Early Opportunities (K-12)
Mathematics Education Partnership Program
Concept Development Units
Summer Institutes
Math and Related Sciences (MARS) Camp
Partners in Education Program
STARTALK Language Program
Advanced Opportunities (University)
Information Assurance Academic Outreach
National Centers of Academic Excellence - Cyber Operations
Criteria for Measurement
Academic Requirements for Designation
Application Instructions
Center of Academic Excellence - Cyber Operations Program Application
List of Current Centers of Academic Excellence
|
Academic Requirements for Designation as a Center of Academic Excellence in Cyber OperationsAcademic Content Requirements:Mandatory Program Content: (Knowledge Units)
Proficiency in low-level programming languages is required to perform key roles in the cyber operations field (e.g., forensics, malware analysis, exploit development). Specific languages necessary to satisfy this knowledge unit are: C programming Outcome: After completing these knowledge units, students will be able to develop programs that can be embedded into an OS kernel, such as a device driver, with the required complexity and sophistication to implement exploits for discovered vulnerabilities. C Language programming Outcome: Students will be able to write a program that implements a network stack to manage network communications. Assembly Language programming Outcome: Students will be able to write a functional, stand-alone assembly language program implementing a basic telnet client with no help from external libraries. The discipline of reverse engineering provides the ability to deduce the design of a software component, to determine how something works (i.e., recover the software specification), discover data used by software, and aids analysis of software via disassembly and/or decompilation. Specific topics to be covered in this knowledge unit include: Reverse engineering for software specification recovery Outcome: Students will be able to use a tool such as IdaPro to safely perform static and dynamic analysis of software (or malware) of unknown origin for the purposes of recovering the original implementation or understanding the software functionality. Appropriate tools, techniques and procedures must be covered. Specific topics to be covered to satisfy this knowledge unit must minimally include, but are not limited to: Privileged vs. non-privileged states Outcome: Students will have a thorough understanding of operating systems theory and implementation. They will be able to understand operating system internals to the level that they could design and implement significant architectural changes to an existing OS (e.g., make significant modifications to Windows, LINUX, etc.). Specific topics to be covered to satisfy this knowledge unit must minimally include: Routing, network, and application protocols, for example:
DNS SMTP HTTP Wireless network technologies Network traffic analysis Protocol analysis (examining component-to-component communication to determine the protocol being used and what it is doing) Network mapping techniques (active and passive) Outcome: Students will have a thorough understanding of how networks work at the infrastructure, network and applications layers; how they transfer data; how network protocols work to enable communication; and how the lower-level network layers support the upper ones. They will have a thorough knowledge of the major network protocols that enable communications and data transfer. As more communications are conducted via mobile and cellular technologies, these technologies have become critical (and continue to become more critical) to cyber operations. Smart phone technologies Outcome: Students will be able to describe user associations and routing in a telecommunications network, interaction of elements within the telecommunications core, and end-to-end delivery of a packet and/or signal and what happens with the hand-off at each step along the communications path. They will be able to explain differences in core architecture between different generations of cellular and mobile network technology. Outcome: Students will be introduced to first-order logic graphs, accounting, accountability, and induction proofs. Algorithms Outcome: Students will be exposed to fundamental algorithm sorting/searching/data/manipulation or they will analyze the complexity of algorithms. Statistics Outcome: Students will understand how variability affects outcomes, how to identify anomalous events, and how to identify the meaning of anomalous events. They will be able to integrate and differentiate continuous functions of multiple variables. AutomataOutcome: Students will understand how automata are used to describe computing machines and computation, and the notion that some things are computable and some are not. They will understand the connection between automata and computer languages and describe the hierarchy of language from regular expression to context file. Specific topics to be covered in this knowledge unit must minimally include, but are not limited to: Network security techniques and components (e.g., firewalls, IDS, etc.)
Anomaly/intrusion detection Anomaly identification Identification of command and control operations Identification of data exfiltration activities Identifying malicious code based on signatures, behavior and artifacts System security architectures and concepts Defense in depth Trust relationships Distributed/Cloud Virtualization Outcome: Students will have a sound understanding of the technologies and methods utilized to defend systems and networks. They will be able to describe, evaluate, and operate a defensive network architecture employing multiple layers of protection using technology appropriate for secure mission accomplishment. The first principles of security are the foundation upon which security mechanisms (e.g., access control) can be reliably built. The first principles of security are the foundation upon which security policies (e.g., mandatory access control, discretionary access control, integrity, availability) can be reliably implemented. A solid understanding of the first principles of security is critical to successful performance in the cyber operations domain. The first principles, when followed, enable the implementation of sound security mechanisms and systems. When not completely followed, the risk that an exploitable vulnerability may exist is increased. Specific topics to be covered in this knowledge unit must minimally include, but are not limited to: Domain separation Outcome: Students will possess a thorough understanding of the fundamental principles underlying cyber security, how these principles interrelate and are typically employed to achieve assured solutions, the mechanisms that may be built from—or due to—these principles, and possible ways around them if vulnerabilities exist - e.g., how they could be manipulated to perform offensive cyber operations. Specific topics to be covered in this knowledge unit include, but are not limited to: Vulnerability taxonomy Root causes of vulnerabilities Outcome: Students will possess a thorough understanding of the various types of vulnerabilities (design and/or implementation weaknesses), their underlying causes, their identifying characteristics, the ways in which they are exploited, and potential mitigation strategies. They will also know how to avoid these vulnerabilities during system design, development and implementation. There are many laws, regulations, directives and policies that people working in cyber operations must comply with. Cyber operations professionals should fully understand the limits of their authorities to ensure that operations in cyberspace are in compliance with U.S. law.
Outcome: Students will possess a thorough understanding of the legal issues governing the authorized conduct of cyber operations and the use of related tools, techniques, technology and data. Optional Program Content (at least 60% of the following content must be available)Hardware Design Languages Outcome: Students will be able to specify digital device behavior using a programmable logic language. Outcome: The student will be able to synthesize, simulate, and implement a programmable logic program on a programmable logic device. Outcome: Students will be able to describe the unique security and operational attributes in the wireless environment and their effects on network communications. They will be able to identify the unique security implications of these effects and how to mitigate security issues associated with them. Virtualization technology has rapidly spread to encompass workstations, servers, infrastructure devices, storage, and networks, and as such has become critical to cyber operations. Specific topics to be covered in this knowledge unit must minimally include, but are not limited to: Virtualization techniques
Efficiency Simplicity Resource savings (space, admin overhead) Outcome: Students will be able to discuss the advantages and disadvantages of virtualization, identify the different approaches for virtualizing computer systems, and list the security implications of each of the different approaches. Cloud Computing/Cloud Security Outcome: Students will be able to describe different kinds of Cloud architecture models, services, security issues, and components (logical and physical). They will be able to identify all associated data paths within a given cloud design. Models Outcome: Students will be able to identify classes of possible threats, what are the consequences associated with each threat, and what actions can be taken to mitigate the threat. Outcome: Students will be able to define devices of electronic digital circuits and describe how these components are interconnected. They will be able to integrate individual components into a more complex digital system and understand the data path through a CPU. Outcome: Students will be able to integrate discrete components into a single processor element and describe ways of achieving performance efficiencies through combining components. They will be able to identify trade-offs associated with microcontroller optimization. This knowledge unit ensures that students will possess the ability to analyze software for the presence of weaknesses that may lead to exploitable vulnerabilities in operational systems. Source code analysis Outcome: Students will be able to perform analysis of existing source code for functional correctness. They will be able to apply industry standard tools that analyze software for security vulnerabilities. Through the application of testing methodologies, students should be able to build test cases that demonstrate the existence of vulnerabilities. This knowledge unit ensures that students are knowledgeable in the methods that lead to the development of robust, secure software. Secure programming principles and practices Outcome: Students should be able to demonstrate that they understand the techniques specifying program behavior, the classes of well known defects, how they manifest themselves in various languages, and show that they are capable of authoring programs that are free from defects. Outcome: Students will be able to define requirements which lead to the design and fabrication of an embedded system. They will be able to program the microcontrollers to achieve an application-specific design and identify the security concerns associated with resource constrained devices. Operating system forensics Outcome: Students will be able to develop a profile of an individual user’s activity, determine the manner in which an operating system or application has been subverted, recover “deleted” and/or intentionally hidden information from various types of media, and demonstrate proficiency with handling a large number of different kinds of components. This knowledge unit ensures that students will be proficient in programming systems software (i.e., software that interacts with the system hardware and/or other low-level system components that interact with the hardware). Systems programming usually uses a low-level programming language (e.g., C, assembly) that allows efficient use of core resources. Systems programming is sufficiently different from applications programming such that programmers tend to specialize in one or the other. Kernel internals Outcome: Students will be able to build and integrate kernel modules, understand the system call mechanism and how malicious software subverts system calls. They should demonstrate sufficient knowledge of the networking stack to be able to construct network filter components. They will also be able to discuss strengths and weaknesses of alternative processors and demonstrate familiarity of tool sets for making use of alternative processors (e.g., GPUs). Outcome: Students will be able to identify the appropriate uses of symmetric and asymmetric encryption. They will be able to assign some measure of strength to cryptographic algorithms and the associated keys. They will also be able to identify what level of algorithm strength is needed for particular applications and the implementation factors related to its suitability for use. Students will understand the common pitfalls associated with the implementation of cryptography, and will understand the challenges and limitations of various key management systems. Outcome: Students will be able to describe how embedded systems are employed in industrial infrastructures and control systems. They will be able to identify means for capturing instrument telemetry and identifying feedback controls. They should be able to describe methods for managing distributed nodes and identify potential security vulnerabilities associated with the use of such systems and means for mitigating these vulnerabilities. Outcome: Students will understand user interface issues that will affect the implementation of and perception of security mechanisms and the behavioral impacts of various security “policies.” They will also understand the tension between user security and convenience. The following knowledge units may be credited towards meeting the optional academic content requirements of the Cyber Operations CAE Program (currently 10 out of the 16 identified option knowledge units). The addition of the below-identified optional knowledge units will not affect the minimum requirement which, for 2013, will remain at 10. These additional knowledge units may be incorporated into the formula for determining compliance in 2014 (e.g., 60 percent of the optional knowledge units), which will raise the minimum number of optional knowledge units to 11 of 18. This knowledge unit provides a high-level overview of the phases of a cyber operation, from target identification through development of operational plans, execution, and assessment. Outcome: Students will understand the phases of a cyber operation, what each phase entails, who has authorities to conduct each phase, and how operations are assessed after completion. This knowledge unit provides students with an introduction to the basic procedures necessary to perform reverse engineering of hardware components to determine their functionality, inputs, outputs, and stored data. Outcome: Students will understand basic fundamental procedures such as probing, measuring, and data collection to identify functionality and to affect modifications to the hardware functionality.
Programmatic Requirements: |
|
Date Posted: Jan 10, 2012 | Last Modified: Sept 11, 2012 | Last Reviewed: Sept 11, 2012 |