Program Overview

Electrical and Computer Engineering

The College of Engineering at Carnegie Mellon University offers an undergraduate concentration in Security & Privacy. This concentration is designed to expose students to the key facets of and concerns about computer security and privacy that drive practice, research, and legislation.

Undergraduate Concentration in Security & Privacy

In a world where data breaches and cyberattacks are ever-present, the need for technologists who have a solid understanding of the principles that underlie strong security and privacy practices is greater than ever. The Security & Privacy concentration is designed to prepare students to continue developing their interests in security or privacy through graduate study, take jobs in security or privacy that will provide further training in applicable areas, and be informed participants in public and other processes that shape how organizations and society develop to meet new challenges related to computer security and privacy.

Admissions

The concentration is open to all ECE undergraduates. Students intending to pursue the concentration should contact the concentration coordinator to register their intention. To officially declare, students should fill out the BS Concentration Declaration form in their final semester by the semester course withdrawal deadline.

Curriculum

A distinguishing feature of this field is the ubiquitous need to consider an adversary and the resulting interplay between attack and defense that routinely advances both theory and practice. The curriculum is designed around this principle. Students in the Security & Privacy concentration will take courses that cover the basic principles, underlying theory, and practical application of security and privacy. Additionally, they will be required to select a course that covers either usability or policy. Finally, students will have the opportunity to dive deep into a particular security and privacy topic by completing an elective of their choosing.

Requirements

To complete the undergraduate Security & Privacy concentration, students must meet the requirements outlined below in each of the following five course areas:

• Introduction and basics
• Theoretical foundations
• System design
• Context
• Depth

Only two of the courses that are counted toward concentration requirements can also be counted toward core course requirements of majors and minors.

Introduction and Basics

• Introduction to Computer Security (15/18-330) Note: Students who have successfully completed 15/18-487 in F17 will be allowed to count this course as having satisfied the "intro" requirement for the concentration as long as they also successfully complete Privacy Policy, Law, and Technology (17-333; previously 8-533).

Theoretical Foundations

• Introduction to Cryptography (15-356)
• or both:
  • Applied Cryptography (18-733)
  • Foundations of Privacy (18-734 / 17-731)

System Design

• Secure Software Systems (18-335)
• or
• Software Foundations of Security and Privacy (15-316)

Context

Students are required to fulfill course requirements for either the Usability or the Policy track.

• Usability
  • Usable Privacy and Security (17-334)
• Policy
  • Privacy Policy, Law, and Technology (17-333)
  • or
  • Foundations of Privacy (18-734 / 17-731) Note: This option is not available if Foundations of Privacy was used to satisfy the Theoretical Foundations requirement.

Depth

The depth requirement can be fulfilled in the following ways:

1. By successfully completing an elective course (from the list below) or at least 9 units of independent study in a security or privacy area.
2. By successfully completing five, rather than four, courses from the list above to satisfy the requirements described above (this might be achieved by taking both a policy and a usability course, or taking the two-course foundations alternative).

Approved Electives

• Browser Security (14-828 / 18-636)
• Introduction to Hardware Security (18-632)
• Network Security (18-731)
• Cryptocurrencies, Blockchains, and Applications (17-303 / 19-303; previously also 8-303/ 19-355)
• Wireless Network Security (14-814 / 18-637)
• Mobile Security (14-829 / 18-638)
• Engineering Privacy in Software (17-735; previously also 8-605)
• Introduction to Cyber Intelligence (14-809)
• Introduction to Software Reverse Engineering (14-819)
• Host-Based Forensics (14-822)
• Network Forensics (14-823)
• Secure Computer Systems (15-793)

Prior Coursework

Any courses from the core or elective list successfully completed before F18 will likely also count toward concentration requirements, but check with the concentration program coordinator to make sure your previous courses will count.

Anti-requisites and Excluded Courses

Anti-requisites

When two (or more) courses overlap significantly in the material they cover, only one can count toward the Security and Privacy concentration. Below is a list of anti-requisites; each bullet is a list of courses out of which only one can count toward the security and privacy concentration.

• Software Foundations of Security and Privacy (15-316) Secure Software Systems (18-335)
• Introduction to Cryptography (15-356) Applied Cryptography (18-733)

Excluded Courses

The following security and privacy courses may not be counted toward concentration requirements. These courses all serve specific, important purposes, but they do not fit into the concentration as currently designed.

• Information Security and Privacy (17-331/17-631/45-885/45-985; previously also 15-421/8-731/8-761)
• Introduction to Information Security (14-741/18-631)
• Introduction to Computer Security (18-730)