Computer Security Specialization
WPI’s cyber-security programs place the science and engineering of security within the broader holistic frameworks of institutions and society. The specialization in Computer Science prepares students to approach technical computer security problems in the context of users and organizations. The program prepares students for both industrial positions and PhD study related to computer security.
The MS specialization in security strives to produce students who
- can assess which security-related threats to address in a computing problem
- understand technical security vulnerabilities and technologies at at least two different abstraction levels within computing systems
- appreciate behavioral and human factors in creating feasible security systems
In addition to the 33 graduate credits required for MS degrees in CS, the following apply:
|Degree Requirements (Coursework Option)
|Security Electives (including Behavioral Dimensions)
|Computer Science Bins
|Degree Requirements (Thesis Option)
|Security Electives (including Behavioral Dimension)
|Computer Science Bins
Courses covering two of software, systems/networks, and wireless/internet level security. Current applicable courses are:
- CS557 Software Security Design and Analysis
- CS558 Network Security
- ECE579W Wireless and Internet Security
Students with BS/MS credit for CS4401 Software Security Engineering or CS4404 Tools and Techniques in Computer Network Security may apply at most one of these courses towards the security core requirement for the MS specialization.
Includes all security-related courses offered in Computer Science and Electrical and Computer Engineering. Up to three credits from thesis work on a security-related topic may count towards this requirement, with the approval of the specialization director. Current applicable courses are the security core courses as well as:
- CS571 Case Studies in Computer Security [satisfies Behavioral Requirement]
- CS578 Cryptography
- ECE673 Advanced Cryptography
- CS564 Advanced Topics in Computer Security
At least one course counted towards security electives must provide significant coverage of behavioral dimensions of cyber security. Permanent course offerings that satisfy the behavioral dimensions requirement are designated as such in their catalog descriptions. The instructors of topics courses (CS525) and independent study courses may designate particular offerings as satisfying the behavioral requirement with the approval of the Specialization Director.
At least three credits in business or management issues that bear on security concerns. Current applicable courses are:
- MIS582 Information Security Management
- OIE541 Operations Risk Management
Computer Science Bins
Courses as required to satisfy the breadth requirements (“bins”) for the CS MS degree. Details appear in the CS MS degree requirements.
Any courses allowable within the requirements for CS MS degrees, including thesis credits.
If a student applies thesis credits towards a degree bearing the computer security specialization, his or her thesis topic must be approved as security-related by one of the core specialization faculty. Theses need not be advised by core specialization faculty; in such cases, the reader should be one of the core specialization faculty.
Pure coursework Masters 1
|Core||Network Security, Wireless Security (ECE)||6|
|Electives||Case Studies in Computer Security, Cryptography, Logical Foundations of Distributes Systems Security (as Advanced Topics course)||9|
||four 500-level courses to satisfy CS core bins plus one other CS course||15|
Pure coursework Masters 2
|Core||Network Security, Software Security||6|
||Case Studies in Computer Security, Cryptography||6|
||three 500-level courses and one 5000-level course to satisfy CS core bins, plus two elective CS courses||18|
|Core||Network Security, Software Security||6
|Electives||Case Studies in Computer Security, 9 credits of MS Thesis||12|
||four 500-level courses to satisfy CS core bins||12|
- Thesis students have room for only three security courses
- A student who needs both CS5003 and CS5084 needs to take an extra course towards the degree, since 5003/5084 count as “outside the Department courses” (limited to two), as does the required the Management course.
Students interested in completing the Computer Security specialization must apply to and be admitted to a graduate program in the WPI Computer Science department. There is no separate application process for the specialization. Students interested in completing the specialization should complete a form through the CS graduate secretary as part of their application for graduation. A student seeking to count MS thesis credits towards the security specialization should seek approval of their topic through the specialization director prior to completing six credits of thesis research.
As this program is merely a specialization, rather than a stand-alone degree, it requires only a single faculty member overseeing program execution. Professor Kathi Fisler will initially serve as Specialization Director. ISP and directed research (CS598) credits applied to this program may be approved by any of the Core Specialization faculty (listed below) with appointments in CS; thesis credits may be approved by any Core Specialization faculty who already can advise MS theses in CS.
Core Specialization Faculty
- Daniel J. Dougherty (Professor, CS)
- Kathi Fisler (Associate Professor, CS); Specialization Director
- Joshua Guttman (Professor, CS)
- William Martin (Professor, Math)
- Craig Shue (Assistant Professor, CS)
- Berk Sunar (Associate Professor, ECE)
- Craig Wills (Professor, CS)
Descriptions of New Courses
CS557. Software Security Design and Analysis
Software is responsible for enforcing many central security goals in computer systems. These goals include authenticating users and other external principals, authorizing their actions, and ensuring the integrity and confidentiality of their data. This course studies how to design, implement, and analyze mechanisms to enforce these goals in both web systems and programs in traditional languages. Topics include: identifying programming choices that lead to reliable or flawed security outcomes, successful and unsuccessful strategies for incorporating cryptography into software, and analysis techniques that identify security vulnerabilities. The course will cover both practical and theoretical aspects of secure software, and will include a substantial secure software design project.
Prerequisites: Programming and software engineering experience (commensurate with an undergraduate Computer Science major), and background in foundational models of computing systems (on par with CS5003 or CS503).
CS558. Computer Network Security
This course covers core security threats and mitigations at the network level. Topics include: denial-of-service, network capabilities, intrusion detection and prevention systems, worms, botnets, Web attacks, anonymity, honeypots, cybercrime (such as phishing), and legality and ethics. The course prepares students to think broadly and concretely about network security; it is not designed to teach students low-level tools for monitoring or maintaining system security. Assignments and projects will assess each student’s ability to think both conceptually and practically about network security.
Prerequisites: a strong background in computer networking and systems, either at the undergraduate or graduate level, and moderate programming experience.
CS564. Advanced Topics in Computer Security
This course examines one or more selected current issues in the area of computer security. Specific topics covered are dependent on the instructor. Potential topics include: modeling and analyzing security protocols, access-control, network security, and human-centered security.
Prerequisites: a graduate level security course or equivalent experience. See the SUPPLEMENT section for descriptions of courses to be offered in this academic year.
CS571. Case Studies in Computer Security
This course examines security challenges and failures holistically, taking into account technical concerns, human behavior, and business decisions. Using a series of detailed case studies, students will explore the interplay among these dimensions in creating secure computing systems and infrastructure. Students will also apply lessons from the case studies to emerging secure-systems design problems. The course requires active participation in class discussions, presentations, and writing assignments. It does not involve programming, but assumes that students have substantial prior experience with security protocols, attacks, and mitigations at the implementation level. This course satisfies the behavioral component of the MS specialization in computer security.
Prerequisites: A prior course or equivalent experience in technical aspects of computer security, at either the software or systems level.