Cyber Operations Concentration
The Cyber Operations Concentration builds upon the current ABET Accredited Bachelor of Science in Computer Science by adding six courses that focus on Cyber Operations and provide hands-on experience with tools and techniques for investigating, analyzing, and responding to cyber-attacks. Typically, the courses are offered in the following semesters:
- CSE 3801 Introduction to Cybersecurity
- CSE 4830 Software Reverse Engineering
- CSE 4820 Wireless / Mobile Security
- CSE 3810 Cyber Defense
- CSE 4840 Cyber Offense
- CSE 4850 Vulnerability Research
Applying to the Concentration
Students are eligible to begin the concentration once they have completed CSE 2010. Typically, this starts with CSE 3801 in the fall semester of a student's junior year. CSE 3801 requires instructor approval by submitting a closed class form on https://closed-class.fit.edu/. The CSE 3801 instructor will approve closed-class forms on a per-merit basis. Any questions should be directed to the Cybersecurity Program Chair (toconnor [at] fit.edu).
Competitive security exercises and hands-on learning represent a powerful approach for teaching cybersecurity. We have published the following peer-reviewed articles exploring our pedagogical approach for classes in our concentration.
TJ OConnor, Carl Mann, Tiffanie Petersen, Isaiah Thomas and Chris Stricklan. Toward an Automatic Exploit Generation Competition for an Undergraduate Binary Reverse Engineering Course. In Innovation and Technology in Computer Science Education (ITiCSE), Dublin, Ireland, July 2022. ACM. [bib] [pdf] [course materials]
TJ OConnor. HELO DarkSide: Breaking free from katas and embracing the adversarial mindset in cybersecurity education. In Special Interest Group on Computer Science Education (SIGCSE), Providence, RI, March 2022. ACM. [bib] [pdf]
Chris Stricklan, TJ OConnor. Towards Binary Diversified Challenges For A Hands-On Reverse Engineering Course. ACM Innovation and Technology in Computer Science Education (ITiCSE). June 2021. [bib] [pdf]
CSE 3801 Introduction to Cybersecurity
Prerequisite: CSE2010 Examines the concepts and terminology of cyber operations from a practical point of view. Discusses ethical and legal considerations of cyber operations. Introduces vulnerability analysis and exploit development. Examines recent security-related trends and technologies.
CSE 3810 Cyber Defense
Prerequisite: CSE3801 Examines the defense of information technology from a practical point of view. Introduces security principles, design, methods for reducing complexity and detection of reconnaissance, malicious traffic, and covert channels. Students will both design and implement a defense architecture by leveraging risk models including NIST SP 800-37 /39.
CSE 4820 Wireless / Mobile Security
Prerequisite: CSE3801 Examines the security and privacy of wireless and mobile technologies from a practical point of view. Discusses cryptographic primitives and proper association and authentication of users. Examines a lengthy history of design/implementation flaws in various wireless technologies. Discusses recent wireless security-related trends and technologies.
CSE 4830 Software Reverse Engineering
Prerequisite: CSE3801 Examines different assembly languages and the study of how compilers generate the control flows in each language. Focuses on the constructs of If, If-then-else, Switch, and Loops. Discusses anti-RE techniques, C++ naming, polymorphism and vftables, static/dynamically-compiled programs, and embedded/mobile devices.
CSE 4840 Cyber Offense
Prerequisite: CSE3801 Examines offensive cyber operations scenarios from both a strategic and tactical point of view. Discusses strategic concepts including the planning, execution, and phases of cyber operations. Enumerates attack methods in the cyber kill chain and MITRE Att&ck Framework through practical exercises. Reviews case studies of offensive cyber operations.
CSE 4850 Vulnerability Research
Prerequisites: CSE3801, CSE4830 Introduce exploit development by static and dynamic analysis of vulnerabilities. Provides a taxonomy of vulnerabilities including buffer overflows, use-after-free, format strings, and logic bugs. Examines the concept of overcoming exploit mitigation strategies with return-oriented programming and memory-leaks.