Academic Requirements for Designation as a CAE in Cyber Operations Advanced
Criterion 1 of the Criteria for Measurement specifically addresses the academic requirements for the CAE-Cyber Operations Advanced program. The academic requirements are based on Knowledge Units (KUs) (single or multiple courses, or course modules within single or multiple courses).
The CAE-CO Advanced Program has three types of Knowledge Unit (KU) components that must be met by applicant schools: Foundational KUs, Core KUs and Specialization KUs. Core and Specialization KUs for the CAE-CO Advanced designation must be graduate level offerings.
Designated programs must graduate a minimum of five Master's degree students with a CAE-CO Advanced designation or at least one Doctoral student during the designation cycle. Applicant institutions must provide coursework to satisfy at least 3 Core KUs and 2 Specialization KUs.
Cyber Operations Foundational KUs represent the required knowledge for any cyber operations student and must be met either before entering or at completion of the graduate cyber operations program. The Cyber Operations Foundational KUs are the ten CAE-Cyber Operations Fundamental Mandatory KUs. Each school must use a documented process to vet their own students for the required foundational knowledge. Vetting can be any documented process (e.g. transcript reviews, testing, remediation courses, etc).
Students can also meet Foundational Knowledge Unit requirements through graduate level courses (e.g. a student does not have an undergraduate Software Reverse Engineering course, but the graduate program has Advanced Software Reverse Engineering); taking the equivalent graduate course fulfills both the Foundational and Core KU requirements.
Core KUs are key areas set by NSA and are determined by DoD and IC Community mission need. CAE-CO Advanced schools are required to offer, at a minimum, three of the five Core KUs. Master's candidates are required to complete at least three of the five Core KUs. Doctoral candidates may have the core requirements waived per institutional requirements.
Cyber Operations Specialization KUs are concentrated focus areas offered by CAE-CO Advanced schools. Specialization KUs can be previously defined but can also be cyber operations foci proposed by the school and approved by the CAE-Cyber Operations Program Office. Applicant institutions need to provide coursework to satisfy at least two Specialization KUs in cyber operations topics. A cyber operations Master's student must complete six credit hours in a Cyber Operations Specialization KU and either complete a cyber operations thesis or its equivalent in another cyber operations topic. Doctoral candidates must demonstrate proficiency in three of the five Cyber Operations Core KU requirements within their degree program, complete one Cyber Operations Specialization KU and complete a dissertation in a cyber operations topic. It is up to the institution to determine how the 6 credit hours are achieved (e.g. independent study or course work in a cyber operations area).
A distinctive quality of CAE CO Advanced schools is that graduates possess proficiency in cyber operations knowledge, skills, and abilities; therefore, evidence of hands-on learning combined with strong theory is required in the application. Institutions should articulate in their application: 1) how Core and Specialized KUs are implemented within their curriculum, 2) in a manner that combines strong theory and practice to produce proficient graduates.
Index
Core Program Content: (Knowledge Units)
Universities must offer and Students must complete three (or more) of five Core KUs.
- C.1 Advanced Reverse Engineering
The discipline of software reverse engineering provides the ability to deduce the design of a software component, to determine how something works (i.e., recover the software specification), discover data used by software, and to aid in the analysis of software via disassembly and/or decompilation. The ability to understand software of unknown origin or software for which source code is unavailable is a critical skill within the cyber operations field. Use cases include malware analysis and auditing of closed source software.
Specific topics to be covered in this knowledge unit include, but are not limited to:
- Binary Analysis (no source code provided)
- Advanced reverse engineering techniques (e.g. RE of kernel space code, BIOS RE, Firmware, decompilation, ID of code reuse, binary differencing)
- Countering anti-RE techniques
- Symbolic Execution
- Semantic lifting
- Polymorphism
Outcome: Students will be able to identify and apply the advanced techniques mentioned above to independently perform static and dynamic analysis of binary code of unknown origin, including obfuscated malware, to fully understand the software's functionality.
- C.2 Vulnerability Discovery and Exploitation
Understanding patterns of vulnerabilities and attacks can allow one to better understand protection, risk mitigation, and identify vulnerabilities in new contexts. Vulnerability analysis and its relation to exploit development are core skills for one involved in cyber operations.
Specific topics to be covered in this knowledge unit include, but are not limited to:
- Exploit development
- Mitigation (e.g. DEP, ASLR, Control flow integrity, sandbox breakouts, heap protections) bypass
- Vulnerability discovery
- Fuzzing
- Crash dump analysis
- Vulnerability equities (protect vs exploit)
- Side channel analysis
Outcome: Students will be able to identify a vulnerability in software employing common mitigations and develop an associated proof of concept exploit.
Outcome: Students will be able to weigh the pros and cons of vulnerability disclosure.
- C.3 Cellular and Mobile Security
As more communications are conducted via mobile and cellular technologies, these technologies have become critical (and continue to become more critical) to cyber operations. It is important for those involved in cyber operations to understand how data is secured during processing and transmission of information.
Specific topics to be covered in this knowledge unit include, but are not limited to:
- Access and non-access stratum protocols
- Short Message Service (SMS) (i.e. implementation, operations and vulnerabilities)
- LTE Security Architecture (i.e. AS and NAS)
- Operations administration, maintenance, and provisioning (i.e. charging, billing and accounting, UDR and CDR protocols)
- Lawful intercept design, implementations, and restrictions
- EPC Location based services (i.e. mobile location centers, privacy profile register, E911)
Outcome: Students will understand the system wide security implications and vulnerabilities of a cellular/mobile system.
- C.4 Advanced Network Security
Advanced Network Security focuses on understanding networking protocols, resilient network design, security issues, and ensuring safe operation.
Specific Topics to be covered in this knowledge unit include, but are not limited to:
- Design and implementation of active defense capabilities
- Discovery of adversaries in a network
- Incident response
- Resilient network design
- Flow record analysis
- Device fingerprinting
- Network Cryptography
- Protocol analysis
- Designing secure protocols
- Network security architectures
Outcome: Students will be able to design and implement networks to operate in a contested environment.
Outcome: Students will be able to identify adversaries within a network.
- C.5 Operating System Security
Operating systems (OS) provide the platform on which running software acquires and uses computing resources. Operating systems are responsible for working with the underlying hardware to provide the baseline security capabilities of a system. Understanding the security models of modern operating systems is critical to cyber operations.
Specific Topics to be covered in this knowledge unit include, but are not limited to:
- Cryptographic mechanisms
- OS hardening
- Distributed OS security issues
- Security mechanisms (e.g. ASLR, data execution prevention, cryptography, trusted boot)
- Security enhanced operating systems
- Security architectures (e.g. hypervisors, microkernels, separation kernels, containers, virtualization, MLIS)
Outcome: Students will be able to differentiate user space versus kernel space mitigations.
Outcome: Students will be able to evaluate different deployment scenarios to determine the tradeoffs of various operating system security architectures.
Outcome: Students will understand how enhanced security features in operating systems reduce the attack surface.
Specialization Program Content: (Knowledge Units)
Universities must offer two Specialization KUs and CAE-Cyber Operations Advanced students must complete one Specialization KU and a thesis/dissertation or institutional equivalent in a cyber operations topic.
Specialized Cyber Operations KUs
Specialization KUs are intended to allow an applicant institution to focus on and increase the depth covered in topics of relevance to cyber operations. As with the Core KUs, heavy experiential, hands-on learning is required for the Specialized KUs. While any of the base knowledge units covered in a typical undergraduate offering may be pursued, these knowledge units are intended to allow creativity on the part of the applicant institution to recognize and advance the state of the art in cyber operations. Listed below are some possibilities but this list is representative and is not restrictive.
- S.1 Specialization: Reverse Engineering
Example topics are as follows:
- Automated Malware Analysis
- Embedded System Reverse Engineering
- Hardware Reverse Engineering
- SCADA/ICS Reverse Engineering
- Obfuscated Malware Analysis
- S.2 Specialization: Operating Systems Security
Example topics are as follows:
- Security of operating systems with a focus on exploitation of operating systems.
- Distributed Operating Systems
- Communication
- Synchronization (MP, RPC)
- Scalability
- Scheduling
- Security in Distributed Systems
- Transactions
- Deadlock Handling
- Distributed File Systems
- Fault Tolerance
- Security
- Distributed file systems
- Message passing
- Distributed job management
- Parallel programming languages
- Distributed monitoring
- Technologies such as Containerization
- S.3 Specialization: Cell/Mobile
Example topics are as follows:
- Baseband processor
- Mobile OS
- Modern Telephony Networks (VOIP and SIP)
- M2M and D2D
- Cloud-RAN
- S.4 Specialization: RF Analysis
Example topics are as follows:
- Radio signal analysis and manipulation
- Smart Meter Analysis
- Unmanned autonomous systems (C2, Telemetry)
- Jamming/spoofing GPS
- Applications of SDR
- S.5 Specialization: Internet of Things
Example topics are as follows:
- IoT Protocols, system architectures, device architectures
- Security Challenges within IoT Systems
- Network Layers of IoT Architecture
- Command and Control of IoT Devices
- IoT System/Component/Hardware/Reverse Engineering
- Reverse Engineering IoT Protocols
- IoT Device Integration and Interoperability
- IoT and Mobility (Consequences of integration of IoT Components in Mobile Platforms, etc.)
- Open vs. Proprietary Platforms and Standards
- Unique Operational Environments for IoT Devices
- IoT Data Analytics
- S.6 Specialization: Software Defined Networking
Example topics are as follows:
- SDN implementation strategies in different areas (data center, over wide area, wireless, optical transport, carrier networks)
- Virtual Networking and connection with Network Functions Virtualization (NFV)
- Engineering Deep Dive with lessons learned through implementing SDN on a network.
- Secure monitoring of SDN using network defense solutions.
- Internet exchange Point and how to efficiently carry high bandwidth traffic such as video.
- S.7 Specialization: Digital Forensics
Example topics are as follows:
- OS Forensics
- Mobile Forensics
- Memory Analysis/Injection
- Network Forensics
- IoT Forensics
- GPS Forensics
- Vehicle Forensics
- Cloud Services Forensics
- Anti-Forensics
- S.8 Specialization: Anonymizing Overlay Networks
Example topics are as follows:
- Goals and Threat Models for Anonymous Communication
- Overview of Relevant Crypto (private key [AES, et al] and public key systems [RSA, elliptic curve, ElGamal, et al], hashing, key exchange [e.g., Diffie-Hellman], digital signature algorithms [DSA, ECDCSA, et al])
- Distributed Hash Tables (DHTs)
- P2P Networks
- Anonymous Routing
- Survey of Current-Generation Anonymizing Networks (Tor, I2P, Freenet, ZeroNet, et al)
- Hidden Web Services
- Anonymity Applications (e.g., secure email, chat, blog syndication)
- Anonymous Distributed Storage (e.g., TAHOE LAFS)
- De-anonymization
- S.9 Specialization: Space and Cyber
Example topics are as follows:
- Internet Access in Space (Interplanetary Internet, etc.)
- Internet Exposure
- Secure SATCOM
- Physical Attacks
- SATCOM Encryption (QUESS, etc.)
- Real-time Solutions
- SATCOM Threats (DoS, jamming, etc.)
- Threat mitigation
- Automated attack responses
- Military strategies
- AEHF
- S.10 Specialization: SCADA/ICS
Example topics are as follows:
- ICS/SCADA System Architectures
- ICS/SCADA Integration of Multiple ICS/SCADA Systems
- Integrations of IoT and ICS/SCADA Systems
- ICS/SCADA Network Topologies
- ICS/SCADA Device Architectures
- ICS/SCADA System, Component, and Hardware/Reverse Engineering
- ICS/SCADA Protocols/Reverse Engineering
- ICS/SCADA Human Machine Interface (HMI) Reverse Engineering
- ICS/SCADA Security Solutions
- Historical ICS/SCADA Security Failures and Impacts
- Military/IC Applications of ICS/SCADA (Defense and Attack)
- S.11 Specialization: Advanced Networking
Example topics are as follows:
- Advanced Traffic Analysis -- Beyond Wireshark
- Advanced Network Architectures (e.g., Future Internet Designs, Enclaves, Knowledge Plane)
- Advanced Security Architectures and Appliance Deployments
- Network Encryption Standards, Implementations and Verification
- Development and Analysis of Secure Routing Protocols
- Network Components Reverse Engineering
- Incident Response Techniques for Network-Based Attacks
- DDOS Deployment and Defense
- Development of Technologies for LPI/LPD and discovery of Networks using LPI/LPD techniques