School of Engineering & School of Business at UConn offer a variety of courses in the field of hardware, software and network security plus an advanced engineering certificate in cybersecurity
Information and Data Security: Introduction to computer security and the design of secure systems. Security and threat modeling. Entity authentication and privacy, data integrity and confidentiality. Cryptographic tools: symmetric and asymmetric encryption, digital signatures, message authentication codes, hash functions. Security at the operating system level, access control, security enforcement, memory protection. Network security, firewalls, internet worms and viruses, intrusion detection. Digital rights management, software security, program obfuscation, implementation flaws, buffer overflow attacks. Case studies in topical areas.
Computer Security: Introduction to computer security and the design of secure systems. Cryptographic tools. Operating system security and access control. Network, software and database security. Randomness generation. Malicious software. Digital rights management, anonymity and privacy. Various attacks and countermeasures. Ethical, legal and business aspects.
Introduction to Modern Cryptography: An introduction to the fundamentals of modern cryptography focusing on development of secure cryptographic tools based on hard computational problems. Topics include one-way functions, pseudorandom generators, encryption, digital signatures, and protocols.
IT Security, Governance, and Audit: Topics covered include IS audit processes, IT Governance, Audit of Revenue and Expenditure Cycle Applications, Protection of information assets such as Accounting, Financial and Marketing information, Business continuity and disaster recovery, Legal aspects of computer security, Sarbanes-Oxley (SOX) compliance and implications for business and IT, Computer forensics.
Information Security Law and Policy: This course discusses the areas of corporate responsibility as it pertains to the safeguarding of critical data, infrastructure and business processes. The students will be introduced to the current legal and regulatory landscape in information security as well as industry standards, guidelines, benchmarks and best practices. Conceptual ideas will be reinforced with the discussion of recent security breaches and follow-up actions.
Information Security Risk Management: The goal of the course is to teach fundamentals as well as practical techniques to identify security risks, perform security risk assessment, efficiently manage risk activities, and quantify the risk level of computer systems and computing devices such as laptop computers, mobile devices, and internet-enabled appliances. The students will learn about security risk management through the study of business-cases and by using cost-benefit analysis, what-if analysis, simulation, and other quantitative and qualitative methods to assess and control risk.
Introduction to Hardware Security and Trust: Fundamentals of hardware security and trust for integrated circuits. Cryptographic hardware, invasive and non-invasive attacks, side-channel attacks, physically unclonable functions, watermarking of Intellectual Property (IP) blocks, FPGA security, counterfeit detection, hardware Trojan detection and prevention in IP cores and integrated circuits.
Hardware Trojan Detection and Prevention: This course is a graduate-level advanced-topics course that intends to help students (i) understand the challenges and impact of hardware Trojans; (ii) familiarize themselves with existing state-of-the-art research in the area; (iii) build a foundation of knowledge in overlapping areas such as signal processing, detection, and estimation theories; (iv) evaluate existing methods, improve upon them, and develop new research techniques for hardware Trojan detection and prevention in a course project; (v) improve reading, writing, and presentation skills. A course project challenges the students to insert and detect hardware Trojans in real chips.
Advanced Engineering in Cybersecurity:
The Advanced Engineering Certificate in cybersecurity requires students to take four of the following courses:
Information Security Law and Policy
Information and Data Security
Network and Web Security
Information Security Risk Management