Section 71.100.3 Information Systems Engineering Courses
Description:
This course covers ethical professional practices and responsibilities for engineers working within Quebec and Canadian legislative frameworks, touching on four main topics: professional systems, the ethics of engineering, the professional duties of an engineer, as well as the legal dimensions of professional practice. The course covers ethics, law, professional standards, and regulating human conduct. The course also addresses several ethical concerns and challenges in cybersecurity. These issues pervade numerous aspects of the economy and society in the information age, covering a wide range of topics from human rights to international trade. Students learn about these topics, beginning with an acquaintance with the dominant ethical frameworks of the 21st century, then employing these frameworks to understand, analyze, and develop solutions for leading ethical problems in cybersecurity. Using scenarios, students are also exposed to the best practices for an ethical cybersecurity.Component(s):
"Lecture"Prerequisite/Corequisite:
The following course must be completed previously: COEN 231 or COMP 232.
Description:
The introduction to this course covers cryptology, cryptography, cryptanalysis, confidentiality, integrity, authentication, non-repudiation. The following topics are then covered: mathematical background (modular arithmetic, basic algorithms, including Euclidean algorithm, extended Euclidean algorithm, square and multiply, Chinese remainder theorem); historical ciphers (shift cipher, substitution cipher, affine cipher, and Vigenere cipher); number theory problems (DLP, DHP, DDH, integer factorization); public key cryptography (RSA encryption, El-Gamal encryption, and digital signature schemes); cryptographic protocols (PKI, authentication protocols: challenge response, nonces, time stamps); symmetric key ciphers (block ciphers: DES, SPN, AES, lightweight ciphers); stream ciphers, hash functions, MAC; and side channel attacks.Component(s):
"Lecture"Prerequisite/Corequisite:
The following course must be completed previously:INSE 221 .
Description:
This course offers students an advanced mathematical background, covering the following topics: elliptic curves (introduction, the Group Law, elliptic curves over finite fields, projective coordinates, point compression, choosing an elliptic curve); lattices (lattices and lattice reduction), hard lattice problems, learning with errors (LWE), notions of security, post quantum cryptography, Shamir secret sharing, threshold-based cryptography; homomorphic cryptosystems; zero knowledge proofs; commitment schemes and oblivious transfer; advanced signature schemes (blind signature, group signature, ring signature); and secure multi-party computation (the two-party case, the multi-party case).Component(s):
"Lecture"Prerequisite/Corequisite:
The following courses must be completed previously: COEN 352 or COMP 352; INSE 349.
Description:
This course offers students recent examples of database security issues, including a brief overview of root causes; security configuration of a typical database product; operating system security principles; administration of users at the OS level vs. database level; profiles, password policies, privileges and roles; database application security models; known attacks and defences; database auditing and hardening models.Component(s):
"Lecture"Prerequisite/Corequisite:
The following course must be completed previously: INSE 221.
Description:
This course offers students the fundamentals of secure programming and introduces fundamental concepts, coding standards, design principles and best practices in DevSecOps. Topics include string-related vulnerabilities and defense, pointer-related vulnerabilities and defense, memory management-related vulnerabilities and defense, integer-related security issues, formatted output-related security issues, concurrency-related security issues, security vulnerabilities and linking, security in sockets programming, security vulnerabilities and signals, file I/O security. Students learn best practices and coding standards, design principles for secure programming, model based secure programming, and static analysis for secure programming.A project is required.Component(s):
"Lecture" 3 hours per weekPrerequisite/Corequisite:
The following courses must be completed previously: COEN 346 or COMP 346;INSE 349.
Description:
This course includes topics such as authentication, confidentiality, integrity, access control matrix, safety result, access control list, capability list, Windows security, UNIX/Linux security, security levels, mandatory/discretionary access control, integrity levels, BLP, Biba, conflict of interest, security design principle, password security, strong authentication, dictionary attack, password salt, one-time password, Lamport's scheme, challenge response, logging and auditing, host-based intrusion detection, anomaly detection, misuse detection, memory security, secure booting, UNIX network security services and firewall, covert channel, and information flow control.Component(s):
"Lecture"Prerequisite/Corequisite:
The following course must be completed previously: INSE 201.Description:
This course introduces basic topics of cybersecurity management, governance and best practices. This includes cybersecurity structures and baseline controls; asset management; cybersecurity operations; incident handling; security metrics; vulnerability management; supply chain security; risk management; cybersecurity awareness, training, and communication; government cybersecurity laws and regulations in Quebec, Canada, and worldwide.Component(s):
"Lecture" 3 hours per weekPrerequisite/Corequisite:
The following courses must be completed previously: ENGR 371, ENGR 391.Description:
The course introduces students to the foundations of artificial intelligence and machine learning (AI/ML) in cybersecurity, including basic concepts and workflows of AI/ML as well as different supervised learning, reinforcement learning, unsupervised learning, deep learning, and generative AI algorithms and applications in cybersecurity.Component(s):
"Lecture" 3 hours per week
Prerequisite/Corequisite:
The following courses must be completed previously: ENCS 282; ENGR 371; INSE 331, INSE 351. The following course must be completed previously or concurrently: INSE 445.
Description:
Students work in teams to design and implement a cybersecurity project based on requirements provided by the course instructor. Each team demonstrates the project and prepares adequate documentation for it. In addition, each team writes a report based on the process of development.Component(s):
"Lecture"Notes:
Prerequisite/Corequisite:
The following course must be completed previously: INSE 321.
Description:
This course provides students with an introduction to human aspects of security, including common evaluation methodologies for usable security; relationship between usability, deployability, and security; social engineering attacks; user study; statistical analysis for usability measurements; example evaluation of authentication in desktop vs. mobile devices, browsers, email applications, and private messaging; and defenses against social engineering attacks.Component(s):
"Lecture"Prerequisite/Corequisite:
The following course must be completed previously: INSE 401.
Description:
This course is on privacy and related concepts like anonymity, confidentiality, and censorship. The course covers the following topics: hashing, bloom filters, encryption, zero-knowledge proofs, multi-party computation, k-anonymity, differential privacy, trusted execution, separation of duties, digital credentials, onion routing, cookies, privacy-preserving data analytics and machine learning, genomic privacy, financial privacy, and secret ballot voting systems.Component(s):
"Lecture"Prerequisite/Corequisite:
The following courses must be completed previously: INSE 401, INSE 442.
Description:
This course provides students an introduction to cybercrime, including unauthorized access, mischief to data, possession of hacking tools, possession of child pornography, and others; legal aspects: Canadian judicial system, computer crime laws, charter of rights, common law, mutual legal assistance treaty, search warrants, production and assistance orders, international laws; investigation process: search planning, acquisition methods, environment recognition, evidence identification; digital forensics: tools, techniques and procedures; reporting process: investigation and analysis reports, note taking; authority of seizure; forensic interviews; computer crime trials: witness preparation, court sentencing, rebuttal witness, cross-examination, testimony, credibility attacks; and in-depth case studies.Component(s):
"Lecture"Prerequisite/Corequisite:
The following courses must be completed previously: INSE 331,INSE 351. The following course must be completed previously or concurrently: INSE 445.
Description:
Security auditing and compliance checking have been a popular security practice to ensure the accountability and transparency of a digital system. With the large-scale emerging technologies (including cloud computing, 5G networking, Internet of Things), the landscape of security auditing is rapidly evolving. This course prepares students with the knowledge of traditional security auditing techniques, as well as cutting-edge techniques for newer technologies. Topics include the definition of security auditing, review of existing security standards, interpreting security standards, formal verification methods and tools, machine-learning-based auditing approaches and current challenges in security auditing.Component(s):
"Lecture"Prerequisite/Corequisite:
The following courses must be completed previously: INSE 349, INSE 445.
Description:
This course provides a comprehensive exploration of the security challenges and solutions within wireless and mobile communications systems. As mobile devices become ubiquitous and play an integral role in people's daily lives, securing the communication channels and data they handle is paramount. This course covers a spectrum of topics ranging from the fundamentals of wireless networks to the intricacies of mobile operating systems and applications.Component(s):
"Lecture"Prerequisite/Corequisite:
The following courses must be completed previously: INSE 331,INSE 351.
Description:
Reverse engineering is the process of analyzing hardware or software and understanding it without having access to the source code or design documents. Malicious actors and hackers often are able to reverse-engineer systems and exploit what they find in terms of vulnerabilities. This course provides an in-depth exploration of reverse-engineering techniques and malware analysis methodologies. Students learn how to analyze and understand the inner workings of software, detect malicious activities, and develop skills to combat evolving cyber threats.Component(s):
"Laboratory"Prerequisite/Corequisite:
The following courses must be completed previously: INSE 321, INSE 349; COEN 366 or COMP 445 or ELEC 366.
Description:
This course provides students with a comprehensive understanding of network security essentials. The topics covered in this course include secure data transmission, web security, domain name system (DNS) protection, wireless network security, denial-of-service (DoS) attacks and mitigration, intrusion detection systems, firewalls, and security for advanced network architectures.Component(s):
"Lecture"Prerequisite/Corequisite:
The following courses must be completed previously: INSE 442, INSE 445.