Master of Science in Security by Design (MSSD) in SUTD After 1 Year (As a Part Time Student) in 2022

Photo by Jefferson Santos on Unsplash

Background Context

Master of Science in Security by Design is one-of-a-kind in that it focuses on bringing cybersecurity at the design stage of critical infrastructure and enterprise networks.

This focus enables the training of a special type of engineer who can not only contribute to the security of organizations that do online business, but also to the security of large scale public infrastructures such as power grid, water treatment and distribution, transportation, and oil and natural gas processing.

Students can either decide to finish the programme in 1 year (full-time) or 2 years (part-time).

Curriculum

• Foundations of CyberSecurity (core)
• Computer Networks (core)
• System Security (core)
• Secure Software Engineering (core)
• Security Tools Lab 1 (core)
• Security Tools Lab 2 (core)
• Cyber Crime (elective)
• Machine Learning (elective)
• Cyber Physical Systems (elective)
• Blockchain Systems (elective)
• Thesis (core)

Holistically, the programme covers fundamentals and domain specific areas such as Blockchain Security and Cyber Physical Systems.

Since I am doing this programme as a part-time student, I will be covering modules that I have completed in year 1.

Foundations of CyberSecurity

Course Overview

• Introduction: CIA, System & Attacker models, Security policy & mechanism, Access control matrix & delegation and etc.
• Security Policies: MAC, DAC, Bell-LaPadula model, Biba model, Lipner model and etc.
• Information Flow: Explicit & implicit information flows, Entropy & uncertainty, Compiler-based & Execution-based mechanisms and etc.
• Distributed Systems: Availability, Concurrency, Deadlock & semaphore, Fault tolerance & recovery and etc.
• Symmetric Encryption: Attacks (COA, KPA, CPA, CCA), Block ciphers (AES), Block cipher modes (ECB, CBC, OFB, CTR) and etc.
• Hash & MAC: Merkle-Damgard construction, MD-based hash functions, Hash-based MACs, Cipher-based MACs and etc.
• Secure Channel and Randomness: Design of PRNG, Authenticated encryption (CCM, GCM), Order of authentication & encryption and etc.
• Public-Key Cryptography: (E)GCD algorithms, Cyclic groups & CRT, Diffie-Hellman algorithm, RSA algorithm and etc.
• Cryptographic Protocols: Key negotiation (authenticated DH), Key distribution (Kerberos), Entity authentication, Non-repudiation and etc.
• Public Key Infrastructure: Trust models, Digital certificates & revocation.

My Experience

Even though this covered a broad overview of the fundamentals in cyber security, I barely passed. Most of the concepts were mathematical in nature and I had difficulty understanding the lectures. The module final grade consists of the assessment on 2 exam papers, 10 individual and 10 group assignments. The individual and group assignments are relatively easier to score, however, the exam papers are monsters (even though it is open book assessment).

Computer Networks

Course Overview

• Networking basics
• Network performance
• Client-server applications
• Peer-to-peer networking
• Transport layer (design principles)
• Transport layer (TCP)
• Network layer (design principles and IP)
• Network layer (interdomain routing and BGP)

My Experience

Even though this covered a broad overview of the fundamentals in computer networking, I barely passed. The module final grade consists of the assessment on 2 exam papers and an individual project. The exam papers have a much higher weightage and easily killed me (even though we are allowed to bring in a 2 sided handwritten cheat-sheet). The project is relatively easier as it was more practical in nature.

Systems Security

Course Overview

• Threat modelling, security principles, OS level access control
• Memory safety and protection mechanisms
• Network Security
• Internet Security
• Web Security
• Anonymity and Privacy, Tor
• User Authentication
• Side Channel Attacks
• Mobile Security
• Paper Criticism

My Experience

By far, one of the more interesting modules in MSSD. I did much better compared to foundational modules. The module final grade consists of the assessment on 2 exam papers, 8 group assignments and a group paper criticism. The group assignments and paper criticism helped a lot in calculating my final grade. The group assignments are more practical (coding involved) in nature. The exam papers are not that difficult but it is a closed book assessment.

Cyber Crime

Course Overview

• Research Study
• Forensics Labs

My Experience

There are just 2 components to this module. The research study has a 90% weightage towards the final grade. In this research study, the students work in groups and can expect to choose a topic. This topic defines what they are going to research on, how are they going to conduct the research and justification via statistics. In my opinion, this module could in some ways prepare for writing a thesis paper as part of the graduation requirements.

Security Tools Lab 1

Course Overview

• Passwords and Hashing
• Breaking Simple Ciphers
• BGP Attacks and Mininet
• Network Exploitation
• ARP Spoofing and TLS
• Software Defined Networking (SDN)
• Data Analytics
• Web Attacks
• Machine Learning
• Project (Data Analytics, Network Anomaly Detection, SSL Grader, Passwords)

My Experience

One of the most hands on practical modules in MSSD. In every week, the students have to submit a report of assignment. This is a individual assignment. At the last 4 weeks before the module ends, each student have to work on a project which they will submit. Overall, the pace of submitting a assignment every week could be overwhelming for some students as they could have work commitments. I particularly enjoy web attacks and network exploitation. By far, I scored well for this module.

Security Tools Lab 2

Course Overview

• Random Numbers and Cryptography
• Breaking Synchronous Stream Ciphers
• Hashing Collision Attacks
• Buffer Overflow and Race Conditions
• Email Security
• Introduction to Cyber Physical Systems
• Blockchain
• Privilege Escalation Attacks
• Ethereum and Smart Contracts
• Project (Security Ops Centre, DAPP Distributed Storage, Dark Web Analysis, Email Spam Filtering Techniques)

My Experience

One of the most hands on practical modules in MSSD. In every week, the students have to submit a report of assignment. This is a individual assignment. At the last 4 weeks before the module ends, each student have to work on a project which they will submit. Overall, the pace of submitting a assignment every week could be overwhelming for some students as they could have work commitments. I particularly enjoyed Buffer Overflow and Privilege Escalation Attacks. By far, I scored well for this module.

Takeaways

I can’t conclude my final verdict on the programme yet. I have to wait until I have submitted my thesis paper before making a final judgment. Stay tuned to Master of Science in Security by Design (MSSD) in SUTD After 2 Years (As a Part Time Student) in 2023.