6 Courses
In this course, you will examine security for computers and networked information systems. The focus is abstractions, principles, and defenses for implementing military and commercial-grade secure systems. Through this lens, you will explore security and survivability for computers and communications networks as well as policy issues such as the national debates on cryptography policy and the meaning of privacy. That journey will be informed by a survey of technical means for implementing the various properties that comprise "trustworthiness" in a computing system, including mechanisms for authorization and authentication along with cryptographic protocols.

Protocols for authenticating machines play an important role in systems security, and this course will focus on various aspects of this challenge. Using case studies of protocols that work and that have failed will help you to acquire the skill — and the skepticism — necessary to analyze and deploy authentication protocols successfully. In this course, you will investigate shared key and public key cryptography along with the trade-offs associated with these different types of keys. You will also examine some of the standard cryptographic building blocks and their use.

The following course is required to be completed before taking this course:

  • Systems Security

If an attacker can masquerade as an authorized user of a system, then many other defenses become irrelevant. This course addresses how a computing system can authenticate a human user, discussing implementations of mechanisms as well as their privacy implications. You will explore the protocols of passwords, biometrics, and tokens, along with their combination as multifactor authentication.

The following course is required to be completed before taking this course:

  • Systems Security

Additionally, you are required to have completed the following course or have equivalent experience:

  • Authenticating Machines

Access control mechanisms ensure that a user is able to read and/or update only certain objects. With discretionary access control, it is the creator of an object who decides which other users should have access. A broad set of mechanisms have been developed to enforce discretionary access control in a computing system. This course will survey the two approaches widely used in these mechanisms: access control lists and capabilities. Through the use of case studies, you will review the pragmatics of implementations in processor hardware, operating systems, and programming languages.

It is recommended to only take this course if you have completed “Systems Security,” “Authenticating Machines,” and “Authenticating Humans,” or have equivalent experience.

Sometimes the owner of an object is not, in fact, the one to determine who should get access to that object; rather, it is an institutional policy that dictates that decision. This form of access control is known as mandatory access control, and it is frequently used in business and military settings. In this course, you will review various forms of mandatory access control policies and their implementations, including multilevel security, commercial, and role-based access control schemes.

It is recommended to only take this course if you have completed “Systems Security,” “Authenticating Machines,” “Authenticating Humans,” and “Discretionary Access Control,” or have equivalent experience.

Vulnerable systems are made secure by employing enforcement mechanisms. Beyond enforcement mechanisms for authentication and for authorization, this course will explore the use of mechanisms for protecting the integrity of systems and, thus, preventing an attacker from circumventing controls. You will learn about the three primary classes of enforcement mechanisms — mediation/monitoring, isolation, and asymmetry — and discuss how they are deployed in systems today.

It is recommended to only take this course if you have completed “Systems Security,” “Authenticating Machines,” “Authenticating Humans,” “Discretionary Access Control,” and “Mandatory Access Control,” or have equivalent experience.

Learn From Cornell's top Minds
All certificates are personally developed by Cornell faculty.

Get It Done 100% Online
Flexible, interactive programs
that fit your life and career.

Power Your
career
Cornell's standard of excellence can help you stand apart.