Carnegie Mellon University

Systems and Software Security

Instructor CEU Units # of Lectures Hours per Week Tuition
Benoit Morel 4.8 12 10-15 $2,700

Course Objectives

The objective of this course is to familiarize the students with the issues of cybersecurity relevant to their professional life. There is hardly any line of work in engineering and in the corporate world immune from cybersecurity concerns. This course  will address the following issues:

  • Analysis of a few attacks to expose the kind of methodology, tactics and strategy that tend to be used by cybercriminals
  • The kind of vulnerability attackers target when they try to penetrate networks, access and/or compromise proprietary information
  • Techniques used to make attacks difficult to detect. There are far more attacks taking place than known as many of them stay undetected.
  • What kind of tools are used for cyber defense and their limitations. Hence the importance that the personnel working in the firm be able to understand the dangers and help in the detection of attacks.
  • Computers and processors are involved in basically every component of modern products. With them come a variety of security concerns which will be discussed in this course.
  • Cybersecurity is changing fast. The general press and medias are in general a mediocre source of information. The students will be informed of ways to keep informed more accurately of what is happening in the world of cybersecurity.


None other than familiarity with computers.


Because the subject of this course changes very fast, there is no text book assigned to this course. Each lecture will be accompanied by some up to date reading materials.


Lecture 1:   Introduction to the subject and course

Lecture 2:   Detailed analysis of the Aurora attack and its lessons

Lecture 3:   Penetration attack (1): HTML code injection

Lecture 4:   Penetration attack (2): Javascript code injection

Lecture 5:   Penetration attack (3): SQL code injection (intro)

Lecture 6:   Penetration attack (4) and the protection of database: advanced SQL attacks

Lecture 7:   The technology of modern malware

Lecture 8:   Tools for defense: Intrusion detection, Penetration testers

Lecture 9:   Wireless and smartphone security

Lecture 10: The cybersecurity of embedded systems

Lecture 11: The cybersecurity of RFIDs, sensors and SCADA systems

Lecture 12: Cybersecurity of the future: Cloud Computing, VANET (Vehicle Ad Hoc Networks), Convergence

TBD:           Project Presentations