Queen's School of Computing

The CREATE graduate specialization consists of core courses in cybersecurity, the social, legal and political context of cybersecurity, and professional development. These are supplemented with a set of more-focused technical courses to provide deeper understanding of specific issues and techniques.

Cybersecurity Specialization Courses

Professional Development in Cybersecurity Professional Development in cybersecurity is designed to develop professional skills that complement students' qualifications and \ technical skills, and provides multidisciplinary skills relevant to industrial and academic careers in cybersecurity. These skills include aspects of intellectual property/commercialization; leadership and management; social responsibility; communication; and public relations. This includes completing external workshops and certifications (e.g., Queen's Expanding Horizons workshops, MITACS EDGE courses), and participating in either a cyber red-on-blue exercise, or a tabletop cyber strategic thinking exercise.

CISC866: Introduction to Cybersecurity (Tokens: Systems, Applications) An introduction to cybersecurity covering a wide range of vulnerabilities, attacks, and defence mechanisms in individual computers, networks, the Internet and the Web and applications that use them, and storage and computational clouds. The human side of cybersecurity, and the legal and ethical constraints on both attack and defence.

EE579 Computer Systems and Network Security (Tokens: Systems, Applications) The course is meant as an introduction to the security issues associated with the security of computers systems and networks. The topics covered will include computer security concepts, terminology, seminal research, operating systems and issues of network administration related to computer security. The course will discuss offensive aspects of security such as network attack, intrusion techniques and the detection of such attacks and intrusions. Students undertake a series of lectures and laboratory exercises during the fall semester and participate in a major cyber exercise during the winter semester. (This exercise satisfies the red-blue exercise requirement.)

Cybersecurity Social Science Courses

MPA535 Cyber Threat (Tokens: Interdisciplinary) This course will explore the digitized world (the good, the bad and the ugly) in the Canadian context with a view to assessing the breath and scope of the cyber reality within Canada and the policy challenges it poses, with emphasis on the Federal Government. Topics covered include cyberterrorism and cyberespionage, cybercrime, cyberwar, counterterrorism and the privacy/security conundrum. It will also discuss what Canada is/should/could be doing about the cyber threat and/or Internet Governance in the current legislative and constitutional context.

MPA5XX Managing Cyber/Information Operations (Tokens: Interdisciplinary)

MBA503 Advanced Topics in Management II (Tokens: Interdisciplinary)

Cybersecurity Elective Courses

CISC 848 - Software Reliability and Security (Tokens: Systems, Applications) Software crisis and software process models, Software reliability and methods for reliable software, Software reliability engineering process, Software dependability, Software fault tolerance, Run-time software monitoring, Software security, Software security engineering process, Network security, Intrusion detection.

+MATH 818 - Number Theory and Cryptography (Tokens: Theory) Time estimates for arithmetic and elementary number theory algorithms (division algorithm, Euclidean algorithm, congruences), modular arithmetic, finite fields, quadratic residues. Design of simple cryptographic systems; public key, RSA systems. Primality and factoring: pseudoprimes, Pollard's rho-method, index calculus. Elliptic curve cryptography.

EE547 Digital Forensics (Tokens: Systems, Applications) Digital forensics is a branch of forensic science which focuses on the recovery and analysis of information found in digital systems. It has a wide range of applications including intelligence gathering, private, corporate and criminal investigations, incident response involving digital systems and many others. In this course, students will develop a thorough understanding of digital forensics theory and techniques and will apply these to investigate incidents involving malicious user activity and malware on common operating systems. Topics will include image acquisition techniques, analysis of volatile and non-volatile memory, file systems structure, OS artifacts, e-mail systems, web browser activity, USB storage device activity, timeline of activity, data stream carving, deleted file carving, process analysis, network connection analysis and anti-forensic techniques.

EE569 Malware Analysis (Tokens: Systems, Applications) The course covers dissection of malware for the purposes of understanding, detection and mitigation. It includes static analysis topics to include hashing, packing and obfuscation techniques, portable executable file format, the execution environment, x86 architecture, code constructs in assembly, the Windows API and registry. It also examines dynamic analysis topics to include sandboxing, run-time debugging, memory maps, threads and stacks, exception handling, drivers and kernel debugging. The course covers an introduction to document-based malware, memory forensic techniques and others. The course includes practical work such as laboratories and a project.

EE593 Advanced Network Traffic Analysis (Tokens: Systems, Applications) There are many benefits to the networking of computer systems, but networks are inherently vulnerable. All networked computing devices are subject to malicious traffic; military networks can be especially attractive targets for espionage services, organized crime and hacking groups. In this course, students will develop a thorough understanding of traffic analysis theory and techniques, and apply these to topical computer security problems such as intrusion detection, extrusion analysis and traffic classification. Specific techniques explored may include intrusion detection systems, signature-based detection and analysis, anomaly-based detection and analysis and traffic classification. Students completing this course will be able to analyze network traffic for the purpose of protecting networks against malicious activity. The course will include practical laboratory work, review and critique of traffic analysis literature and a major course project.

EE595 Cyber Threat and Attack Techniques (Tokens: Systems, Applications) Those operating in the cyber domain that is tasked with the defence of networks and computer systems must have a sound understanding of the threats that they face and of the techniques used by their adversaries; this course discusses the fundamentals of Cyber threats and attack techniques, with a heavy focus on practical applications. Topics will include current cyber threat categories and general capabilities; attack techniques including password cracking, buffer and heap overflows, IP and DNS spoofing, viruses and worms, backdoors and remote access tools, key loggers, tunnelling and covert channels, SQL injection and cross-site scripting; advanced evasion techniques such as polymorphic code and rootkits. The course also introduces malware construction including assembly level program flow control and return oriented programming.

Other Courses

PhD breadth and unrestricted electives may include other graduate courses offered in the School of Computing, the Queen's Department of Electrical and Computer Engineering, and the Department of Electrical Engineering and Computer Engineering at the Royal Military College.