The CREATE graduate specialization consists of core courses in cybersecurity, the social, legal and political context of cybersecurity, and professional development. These are supplemented with a set of more-focused technical courses to provide deeper understanding of specific issues and techniques.

A list of courses is referenced below (4 letter courses codes are for courses offered at Queen’s, 2 and 3 letter course codes for courses offered at RMC).

Cybersecurity Specialization Courses

Professional Development in Cybersecurity Professional Development in cybersecurity is designed to develop professional skills that complement students’ qualifications and \ technical skills, and provides multidisciplinary skills relevant to industrial and academic careers in cybersecurity. These skills include aspects of intellectual property/commercialization; leadership and management; social responsibility; communication; and public relations. This includes completing external workshops and certifications (e.g., Queen’s Expanding Horizons workshops, MITACS EDGE courses), and participating in either a cyber red-on-blue exercise, or a tabletop cyber strategic thinking exercise.

CISC 866 – Introduction to Cybersecurity (Tokens: Systems, Applications) An introduction to cybersecurity covering a wide range of vulnerabilities, attacks, and defence mechanisms in individual computers, networks, the Internet and the Web and applications that use them, and storage and computational clouds. The human side of cybersecurity, and the legal and ethical constraints on both attack and defence.

EE579 – Computer Systems and Network Security (Tokens: Systems, Applications) The course is meant as an introduction to the security issues associated with the security of computers systems and networks. The topics covered will include computer security concepts, terminology, seminal research, operating systems and issues of network administration related to computer security. The course will discuss offensive aspects of security such as network attack, intrusion techniques and the detection of such attacks and intrusions. Students undertake a series of lectures and laboratory exercises during the fall semester and participate in a major cyber exercise during the winter semester. (This exercise satisfies the red-blue exercise requirement.)

Cybersecurity Social Science Courses

MPA535 – The Cyber Challenge (Tokens: Interdisciplinary) This course will explore the digitized world (the good, the bad and the ugly) in the Canadian context with a view to assessing the breath and scope of the cyber reality within Canada and the policy challenges it poses, with emphasis on the Federal Government. Topics covered include cyberterrorism and cyberespionage, cybercrime, cyberwar, counterterrorism and the privacy/security conundrum. It will also discuss what Canada is/should/could be doing about the cyber threat and/or Internet Governance in the current legislative and constitutional context.

MPA591 – Cyber Statecraft and National Security (Tokens: Interdisciplinary) The course introduces students to social science dimensions of offensive and defensive computer network operations, exploitation, attacks, and cyberwarfare. Its premise is cyber as a new domain of warfare that poses an existential threat to national security, prosperity and democracy. What difference does it make to think about democracy from the perspective of cyber – and about cyber from the perspective of democracy in general, and the Canadian democratic regime, its norms, values and underlying constitutional and governance principles in particular? The course’s learning proposition is that cyber is not merely a technical but, fundamentally, a behavioural, policy, administrative, legal, economic, political, cultural, social and strategic challenge.

MBA509 – Cyber Security Policy and Management (Tokens: Interdisciplinary) This course provides a launching point from which to develop or enhance an understanding of cybersecurity issues in both enterprise management and national security policy contexts. The content furnishes a useful heuristic approach to the various domains, comprising a comprehensive introduction to the spectrum of issues entangled in the practices of cybersecurity. Those with little technical background will find an introduction at a manageable level of complexity and gain a better appreciation for where and why technical depth is required. Those with technical backgrounds may find the material a useful overview of areas they are familiar with and an introduction to broader issues of international, national and legal policies and practices.

Cybersecurity Elective Courses

CISC 848 – Software Reliability and Security (Tokens: Systems, Applications) Software crisis and software process models, Software reliability and methods for reliable software, Software reliability engineering process, Software dependability, Software fault tolerance, Run-time software monitoring, Software security, Software security engineering process, Network security, Intrusion detection.

MATH 818 – Number Theory and Cryptography (Tokens: Theory) Time estimates for arithmetic and elementary number theory algorithms (division algorithm, Euclidean algorithm, congruences), modular arithmetic, finite fields, quadratic residues. Design of simple cryptographic systems; public key, RSA systems. Primality and factoring: pseudoprimes, Pollard’s rho-method, index calculus. Elliptic curve cryptography.

EE547 – Digital Forensics (Tokens: Systems, Applications) Digital forensics is a branch of forensic science which focuses on the recovery and analysis of information found in digital systems. It has a wide range of applications including intelligence gathering, private, corporate and criminal investigations, incident response involving digital systems and many others. In this course, students will develop a thorough understanding of digital forensics theory and techniques and will apply these to investigate incidents involving malicious user activity and malware on common operating systems. Topics will include image acquisition techniques, analysis of volatile and non-volatile memory, file systems structure, OS artifacts, e-mail systems, web browser activity, USB storage device activity, timeline of activity, data stream carving, deleted file carving, process analysis, network connection analysis and anti-forensic techniques.

EE588 – Topics in Cybersecurity This course consists of formal lectures and the study and discussion of contemporary cybersecurity research. Students are expected to conduct activities such as participating in the development and presentation of lecture material, collaborative discussion regarding specific research topics and the implementation of research related methodologies in a lab environment. Topics chosen for discussion will be by arrangement with the department.

EE569 – Malware Analysis (Tokens: Systems, Applications) The course covers dissection of malware for the purposes of understanding, detection and mitigation. It includes static analysis topics to include hashing, packing and obfuscation techniques, portable executable file format, the execution environment, x86 architecture, code constructs in assembly, the Windows API and registry. It also examines dynamic analysis topics to include sandboxing, run-time debugging, memory maps, threads and stacks, exception handling, drivers and kernel debugging. The course covers an introduction to document-based malware, memory forensic techniques and others. The course includes practical work such as laboratories and a project.

EE593 – Advanced Network Traffic Analysis (Tokens: Systems, Applications) There are many benefits to the networking of computer systems, but networks are inherently vulnerable. All networked computing devices are subject to malicious traffic; military networks can be especially attractive targets for espionage services, organized crime and hacking groups. In this course, students will develop a thorough understanding of traffic analysis theory and techniques, and apply these to topical computer security problems such as intrusion detection, extrusion analysis and traffic classification. Specific techniques explored may include intrusion detection systems, signature-based detection and analysis, anomaly-based detection and analysis and traffic classification. Students completing this course will be able to analyze network traffic for the purpose of protecting networks against malicious activity. The course will include practical laboratory work, review and critique of traffic analysis literature and a major course project.

EE595 – Cyber Threat and Attack Techniques (Tokens: Systems, Applications) Those operating in the cyber domain that is tasked with the defence of networks and computer systems must have a sound understanding of the threats that they face and of the techniques used by their adversaries; this course discusses the fundamentals of Cyber threats and attack techniques, with a heavy focus on practical applications. Topics will include current cyber threat categories and general capabilities; attack techniques including password cracking, buffer and heap overflows, IP and DNS spoofing, viruses and worms, backdoors and remote access tools, key loggers, tunnelling and covert channels, SQL injection and cross-­‐site scripting; advanced evasion techniques such as polymorphic code and rootkits. The course also introduces malware construction including assembly level program flow control and return oriented programming.

EE597 – Operational Technology Cybersecurity In this course, students will develop a thorough understanding of the components within operational technology (OT) and its similarities and differences with information technology (IT). The course will include offensive and defensive cyber security aspects of Operational Technologies at the application, network and physical layers. Components of the course will build on the foundations from civilian OT systems and protocols and focus on military platform security. The course includes practical work such as laboratories and a project. There is a security clearance requirement for this course.

EE598 – Artificial Intelligence in Cybersecurity Artificial intelligence (AI) and machine learning (ML) techniques are being increasingly deployed in cybersecurity settings. This course examines the principles of combining data science with security research to analyze security problems and build ML data-driven detection/prevention techniques. At the same time, those ML techniques are susceptible to new attacks. To this end, the course explores AI in cybersecurity from the basics to advanced and adjacent topics of cybersecurity of AI. The topics include Basic ML for cybersecurity; adversarial AI, attacks (mimicry, white/black box, poisoning attacks) and adversarial examples in security applications; defenses against adversarial AI; anti adversarial AI. Specific applications of AI in cybersecurity are examined on traditional IT networks and on cyber physical systems running on critical infrastructure.

Other Courses

PhD breadth and unrestricted electives may include other graduate courses offered in the School of Computing, the Queen’s Department of Electrical and Computer Engineering, and the Department of Electrical Engineering and Computer Engineering at the Royal Military College.