For Undergrads

• Undergraduate Program
• Contact Us with your Questions
• B.A. Degree Requirements
• B.S. Degree Requirements
• FAQ on the Degree Program
• The 5-Course CS Minor
• B.S. Specialty Tracks
  • Security & Privacy
  • Robotics, Vision, and Graphics
  • Artificial Intelligence
  • Computer Architecture
  • Networking
  • Programming Languages & Compilers
  • Search and Data Mining
  • Software Engineering
  • Software Systems
  • Theory of Computation
• Second Bachelor's Degree
• The Honors Track
• Advising and Advisors
• Transfer Students
• UG Friday Events
• Student Groups
• Scholarships & Fellowships
• Courses
• Graduation
• Dean's List
• UMass Academic Regulations
• UMass Code of Student Conduct

The Security & Privacy Track

We are constantly increasing our reliance on computers for managing information from tasks both great and small. In scenarios ranging from our personal lives to our nation's critical infrastructure, the security and privacy of information is a fundamental challenge in computer science.

The Department of Computer Science offers to its B.S. students the chance to complete a concentration in Security & Privacy. The S&P concentration requires no additional courses within the major. Our courses are taught by faculty doing cutting-edge research in security and privacy, including Kevin Fu, David Jensen, Brian Levine, and Gerome Miklau. We encourage students to not only take our classes, but to get involved in undergraduate research with these professors. Our students have graduated to positions in industry and graduate school.

The S&P curriculum has the fundamentals of algorithms, OS, and security at its core. Students then add breadth by taking at least one of Knowledge Discovery, Information Systems (a.k.a. Databases), or Computer Networks. The two latter courses might be an obvious fit to the track as they are systems where security and privacy issues come into play very often. The inclusion of the course on Knowledge Discovery reflects the latest trends in forensics, incident response, and intelligence that require data mining and computation across massive amounts of information. Finally, student add depth to their study by taking at least two of a menu of courses: Forensics, Crypto, and graduate-level Security.

Requirements

• Three required courses:
  • 311 Algorithms
  • 377 Operating Systems
  • 460 Intro to Security
• Any one course from the following:
  • 348 Knowledge Discovery
  • 445 Information Systems
  • 453 Computer Networks
• Any two courses from the following:
  • 365 Digital Forensics
  • 466 Applied Cryptography
  • 660 Advance Information Assurance
• Two CS electives numbered 300 or above (not including 305).

Note that over the next two years, due to scheduled sabbaticals of faculty, cs365, cs466, and cs660 will be offered irregularly. But you can expect that other courses will be set up to take their place. Students can take CS391LI Computer Crime Law (next offered Fall 2011) and ECE597AB Security Engineering (next offered Spring 2012, pre-req of CS460) will be offered and count towards this track. (ECE697AB is ok too; it's the same class, but geared for grad students.)

Also note that unexpectedly, cs445 and cs453 will be offered Fall 2011, and  cs445 will be offered in the fall and spring. None of cs365, cs466, and CS660 will be offered in Fall 2011 or Spring 2012.

Some informal descriptions of these classes follow.

• CS 460: Intro to Computer and Network Security. Next offered Fall 2011 (Misra).
  Topics include ethics; fundamental defs; basic crypto tools, hardening linux systems; Risk assessment; CVE; policy; secure programming; TCP/IP vulnerabilities; Firewalls; securing DNS; anonymous routing; malware; monitoring; IDS; incident handling; system recovery; symmetric/asymmetric crypto; hashes; key management; sigs; kerberos; PKI/SSL/VPN; kerberos implementations; DOS/DDOS; wireless security.

• CS 660: Advanced Information Assurance. Next offered Spring 2011.  (Ransford/Levine) This course provides an in-depth examination of the fundamental principles of information assurance. While the companion course for undergraduates is focused on practical issues, the syllabus of this course is influenced strictly by the latest research. We will cover a range of topics, including authentication, integrity, confidentiality of distributed systems, network security, malware, privacy, intrusion detection, intellectual property protection, and more.
• CS 691DP: Seminar - Principles of Data Privacy. Next offered Spring 2011 (Miklau). A graduate-level seminar; most likely a one-time offering.

• CS 391LI: Computer Crime Law. Next offered Fall 2011 (Levine) A new full course for undergraduates on cyberlaw. We use Orin Kerr's "Computer Crime Law" law school textbook. (First offered as "Legal Implications of Computers" in Fall 2010.).
• CS 348: Introduction to Knowledge Discovery. Next offered Fall 2011 (Jensen). Knowledge discovery is the process of discovering useful regularities in large and complex data sets. The field encompasses techniques from artificial intelligence (representation and search), statistics (inference), and databases (data storage and access). When integrated in to useful systems, these techniques can help human analysts make sense of vast stores of digital information.
• CS 453: Computer Networking. Next offered  Spring 2011 (Kurose). Security topics covered typically include principles of cryptography; authentication; integrity; key distribution and certification; firewalls; attacks and countermeasures; case studies.
• CS 454: Databases. Next offered Fall 2010. (Miklau)
• CS 466: Applied Crypto. Next offered: not before Fall 2012 (Fu).  Topic typically include the foundations of modern cryptography and the humility of building practical cryptographic systems. Topics include fundamentals of cryptography, applications, attacks, and theory. The class draws on material from public key cryptography, hash functions, symmetric cryptography, and other timely topics -- primarily from number theoretic, performance, and definitional perspectives.
• CS 365: Digital Forensics. Next offered: not before Fall 2012  (Levine).
  The course is a broad introduction to forensic investigation of digital information. We cover the acquisition, preservation, harvesting, analysis, and courtroom presentation of information from
  file systems, operating systems, networks, database systems, applications, media files, and embedded systems. The primary goal of the class is to understand why and from where information is recoverable in these systems. We also review important case law and legal concepts.
• In Spring 2010, Prof. Wayne Burleson offered ECE 697AB Security Engineering, and the course can serve as a substitute for CS660 for students in the Security & Privacy track. This will be true again in Sping 2012.

• You are also welcome to complete CS 496 (Independent study) and 499Y/499T (Honors research or honors thesis) using a security & privacy related topic. Talk first to your professors about completing this option and the UPD to receive permissions for counting 496/499 towards this track.