Undergraduate Focus Area: Cyber Security

The Cyber Security Focus Area in the Computer Science Major
Department of Computer Science

Tufts University
Last updated by Ming Chow, Susan Landau, and Daniel Votipka on April 22, 2021

Overview

The crux of Cyber Security is to understand how systems, applications, algorithms, and protocols work and fail.  The purpose of this focus area is to provide you with breadth and depth in the broad area of Cyber Security with a strong technical foundation. This focus area applies equally well for Arts and Sciences (A&S) and School of Engineering (SoE) students.

The Computer Science Core

  1. Introduction to Computer Science (CS 11)
    • Importance for Cyber Security (the “why”): Being proficient in programming is an essential skill to have as a cyber security practitioner or researcher. (1)
  2. Data Structures (CS 15)
    • Importance for Cyber Security (the “why”): How to organize information and what it costs.
  3. Machine Structure & Assembly-Language Programming (CS 40)
    • Importance for Cyber Security (the “why”): Bits, bytes, pointers; memory management; basic assembly programming, debugging, and reverse engineering.
  4. Programming Languages (CS 105)
    • Importance for Cyber Security (the “why”): Your next "n" programming languages --how to use them well; secure and insecure type systems and language design; defensive execution of unsafe languages. (2)
  5. Algorithms (CS 160)
    • Importance for Cyber Security (the “why”): Provides a way to analyze time and space complexity of attacks and defenses, including cryptographic protocols.
  6. Theory of Computation (CS 170)
    • Importance for Cyber Security (the “why”): Study of the inherent capabilities and limitations of any computer.

The Cyber Security Core

  1. Introduction to Computer Security / Computer System Security (CS 116)
    • Importance for Cyber Security (the “why”): Basics of networking, attacking and defending networks, cryptography, vulnerabilities and vulnerability disclosure, web security, malware, static analysis. Caveat: this is broad course where you will learn a little about a lot.
  2. Operating Systems (CS 111)
    • Importance for Cyber Security (the “why”): How systems work; concurrency, resource management, interfaces, and hiding complexity, system design; no magic. (3)
  3. Networks (CS 112) and/or Network Security
    • Importance for Cyber Security (the “why”): How computers talk to each other; not understanding networks and you will not understand the attribution problem.
  4. Web Programming (CS 20)
    • Importance for Cyber Security (the “why”): How the web works; HTTP, Same-Origin Policy, JavaScript, client-server architecture, basic web security. Web application attacks accounted for over 60% of all incidents. (4)
  5. The Cyber Security Capstone (see below)

Cyber Security Cluster Electives

Pick at least 2 courses from the following list:

  1. One of the following, as only one of these courses can be counted towards the CS major: Cyber Security and Cyber Warfare (CS 50 / PS 188), Cyberlaw and Cyberpolicy (CS 184), Cyber in the Civil Sector (CS 182), International Cyber Conflict (DHP P249), or Privacy in the Digital Age (CS 183). Students can take only one of International Cyber Conflict and Cyber Security and Cyber Warfare for credit as the courses have significant overlap.
  2. Program Analysis, Verification, and Synthesis (CS 150)
  3. Reverse Engineering (CS 150)
  4. Cryptography (CS 165)
  5. Software Engineering (CS 121)

Capstone

Doing the bare minimum coursework is not good enough. To be successful in cyber security, you will need practical hands-on experience. To quote:

"When I joined the Facebook security team last year, it was in large part because of the experience I gained through CTFs. When I was a student at the University of Michigan, the TA for my security class introduced me to CTFs, which exposed me to a fun and practical side of security that I didn't get in class. For example, I learned about RSA encryption in my computer science courses, but CTFs taught me how to break it when it wasn't properly implemented, which happens all the time in the real world. It's a lot of fun to learn this offensive side of security, but at the same time learning about these flaws makes you a better defender as well. Eventually I helped start the CTF club at the University of Michigan and later joined an international CTF team called Samurai, that competes at DEF CON every year." (5)

You can fulfill the capstone de facto requirement in our Cyber Security focus area by one of the following ways:

  1. Do a year long senior capstone project via CS 97 and CS 98
  2. Doing a thesis in Cybersecurity Policy via CS 197
  3. Compete in a national competition:
    • MITRE Embedded Capture the Flag Competition (spring semester)
    • Booz Allen Hamilton and Maryland Cybersecurity Center Build It Break It Fix It Competition (fall semester)
    • National Collegiate Cyber Defense Competition (CCDC, spring semester)
    • Atlantic Council Cyber 9/12 Student Competition (fall or spring semester)
    • Collegiate Penetration Testing Competition (CPTC, fall semester)

Roadmap

Your experience may vary, but this table represents a typical student's progression through the program based on the School of Engineering degree sheet for Computer Science: (6)

Fall Semester, Year 1 credits Spring Semester, Year 1 credits
Introductory Engineering (EN1)   Intro to Computing in Engineering (ES2)  
Calculus I (MATH 32)   Calculus II (MATH 34 OR 36)  
Physics I (PHY 11)   Chemistry I (CHEM 1)  
First Year Writing (ENG 1)   Data Structures (CS 15)  
Intro.to Computer Science (CS 11)   Web Programming (CS 20)  
       
Fall Semester, Year 2 credits Spring Semester, Year 2 credits
Machine Structure & Assembly-Language Programming (CS 40)   Calculus III (MATH 42)  
Discrete Mathmatics (MATH 61)   Physics II or Chemistry II  
HASS   Algorithms (CS 160)  
    HASS  
       
       
Fall Semester, Year 3 credits Spring Semester, Year 3 credits
Programming Languages (CS 105)   Networks (CS 112)  
Intro. to Computer Security (CS 116)   Cyber Security Cluster Elective  
HASS   HASS  
Free Elective   Probability & Statistics  
    Breadth Elective  
       
Fall Semester, Year 4 credits Spring Semester, Year 4 credits
Theory of Computation (CS 170)   Capstone (CS 98)  
Operating Systems (CS 111)   Breadth Elective  
Capstone (CS 97)   Breadth Elective  
Cyber Security Cluster Elective   Free Elective  
Natural Science Elective   HASS  
       

(1) https://twitter.com/jeremiahg/status/875111993463644160
(2) https://security.stackexchange.com/questions/11700/programming-language-...
(3) https://blog.regehr.org/archives/164
(4) https://www.scmagazine.com/web-application-attacks-accounted-for-73-of-a...
(5) https://www.facebook.com/notes/facebook-ctf/facebook-ctf-is-now-open-sou...
(6) http://students.tufts.edu/sites/default/files/BSCS2021-DegreeSheet_0.pdf