Courses
Core courses
17-631 Information Security, Privacy, and Policy
As layers upon layers of technology mediate increasingly rich business processes and social interactions, issues of information security and privacy are growing more complex too. This course takes a multi-disciplinary perspective of information security and privacy, looking at technologies as well as business, legal, policy and usability issues. The objective is to prepare students to identify and address critical security and privacy issues involved in the design, development and deployment of information systems. Examples used to introduce concepts covered in the class range from enterprise systems to mobile and pervasive computing as well as social networking. Format: Lectures, short student presentations on topics selected together with the instructor, and guest presentations Target Audience: Primarily intended for master students with a CS background or equivalent. Also open to motivated undergrads as well as PhD students interested in a more practical, multi-disciplinary understanding of information security and privacy.
17-662 Law of Computer Technology (A1 6-unit mini)
This course consists of the first half of the 12-unit course 17-762. It is both a survey of computer law and an examination of how courts evaluate technological evidence in their decision-making. It deals with the most important and controversial issues in technology law today. The material is divided into six primary subjects: 1. Legal process: how courts operate, how lawsuits are conducted, what happens in appeals, who has to obey the determination of a court, over whom can a court exercise power, and regulatory law. 2. Evidence: what has to be proven to a court and how it is done, rules of evidence, burdens of proof, expert testimony. 3. Business Transactions: software licenses, clickwrap contracts, electronic transactions. 4. Personal Intrusions: social media, libel and defamation, data privacy, position monitoring. 5. Intellectual Property: trade secrets and confidentiality agreements. No legal background is required or assumed. This is not a law school course. Great effort is expended to keep the syllabus current based on breaking legal events. Therefore, the content and ordering of lectures may vary somewhat as the course progresses.
17-731 Foundations of Privacy
Privacy is a significant concern in modern society. Individuals share personal information with many different organizations - healthcare, financial and educational institutions, the census bureau, web services providers and online social networks - often in electronic form. Privacy violations occur when such personal information is inappropriately collected, shared or used. We will study privacy in a few settings where rigorous definitions and enforcement mechanisms are being developed - statistical disclosure limitation (as may be used by the census bureau in releasing statistics), semantics and logical specification of privacy policies that constrain information flow and use (e.g., by privacy regulations such as the HIPAA Privacy Rule and the Gramm-Leach-Bliley Act), principled audit and accountability mechanisms for enforcing privacy policies, anonymous communication protocols - and other settings in which privacy concerns have prompted much research, such as in social networks, location privacy and Web privacy (in particular, online tracking & targeted advertising).
17-733 Privacy Policy, Law, and Technology
As new technologies are developed, they increasingly raise privacy concerns- the Web, wireless location-based services, and RFID are a few examples. In addition, the recent focus on fighting terrorism has brought with it new concerns about governmental intrusions on personal privacy. This course provides an in depth look into privacy, privacy laws, and privacy-related technologies. Students will study privacy from philosophical, historical, legal, policy, and technical perspectives and learn how to engineer systems for privacy. This course is appropriate for graduate students, juniors, and seniors who have strong technical backgrounds. 8-733 is for PhD students. 8-533 and 19-608 are for undergraduate students. Masters students may register for any of the course numbers. This course will include a lot of reading, writing, and class discussion. Students will be able to tailor their assignments to their skills and interests, focusing more on programming or writing papers as they see fit. However, all students will be expected to do some writing and some technical work. A large emphasis will be placed on research and communication skills, which will be taught throughout the course.
17-734 Usable Privacy and Security
Our “Usable Privacy and Security” course, developed at CMU in 2006 by faculty in three departments, is designed to introduce students to usability and user interface problems related to privacy and security and to give them experience in designing studies aimed at helping to evaluate usability issues in security and privacy systems. The course was designed for students interested in privacy and security who would like to learn more about usability, as well as for students interested in usability who would like to learn more about security and privacy. In addition to faculty and guest lectures, students present and discuss usable privacy and security research papers. Students work in interdisciplinary teams on a project throughout the semester under the guidance of faculty mentors.
17-735 Engineering Privacy in Software
Privacy harms that involve personal data can often be traced back to software failures, which can be prevented through sound engineering practices. In this course, students will learn how to engineer privacy using modern methods and tools for software requirements, design and testing. This integration includes how to collect and analyze software and privacy requirements, how to reconcile ambiguous, inconsistent and conflicting requirements, and how to develop and evaluate software designs based on established privacy principles, including how to analyze design alternatives to reduce threats to personal privacy. After completing this course, students will know how to integrate privacy into the software development lifecycle and how, and when, to interface with relevant stakeholders, including legal, marketing and other developers in order to align software designs with relevant privacy laws and business practices.
Elective Courses
These are examples of some of the electives that will be offered. This list will change each semester. Students may count independent study credits or other courses as electives with the approval of their advisor.
Students interested in taking privacy or security courses as electives should review the Privacy and Security Course list.
17-716/17416 AI Governance: Identifying and Mitigating Risk in Design and Dev of AI Solutions (Highly Recommended)
01-611 Natural Language Processing
02-613 Algorithims and Advanced Data Structures
05-820 Social Web
10-601 Introduction to Machine Learning
11-642 Search Engines
11-785 Introduction to Deep Learning
14-740 Fundamentals of Telecommunications Networks
14-741 Introduction to Information Security
14-761 Applied Information Assurance
14-788 Information Security Policy and Management
14-809 Introduction to Cyber Intelligence
14-823 Network Forensics
14-829 Mobile and IOT Security
17-514 Principles of Software Construction: Objects, Design and Concurrency
17-683 Data Structures for Application Programmers
18-636 Browser Security
18-637 Wireless Security
18-730 Introduction to Computer Security
18-731 Network Security
18-732 Secure Software Systems
19-639 Policies of the Internet
19-713 Policies of Wireless Systems
19-733 Cryptocurrencies, Blockchains, and Applications
36-749 Experimental Design for Behavioral and Social Sciences
94-800 Negotiation
94-808 Management Consulting
94-886 Advances in Robotic Process Automation
95-737 NoSQL Database Management
95-759 Malicious Code Analysis
95-799 Linux and Open Source
95-812 Introduction to the ITIL Framework
95-881 Web Application Development
95-882 Enterprise Web Development
95-883 Ethical Penetration Testing