intended to ensure. Also explains the concept of “risk analysis” as it applies to information assurance. (2 credits) (Offered through Johns Hopkins Medicine, Health Sciences Informatics Research Training Program, Division of Health Sciences Informatics).
Instructor: Agresti
This course addresses the risks (financial, reputation, business, and third party), costs, ROI, and other business issues concerned in planning and managing a secure operation. Topics include: disaster recovery, outsourcing issues; service level agreements; evaluating external security service providers; assessing security total cost of ownership; audit procedures; financial integrity; cost/benefit analyses; back-up and recovery provisions; insurance protection; contingency and business continuity plans; qualitative and quantitative risk analysis; monitoring the security of the enterprise; information economics; performance reporting; automated metrics reporting; responses to threats; effects of security policies and practices on business and customers; preparing a business case for information security investments; and developing cost effective solutions given constraints in money, assets, and personnel. Case studies and exercises will be used to illustrate financial planning and evaluation of security operations. (3 credits)
Prerequisite: 773.719 or equivalent Instructor: Kociemba
Meets: F 5:30 - 8:00 p.m. -- (1/27 - 5/5)
Location: Wyman 421 (Conf. Room) This course focuses on the personnel, legal, regulatory and privacy issues that constitute many of the basic management areas that must be considered in developing and implementing an effective information security program. Specific topics include HIPAA, GASSP, security best practices, political issues in the organization, implementation of an enterprise wide security strategy and finally, the organization, roles, staffing responsibilities and funding. (3 credits)
Prerequisite: 774.715 and 776.754 or permission of the instructor.
This course is offered through the School of Professional Studies in Business and Education, students must register for it interdivisionally.
|
