Academia Menus

.
Skip Search Box

Academic Requirements for Designation as a Center of Academic Excellence in Cyber Operations


Academic Content Requirements:

Mandatory Program Content: (Knowledge Units)

  1. Low Level Programming Languages (must include programming assignments to demonstrate that students are capable of the desired outcomes)
  2. Proficiency in low-level programming languages is required to perform key roles in the cyber operations field (e.g., forensics, malware analysis, exploit development). Specific languages necessary to satisfy this knowledge unit are:

      C programming
      Assembly Language programming (for x86, ARM, MIPS or PowerPC)

    Outcome: After completing these knowledge units, students will be able to develop programs that can be embedded into an OS kernel, such as a device driver, with the required complexity and sophistication to implement exploits for discovered vulnerabilities.

    C Language programming

    Outcome: Students will be able to write a program that implements a network stack to manage network communications.

    Assembly Language programming

    Outcome: Students will be able to write a functional, stand-alone assembly language program implementing a basic telnet client with no help from external libraries.

  3. Software Reverse Engineering   (must include hands-on lab exercises)
  4. The discipline of reverse engineering provides the ability to deduce the design of a software component, to determine how something works (i.e., recover the software specification), discover data used by software, and aids analysis of software via disassembly and/or decompilation.

    Specific topics to be covered in this knowledge unit include:

      Reverse engineering for software specification recovery
      Reverse engineering for malware analysis
      Reverse engineering tools
      Reverse engineering techniques
      Reverse engineering communications (to uncover communications protocols)

    Outcome: Students will be able to use a tool such as IdaPro to safely perform static and dynamic analysis of software (or malware) of unknown origin for the purposes of recovering the original implementation or understanding the software functionality.  Appropriate tools, techniques and procedures must be covered.

  5. Operating System Theory
  6. Specific topics to be covered to satisfy this knowledge unit must minimally include, but are not limited to:

      Privileged vs. non-privileged states
      Concurrency and synchronization (e.g., semaphores and locks)
      Processes and threads, process/thread management, inter-process communications
      Memory management/virtual memory
      Uni-processor and multi-processor interface and support
      File Systems
      IO issues (e.g., buffering, queuing, sharing, management)
      Distributed OS issues (client/server, message passing, remote procedure calls,
      clustering)

    Outcome: Students will have a thorough understanding of operating systems theory and implementation. They will be able to understand operating system internals to the level that they could design and implement significant architectural changes to an existing OS (e.g., make significant modifications to Windows, LINUX, etc.).

  7. Networking
  8. Specific topics to be covered to satisfy this knowledge unit must minimally include:

      Routing, network, and application protocols, for example:

        TCP/IP
        DNS
        SMTP
        HTTP
      Network architectures
      Wireless network technologies
      Network traffic analysis
      Protocol analysis (examining component-to-component communication to
      determine the protocol being used and what  it is  doing)
      Network mapping techniques (active and passive)

    Outcome: Students will have a thorough understanding of how networks work at the infrastructure, network and applications layers; how they transfer data; how network protocols work to enable communication; and how the lower-level network layers support the upper ones. They will have a thorough knowledge of the major network protocols that enable communications and data transfer.

  9. Cellular and Mobile Communications
  10. As more communications are conducted via mobile and cellular technologies, these technologies have become critical (and continue to become more critical) to cyber operations.

      Smart phone technologies
      Embedded operating systems (e.g., iOS, Android)
      Mobile protocols
      Infrastructures (e.g., fiber optic network)
      Core network (mobile: 2G, 3G, 4G; and Internet: 802.11b/g/n)

    Outcome: Students will be able to describe user associations and routing in a telecommunications network, interaction of elements within the telecommunications core, and end-to-end delivery of a packet and/or signal and what happens with the hand-off at each step along the communications path. They will be able to explain differences in core architecture between different generations of cellular and mobile network technology. 

  11. Discrete Math
  12. Outcome: Students will be introduced to first-order logic graphs, accounting, accountability, and induction proofs.

      Algorithms

    Outcome:  Students will be exposed to fundamental algorithm sorting/searching/data/manipulation or they will analyze the complexity of algorithms.

      Statistics
      Calculus I & II

    Outcome:  Students will understand how variability affects outcomes, how to identify anomalous events, and how to identify the meaning of anomalous events. They will be able to integrate and differentiate continuous functions of multiple variables.

             Automata

    Outcome: Students will understand how automata are used to describe computing machines and computation, and the notion that some things are computable and some are not. They will understand the connection between automata and computer languages and describe the hierarchy of language from regular expression to context file.

  13. Overview of Cyber Defense  (must include hands-on lab exercises)
  14. Specific topics to be covered in this knowledge unit must minimally include, but are not limited to:

      Network security techniques and components (e.g., firewalls, IDS, etc.)
      Cryptography (include PKI cryptography)
      Malicious activity detection

        Identification of reconnaissance operations
        Anomaly/intrusion detection
        Anomaly identification
        Identification of command and control operations
        Identification of data exfiltration activities
        Identifying malicious code based on signatures, behavior and artifacts
        System security architectures and concepts
        Defense in depth
        Trust relationships
        Distributed/Cloud
        Virtualization

    Outcome: Students will have a sound understanding of the technologies and methods utilized to defend systems and networks. They will be able to describe, evaluate, and operate a defensive network architecture employing multiple layers of protection using technology appropriate for secure mission accomplishment.

  15. Security Fundamental Principles  (i.e., “First Principles”)
  16. The first principles of security are the foundation upon which security mechanisms (e.g., access control) can be reliably built.

    The first principles of security are the foundation upon which security policies (e.g., mandatory access control, discretionary access control, integrity, availability) can be reliably implemented.

    A solid understanding of the first principles of security is critical to successful performance in the cyber operations domain. The first principles, when followed, enable the implementation of sound security mechanisms and systems. When not completely followed, the risk that an exploitable vulnerability may exist is increased. 

    Specific topics to be covered in this knowledge unit must minimally include, but are not limited to:

      Domain separation
      Process isolation
      Resource encapsulation
      Least privilege
      Layering
      Abstraction
      Data hiding
      Modularity
      Simplicity of design
      Minimization of implementation


    Outcome: Students will possess a thorough understanding of the fundamental principles underlying cyber security, how these principles interrelate and are typically employed to achieve assured solutions, the mechanisms that may be built from—or due to—these principles, and possible ways around them if vulnerabilities exist - e.g., how they could be manipulated to perform offensive cyber operations.



  17. Vulnerabilities
  18. Specific topics to be covered in this knowledge unit include, but are not limited to:

    Vulnerability taxonomy

    • Buffer overflows
    • Privilege escalation attacks
    • Trojans /backdoors/viruses
    • Rootkits

    Root causes of vulnerabilities
    Mitigation strategies for classes of vulnerabilities

    Outcome: Students will possess a thorough understanding of the various types of vulnerabilities (design and/or implementation weaknesses), their underlying causes, their identifying characteristics, the ways in which they are exploited, and potential mitigation strategies. They will also know how to avoid these vulnerabilities during system design, development and implementation.

  19. Legal
  20. There are many laws, regulations, directives and policies that people working in cyber operations must comply with. Cyber operations professionals should fully understand the limits of their authorities to ensure that operations in cyberspace are in compliance with U.S. law.

    • Laws
    • Regulations
    • Directives
    • Policies

    Outcome: Students will possess a thorough understanding of the legal issues governing the authorized conduct of cyber operations and the use of related tools, techniques, technology and data.

    Optional Program Content   (at least 60% of the following content must be available)

  1. Programmable Logic Languages
  2. Hardware Design Languages
    Hardware Programming Languages

    Outcome:  Students will be able to specify digital device behavior using a programmable logic language. 

  3. FPGA Design
  4. Outcome: The student will be able to synthesize, simulate, and implement a programmable logic program on a programmable logic device. 

  5. Wireless Security (e.g., 2G/3G/4G/WiFi/Bluetooth/RFID)
  6. Outcome: Students will be able to describe the unique security and operational attributes in the wireless environment and their effects on network communications. They will be able to identify the unique security implications of these effects and how to mitigate security issues associated with them. 

  7. Virtualization
  8. Virtualization technology has rapidly spread to encompass workstations, servers, infrastructure devices, storage, and networks, and as such has become critical to cyber operations.

    Specific topics to be covered in this knowledge unit must minimally include, but are not limited to:

      Virtualization techniques
      Type 1 and Type 2 virtual machine architectures
      Uses of virtualization for:

        Security
        Efficiency
        Simplicity
        Resource savings (space, admin overhead)

    Outcome: Students will be able to discuss the advantages and disadvantages of virtualization, identify the different approaches for virtualizing computer systems, and list the security implications of each of the different approaches.

  9. Large Scale Distributed Systems
    • Cloud Computing/Cloud Security

    Outcome: Students will be able to describe different kinds of Cloud architecture models, services, security issues, and components (logical and physical). They will be able to identify all associated data paths within a given cloud design.

  10.  Risk Management of Information Systems
    • Models
      Processes

    Outcome: Students will be able to identify classes of possible threats, what are the consequences associated with each threat, and what actions can be taken to mitigate the threat.

  11. Computer Architecture (includes Logic Design)
  12. Outcome:  Students will be able to define devices of electronic digital circuits and describe how these components are interconnected. They will be able to integrate individual components into a more complex digital system and understand the data path through a CPU.

  13. Microcontroller Design
  14. Outcome: Students will be able to integrate discrete components into a single processor element and describe ways of achieving performance efficiencies through combining components. They will be able to identify trade-offs associated with microcontroller optimization.

  15. Software Security Analysis
  16. This knowledge unit ensures that students will possess the ability to analyze software for the presence of weaknesses that may lead to exploitable vulnerabilities in operational systems.

      Source code analysis
      Binary code analysis
      Static code analysis techniques 
      Dynamic code analysis techniques
      Testing methodologies (Black Box/White Box/Fuzz)

    Outcome: Students will be able to perform analysis of existing source code for functional correctness. They will be able to apply industry standard tools that analyze software for security vulnerabilities. Through the application of testing methodologies, students should be able to build test cases that demonstrate the existence of vulnerabilities.

  17. Secure Software Development (Building Secure Software)
  18. This knowledge unit ensures that students are knowledgeable in the methods that lead to the development of robust, secure software.

      Secure programming principles and practices
      Constructive techniques (What process might provide for “good code.”)

    Outcome: Students should be able to demonstrate that they understand the techniques specifying program behavior, the classes of well known defects, how they manifest themselves in various languages, and show that they are capable of authoring programs that are free from defects.

  19. Embedded Systems
  20. Outcome: Students will be able to define requirements which lead to the design and fabrication of an embedded system. They will be able to program the microcontrollers to achieve an application-specific design and identify the security concerns associated with resource constrained devices.

  21. Forensics and Incident Response or Media Exploitation (not focusing on the legal aspect)
    • Operating system forensics
      Media forensics
      Network forensics
      Component forensics (cell phones, hard drives, etc.)

    Outcome: Students will be able to develop a profile of an individual user’s activity, determine the manner in which an operating system or application has been subverted, recover “deleted” and/or intentionally hidden information from various types of media, and demonstrate proficiency with handling a large number of different kinds of components.

  22. Systems Programming
  23. This knowledge unit ensures that students will be proficient in programming systems software (i.e., software that interacts with the system hardware and/or other low-level system components that interact with the hardware). Systems programming usually uses a low-level programming language (e.g., C, assembly) that allows efficient use of core resources. Systems programming is sufficiently different from applications programming such that programmers tend to specialize in one or the other.

      Kernel internals
      Device drivers
      Multi-threading
      Use of alternate processors (e.g., graphics card processors)

    Outcome: Students will be able to build and integrate kernel modules, understand the system call mechanism and how malicious software subverts system calls. They should demonstrate sufficient knowledge of the networking stack to be able to construct network filter components. They will also be able to discuss strengths and weaknesses of alternative processors and demonstrate familiarity of tool sets for making use of alternative processors (e.g., GPUs).

  24. Applied Cryptography
  25. Outcome: Students will be able to identify the appropriate uses of symmetric and asymmetric encryption. They will be able to assign some measure of strength to cryptographic algorithms and the associated keys. They will also be able to identify what level of algorithm strength is needed for particular applications and the implementation factors related to its suitability for use. Students will understand the common pitfalls associated with the implementation of cryptography, and will understand the challenges and limitations of various key management systems.

  26. SCADA Systems
  27. Outcome: Students will be able to describe how embedded systems are employed in industrial infrastructures and control systems. They will be able to identify means for capturing instrument telemetry and identifying feedback controls. They should be able to describe methods for managing distributed nodes and identify potential security vulnerabilities associated with the use of such systems and means for mitigating these vulnerabilities.

  28. HCI/Usable Security
  29. Outcome:  Students will understand user interface issues that will affect the implementation of and perception of security mechanisms and the behavioral impacts of various security “policies.”  They will also understand the tension between user security and convenience. 

    The following knowledge units may be credited towards meeting the optional academic content requirements of the Cyber Operations CAE Program (currently 10 out of the 16 identified option knowledge units). The addition of the below-identified optional knowledge units will not affect the minimum requirement which, for 2013, will remain at 10. These additional knowledge units may be incorporated into the formula for determining compliance in 2014 (e.g., 60 percent of the optional knowledge units), which will raise the minimum number of optional knowledge units to 11 of 18.

  30. Offensive Cyber Operations
  31. This knowledge unit provides a high-level overview of the phases of a cyber operation, from target identification through development of operational plans, execution, and assessment.

    Outcome: Students will understand the phases of a cyber operation, what each phase entails, who has authorities to conduct each phase, and how operations are assessed after completion.

  32. Hardware Reverse Engineering
  33. This knowledge unit provides students with an introduction to the basic procedures necessary to perform reverse engineering of hardware components to determine their functionality, inputs, outputs, and stored data.

    Outcome: Students will understand basic fundamental procedures such as probing, measuring, and data collection to identify functionality and to affect modifications to the hardware functionality.

    Programmatic Requirements:


    • Academic Content
      • 100 percent of Mandatory Knowledge Units
      • 60 percent of Optional Knowledge Units

    • Recognition via Certificate or Focus Area

    • On-site validation of curriculum to determine compliance with academic standards
      • Courses
      • Course content
      • Course Frequency (when was each course last taught, when will it be taught again)
      • Updates (when was each course last updated)
      • Direct interaction with faculty that teach courses during validation process

    • Robust use of labs and “hands-on” exercises
    (Note that some knowledge units may not be suitable for labs)
      • Lab exercises, programming assignments, student papers, projects, and presentations

    • Student Participation in Classified Summer Seminars

    • Continuous Faculty Development
      • Faculty stays current on topics in field
      • Faculty conducts cyber-related research
      • Participation in Summer Seminars

    • Service Learning Requirements (students must participate in activities that build the Cyber community – e.g., cyber exercise participation, conference participation, outreach to local grade/high schools)

    • Have a program in place for continuous improvement of the program

    • Active and current Cyber research activities
 

Date Posted: Jan 10, 2012 | Last Modified: Sept 11, 2012 | Last Reviewed: Sept 11, 2012

 
bottom