...

Internal Self-Study Report Computer Science Graduate Program Academic Program Review April 2012

by user

on
Category: Documents
8

views

Report

Comments

Transcript

Internal Self-Study Report Computer Science Graduate Program Academic Program Review April 2012
Computer Science Graduate Program
Academic Program Review
Internal Self-Study Report
April 2012
Compiled by the Internal Review Committee:
Chair:
CS Faculty:
Dr. Florian Buchholz
Mr. Taz Daughtrey
Dr. Hossain Heydari
Dr. Michael Kirkpatrick
Dr. Brett Tjaden
Computer Science Graduate Programs Self-Study Report 2012
2
Table of Contents
I. Executive Summary ......................................................................................................................... 6 II. Computer Science Department Narrative .............................................................................. 7 A. History and Mission ...................................................................................................................................7 A-­‐1 History of the Computer Science Department............................................................................................7 A-­‐2 Mission Statement ...............................................................................................................................................10 A-­‐3 Support of College and University Statements........................................................................................11 A-­‐4 Students Served by Computer Science .......................................................................................................11 A-­‐5 Computer Science Department Staffing .....................................................................................................12 A-­‐6 Technological Support .......................................................................................................................................12 A-­‐7 Non-­‐Personnel Support.....................................................................................................................................13 A-­‐8 Adequacy of Facilities ........................................................................................................................................13 A-­‐9 Recommendation for Meeting Future Needs...........................................................................................13 IIIa. Computer Science Graduate Information Security Program Narrative..................15 A. InfoSec Program History and Mission .............................................................................................. 15 A-­‐1 History of the program ......................................................................................................................................15 A-­‐2 Current Mission Statement ..............................................................................................................................15 A-­‐3 Mission Statement Development ..................................................................................................................16 A-­‐4 Support of College and University Statements........................................................................................16 B. Program Goals and Objectives ............................................................................................................ 16 B-­‐1 Program Objectives and Mission...................................................................................................................16 B-­‐2 Activities Supporting Achievement of Goals and Objectives.............................................................19 B-­‐3 Faculty Role in Achieving Goals and Objectives .....................................................................................20 C. Program Structure and Reputation ................................................................................................... 20 C-­‐1 Current Structure of the Program.................................................................................................................20 C-­‐2 Curriculum Development and Long-­‐Range Planning ...........................................................................22 C-­‐3a Program Evaluation Against National Standards ................................................................................22 C-­‐3b Responsiveness of the Curriculum to Societal Needs ........................................................................23 D. Program Viability .................................................................................................................................... 24 D-­‐1 Program Viability in terms of State, Regional and National Needs................................................24 D-­‐2 Program Size and Needs for Expansion .....................................................................................................26 E. Academic Program Resource Use....................................................................................................... 26 E-­‐1 Changes Since the Last APR .............................................................................................................................26 E-­‐2 Changes Resulting from Technology ...........................................................................................................27 F. The Role of the Program in the College and University .............................................................. 27 F-­‐1 University-­‐Wide Efforts.....................................................................................................................................27 F-­‐2 Commitment of Students and Faculty to College and University-­‐Wide Efforts ........................28 G. The Role of Students and Alumni in the Program ........................................................................ 28 G-­‐1 Students....................................................................................................................................................................28 G-­‐2 Alumni.......................................................................................................................................................................29 H. Assessment Findings on Student Learning Objectives ............................................................... 29 H-­‐1 Assessment Findings..........................................................................................................................................29 H-­‐2 Quality of the Program’s Assessment Activities.....................................................................................31 Computer Science Graduate Programs Self-Study Report 2012
3
IIIb. Computer Science Graduate Digital Forensics Program Narrative..........................33 A. Digital Forensics Program History and Mission ........................................................................... 33 A-­‐1 History of the program ......................................................................................................................................33 A-­‐2 Current Mission Statement ..............................................................................................................................36 A-­‐3 Mission Statement Development ..................................................................................................................36 A-­‐4 Support of College and University Statements........................................................................................36 B. Program Goals and Objectives ............................................................................................................ 37 B-­‐1 Program Objectives and Mission...................................................................................................................37 B-­‐2 Activities Supporting Achievement of Goals and Objectives.............................................................38 B-­‐3 Faculty Role in Achieving Goals and Objectives .....................................................................................40 C. Program Structure and Reputation ................................................................................................... 40 C-­‐1 Current Structure of the Program.................................................................................................................40 C-­‐2 Curriculum Development and Long-­‐Range Planning ...........................................................................42 C-­‐3a Program Evaluation Against National Standards ................................................................................47 C-­‐3b Responsiveness of the Curriculum to Societal Needs ........................................................................48 D. Program Viability .................................................................................................................................... 49 D-­‐1 Program Viability in terms of State, Regional and National Needs................................................49 D-­‐2 Program Size and Needs for Expansion .....................................................................................................49 E. Academic Program Resource Use....................................................................................................... 50 E-­‐1 Changes Since the Last APR .............................................................................................................................50 E-­‐2 Changes Resulting from Technology ...........................................................................................................50 F. The Role of the Program in the College and University .............................................................. 50 F-­‐1 University-­‐Wide Efforts.....................................................................................................................................50 F-­‐2 Commitment of Students and Faculty to College and University-­‐Wide Efforts ........................50 G. The Role of Students and Alumni in the Program ........................................................................ 51 G-­‐1 Students....................................................................................................................................................................51 G-­‐2 Alumni.......................................................................................................................................................................53 H. Assessment Findings on Student Learning Objectives ............................................................... 53 H-­‐1 Assessment Findings..........................................................................................................................................53 H-­‐2 Quality of the Program’s Assessment Activities.....................................................................................55 IIIc. Combined Narrative for both Graduate Programs.........................................................56 I. Role of Faculty in the Program ............................................................................................................. 56 I-­‐1 Faculty Activities ...................................................................................................................................................56 I-­‐2 Faculty Qualifications ..........................................................................................................................................61 I-­‐3 Professional Development Overview ...........................................................................................................62 J. Quality and Quantity of Academic Support...................................................................................... 63 J-­‐1 Adequacy of Staffing.............................................................................................................................................63 J-­‐2 Library Resources .................................................................................................................................................64 J-­‐3 Technological Support.........................................................................................................................................64 J-­‐4 Non-­‐Personnel Support ......................................................................................................................................65 J-­‐5 Adequacy of Facilities ..........................................................................................................................................65 J-­‐6 Recommendation for Meeting Future Needs ............................................................................................65 K. Strategic Plan/Initiatives...................................................................................................................... 66 L. Potential Areas for Additional Review/Consulting ...................................................................... 68 IV. Documentation .............................................................................................................................70 Appendix 1: Program Requirements and Curriculum Design ...................................................... 70 Concentration in Information Security ...............................................................................................................70 Concentration in Digital Forensics........................................................................................................................71 Computer Science Graduate Programs Self-Study Report 2012
4
Five-­‐Year Concentration in Digital Forensics...................................................................................................72 Course Descriptions ....................................................................................................................................................73 Appendix 2: Alumni Surveys .................................................................................................................... 79 Appendix 3: Number of Declared Majors and Minors—A Four Year Retrospective.............. 80 Appendix 4: Service Role of the Academic Unit—A Four Year Retrospective ......................... 80 Appendix 5: Academic Unit Budget Information—A Five Year Retrospective........................ 81 Appendix 6: External Support and Sponsored Research ................................................................ 81 Appendix 7: Faculty Vitae.......................................................................................................................... 81 Appendix 8: Equipment and Facilities .................................................................................................. 82 Facilities............................................................................................................................................................................82 Computer Forensics Lab............................................................................................................................................82 Computer Science Program Development Lab................................................................................................82 Computer Science Software Engineering Lab..................................................................................................83 Computer Science Systems Development Lab.................................................................................................83 Computer Science Laboratory Support ..............................................................................................................83 High-­‐Performance Computing Facility................................................................................................................84 High-­‐Resolution Visualization Facility................................................................................................................84 Appendix 9: Summary of Assessment Data ......................................................................................... 85 Appendix 10: Annual Reports .................................................................................................................. 85 Appendix 11: Course Syllabi ..................................................................................................................... 85 Appendix 12: Reports Related to External Accreditation .............................................................. 85 Appendix 13: University Planning Database Information about Program Objectives ......... 86 Appendix 14: University Undergraduate and Graduate Catalogs................................................ 87 Computer Science Graduate Programs Self-Study Report 2012
5
I. Executive Summary
The James Madison University Computer Science department was established in 1992 and has
made substantial contributions to the university ever since. The program offers both Bachelor’s
and Master’s degrees in Computer Science. The Information Security concentration is well
established and has an excellent reputation among students and employers. The Digital Forensics
concentration is a new program that started in the Fall 2011 semester. The faculty is qualified
and highly dedicated. The facilities are adequate for the current enrollment, but need to be
expanded if enrollment grows. Demand for graduates from both programs is high and projected
to grow during the next five to eight years. Assessment data for the InfoSec program indicates
that program outcomes are good. An assessment strategy for the new Digital Forensics program
is still being developed. Efforts are continually underway to improve the curriculum, pedagogy,
and facilities. Both graduate programs currently suffer from enrollment problems, and the
graduate faculty is developing strategies to address those.
Computer Science Graduate Programs Self-Study Report 2012
6
II. Computer Science Department Narrative
A. History and Mission
A-1 History of the Computer Science Department
At some point, a decision was made to start teaching computer science courses at James Madison
University (JMU). It is not clear when that decision was made, although the principal causative
factor was probably the result of an initiative of some members of the Department of
Mathematics. Around 1968, there was one academic computer on campus, an IBM 1130. This
computer was physically located in the Department of Mathematics. At that time there were only
two persons on campus who knew about its operation, and instruction in the programming and
operation of this computer was done on an informal basis. During the fall semester of 1969, one
formal 3-credit course, Digital Computer Programming, was taught using the programming
language FORTRAN IV. Around this same time, four members of the Mathematics faculty made
an informal commitment to learn how to program. In 1972, two new courses were added to the
curriculum, and in 1975, a one-credit BASIC service course was added, and groundwork was
initiated to begin a more rigorous program.
During the 1976 and 1977 academic years, an IBM assembly language course was incorporated
into the regular offerings of the Mathematics Department along with courses in combinatorics,
the design and analysis of algorithms, and numerical methods. These resulted in heavy use of the
computer. In addition, plans were in the works for offering some other courses in computer
science. During 1978, data structures, and theory of programming languages were added to the
curriculum. Also in 1978 the name of the Mathematics Department was officially changed to the
Department of Mathematics and Computer Science.
During these initial years any new major had to be approved by the central offices of the
Commonwealth of Virginia. As a result, it was very hard to get a new major approved. However,
JMU could approve minor programs internally. Taking advantage of its authority to do this, JMU
in 1979 started offering a new minor in Computer Science. The intent of this new minor was not
only to provide to JMU students a new opportunity for study, but also to demonstrate to the
Commonwealth of Virginia that JMU had both the demand and the capability to offer a major in
Computer Science. In working with students interested in the minor, the faculty determined that
several of the students were in a position to satisfy the requirements for the minor almost
immediately. This approach turned out to be successful, because students with computer skills
were in great demand in industry at the time.
Computer Science Major—Charles W. Reynolds became the first faculty member with a Ph.D.
in Computer Science when he joined the department in 1980. The second professor with a Ph.D.
in Computer Science was John Fairfield, who joined the department in 1981. Those among the
mathematics faculty who were already working in the Computer Science program continued to
do so after Drs. Reynolds and Fairfield joined the department. Finally, during 1981, the
Commonwealth granted the long-awaited approval for a major in Computer Science. The
original degree program required a rigorous mixture of Computer Science, Mathematics, and
Physics. The new major had a few graduates almost immediately. The first graduates of this new
major were already in high demand, and the number of students enrolled as Computer Science
majors began growing rapidly.
Computer Science Graduate Programs Self-Study Report 2012
7
By the beginning of 1984, the growth of the Computer Science program resulted in the need for a
Program Coordinator. Two additional dedicated Computer Science positions were also created
and filled that year, but these new hires did not stay in the department. Two additional faculty
with a Ph.D. in Computer Science were hired, one during the fall of 1985 (J. Archer Harris) and
the other in 1988 (Ramon A. Mata-Toledo). Several faculty members whose primary background
was Mathematics continued contributing to the Computer Science program, including some
whose entire academic effort was in Computer Science. JMU graduates in Computer Science at
this stage of the program had many exciting career possibilities.
CS Graduate Program—The Mathematics and Computer Science department began offering
graduate courses in Computer Science as part of the MS program in Mathematics in 1985. A
graduate program in Computer Science was approved that year, and the MS program in
Computer Science was offered for the first time in 1986. The program required 30 credit hours
with a core of 18 hours consisting of courses in programming languages, operating systems,
database systems, and software engineering, and electives in complexity theory, numerical
methods, and topics in computer science. The program was unchanged until 1992, when the core
was changed to 12 credit hours in operating systems, applied complexity theory, programming
languages, and database systems; the remaining 18 hours were electives chosen from these areas
as well as software engineering, numerical analysis, or a variety of other topics like artificial
intelligence and natural language processing.
Computer Science Department—Toward the end of the 1980s, the university took under
consideration the possibility of moving computer science into a department of its own. In August
1989, JMU President Ronald Carrier appointed a Greater University Commission under Donald
D. Litten to develop a new academic program charged with producing a technologically
proficient workforce. The commission proposed major changes to the curriculum, and
recommended the establishment of a new college. A later blue-ribbon panel was appointed,
headed by Dr. John H. Gibbons. This panel reviewed the proposals that had been made by the
Greater University Commission, and approved the creation of the new college, to be called the
College of Applied Sciences and Technology. This college, subsequently renamed the College of
Integrated Science and Technology (CISAT), embodied the spirit as well as the specifics of the
reforms then being cited as needed in higher education. The blue-ribbon panel presented its final
report in January 1990. Among several other recommendations and suggestions, the panel
recommended that JMU proceed with preparations for the new college, and also urged the
Commonwealth to commit to its creation. In January of 1992, the Commonwealth did commit to
the creation of the new college, and a pilot program was begun. At that point, the college
included two departments: a new, innovative Integrated Science and Technology program, and
also the Department of Computer science. Thus, Computer Science was split off from the
Department of Mathematics, and contributed to the new college an established degree program at
the University. Of the two new departments, only the CS department was staffed at that time. Dr.
Charles W. Reynolds served as its first Academic Unit Head. At this time another Ph.D. in
Computer Science, Chris Fox, was hired. For the first two years after the departments separated,
many Mathematics faculty members continued teaching Computer Science courses, but by
January 1995, mathematics faculty members were contributing only on a limited part-time basis.
The Computer Science program continued to grow rapidly after it had become a separate
department and moved into the College of Integrated Science and Technology. By 1993, there
were over 200 computer science majors, and another Ph.D. in Computer Science was hired,
Computer Science Graduate Programs Self-Study Report 2012
8
Alade Tokuta. An effort was also undertaken to closely integrate Computer Science with the new
ISAT department, and to revise its curriculum using many of the same principles that were
involved in forming the ISAT major.
Rapid Growth—In the mid-1990s there was considerable interest in the new idea of distance
education provided over the Internet, as well as concern with weak enrollment in the Computer
Science graduate program. These considerations led the Computer Science department to
establish a new graduate program in 1997. The new program had two components: an on-campus
program in general Computer Science and a distance education program in Information Security.
The on-campus program had core courses in operating systems, database system, and software
development. Each core course was the first in a series of three courses leading to certificates in
networks and data communications, database management systems, and software engineering.
The certificate programs were intended to attract enrollees from the community who might then
complete the entire MS program. The information security distance education program was
taught mainly over the Internet (and eventually entirely so). It consisted of the same 9-credit core
as the on-campus program, plus 21 credits in required courses in information security. The
distance information security program grew rapidly, thanks to a concerted recruiting effort,
eventually enrolling cohorts as high as 100 students, and received accolades and funding from
national security agencies. The on-campus program was less successful in growing its
enrollment.
Rapid increases in graduate enrollment were matched by huge increases in undergraduate
enrollment, which resulted in the need to hire many faculty in the period 1997-2004. The faculty
hired in this period were John Cordani in 1997, Charles Abzug, Hossain Heydari, and Bob
Tucker in 1998, Mohammed Eltoweissy and John McDermott in 1999, Elizabeth Adams and
David Bernstein in 2000, Taz Daughtrey, Ralph Grove, Malcolm Lane, and Sam Redwine in
2001, Mohammed Aboutabl, Ruben Prieto-Diaz, Michael Norton, Brett Tjaden and Xunhua
(Steve) Wang in 2002, and Nancy Harris in 2004, and Florian Buchholz in 2005. There were also
several moves made within the university and within the department as well as several departures
during this period. These changes included the appointment of Dr. Reynolds as interim dean of
the College of Integrated Science and Technology in 1998-1999, with Dr. Fox acting as interim
CS Academic Unit Head in his absence. Dr. Malcolm Lane was appointed Academic Unit Head
in August 2000. Four faculty left the university during this period: John Fairfield resigned to
devote his full energies to founding Rosetta Stone. Mark Lattanzi also left to help found a private
software company. John Cordani left to take a higher-paying position in private industry. Charles
Reynolds took a sabbatical at the U.S. Military Academy during the 2001-2002 academic year,
and subsequently was offered and accepted a permanent position there. The Computer Science
faculty in 2004 numbered 18; including joint appointment with the ISAT program, there were 21.
The department has never been larger than that.
Enrollment Declines—After 2001, enrollments in undergraduate Computer Science dropped
nationwide and at JMU as well. The number of CS majors went from over 450 in 2000 to under
200 in 2005; enrollments have grown slowly since then, and we now have just under 330 majors.
Also in 2001 a decision was made to limit the size of the cohorts in the distance education
program because extremely large cohorts were simply unmanageable. Over time, enrollment in
the distance program also declined as more universities established programs in Information
Security, reducing the pool of potential students.
Computer Science Graduate Programs Self-Study Report 2012
9
Enrollment in the on-campus graduate program remained low and in 2003 a new curriculum was
launched in Secure Software Engineering to try to improve enrollment. This effort failed to
increase on-campus graduate enrollments significantly and in 2006 a slightly modified program
in Secure Systems was launched. This effort also failed to increase enrollment.
This long decline in both graduate and undergraduate CS enrollment meant that few faculty were
hired to replace faculty who left. John McDermott left in 2002 to return to the Naval Research
Lab, Mohamed Eltoweissy left in 2005 for Virginia Tech, Bob Tucker left in 2007 for Liberty
University, Ruben Prieto-Diaz left in 2008 for a Spanish university, Charles Abzug, Elizabeth
Adams, and Sam Redwine retired in 2009, Malcolm Lane retired in 2010, and Arch Harris
retired in 2011.
Current Status—The spate of retirements, combined with gradually rising undergraduate
enrollments, finally made it necessary to hire several faculty members and a new Academic Unit
Head. Sharon Simmons became the CS Academic Unit Head in 2010. In 2011 Michael
Kirkpatrick, Christopher Mayfield, and Nathan Sprague were hired. The department now has 16
faculty; when ISAT joint appointment is included, there are 19 faculty.
In yet another effort to improve on-campus graduate enrollments, the department decided to
convert the Secure Systems program into a Digital Forensics Program in 2009, and this
conversion has been occurring over the last several years. It is not yet clear whether it will have
the desired effect.
The addition of three new faculty members starting fall 2011 provides the department with an
opportunity to revisit its undergraduate curriculum. The department is also considering whether
it should seek ABET accreditation; if so, this will have considerable curricular ramifications.
Finally, JMU is in the midst of altering the structure of its colleges, and Computer Science will
likely be forming a new college in conjunction with Integrated Science and Technology and the
School of Engineering. This may have consequences for the Computer Science curriculum and
the structure of the department.
A-2 Mission Statement
The department has three mission statements: one for the undergraduate program and two for the
graduate programs.
The undergraduate mission statement is the following.
To be an intellectual community that continually explores the broad field of computing,
applies this knowledge to solve problems in a variety of domains, and engages with the
profession and society at large.
This mission was developed by Computer Science faculty at a retreat in August of 2011,
replacing the mission statement that had been in place since 1999.
The on-campus (Digital Forensics) graduate program mission statement is the following.
To offer quality education in digital forensics from a computer science perspective
through a systems-oriented curriculum that provides the skills and knowledge needed to
support digital investigations.
This mission statement was developed by the On-campus Graduate Committee in 2011.
Computer Science Graduate Programs Self-Study Report 2012
10
The mission statement for the online (Information Security) graduate program mission statement
is the following:
We are committed to providing a premier information security education that equips
graduates with the knowledge and skills necessary to design, implement, and maintain secure
modern information infrastructures and systems.
This mission statement was developed by the Computer Science faculty in 2005.
A-3 Support of College and University Statements
University and College Mission Statements—The JMU mission statement is the following.
We are a community committed to preparing students to be educated and enlightened
citizens who lead productive and meaningful lives.
The mission statement of the College of Integrated Science and Technology is the following.
To educate students in the areas of the applied sciences, health, technology and human
services, as well as to prepare them to enter professions or to undertake advanced study.
The CS Department’s undergraduate mission to be an intellectual community accords with the
JMU mission to be a community, except that the CS mission views students as part of our
community who, by joining the faculty in exploring Computer Science, solving problems, and
engaging the profession, become educated in Computing and prepared for advanced study or
careers in the Computer Science. The CS mission thus encompasses the university mission with
a broader view of the community. It also includes the college mission, regarding education in the
applied science of computing an outcome of exploring the field, solving problems, and engaging
the profession.
The CS Department’s graduate mission statements share an emphasis on preparing students to
implement and maintain secure computing infrastructure; this supports the College’s mission to
educate students in applied science and technology and the University’s mission to prepare
educated and enlightened citizens. The CS Department’s graduate mission to prepare highly
skilled individuals ready for professional employment supports the College’s mission to prepare
students to enter professions and the University’s mission to prepare citizens to lead productive
and meaningful lives.
A-4 Students Served by Computer Science
The data below shows the number of students served by the department in the last decade along
with the number of faculty and the ratio between the number of major and graduate students and
the number of faculty in the department.
Note: The counts of minors between 2003-2004 and 2006-2007 is estimated in the table below
based in departmental records.
00-01 01-02 02-03 03-04
04-05 05-06 06-07 07-08 08-09 09-10 10-11 11-12
Majors
503
412
322
256
191
189
242
218
234
257
261
303
Minors
127
62
51
30
25
19
24
28
27
34
43
21
SSE
47
32
35
18
18
18
21
22
22
25
24
23
Computer Science Graduate Programs Self-Study Report 2012
11
InfoSec
87
118
87
87
82
71
66
62
56
50
56
60
Total
637
562
444
361
291
278
329
302
312
332
341
386
Professors
14
16
16
17
18
18
18
18
17
14
14
16
Ratio
45.5
35.1
27.8
21.2
16.2
15.4
18.3
16.8
18.4
23.7
24.4
24.1
In this table, minors are not included in the student-faculty ration. In general, the overall decrease
in enrollment since 2000 has greatly reduced our student-faculty ratio; this ratio has increased
again in the last four years and now is at an optimal level. In other words, at this student-faculty
ration, faculty are teaching a full complement of courses that are at or near their maximum sizes,
and our classrooms and laboratories are fully utilized. Further enrollment increases that push this
ratio much higher will make class sizes or class loads too high, and leave the department short of
classroom and laboratory space.
A-5 Computer Science Department Staffing
The CS department has three secretaries and one computer support technician. Gwen Good is the
departmental office manage and the Academic Unit Head’s administrative assistant. She handles
all budgets and supports the Academic Unit Head. Carole Ritchie supports the undergraduate
program. Kathy Laycock supports the graduate programs. Livia Griffith takes care of the
department’s labs and Linux servers. Finally, a part-time student assistant is hired every semester
to assist the secretaries. These resources are adequate to departmental needs.
The graduate program has six graduate assistant positions. Faculty request assistants to help with
courses or research at the start of each semester. No graduate students ever teach classes on their
own. The on-campus graduate program often has trouble recruiting students, and faculty could
probably make use of more graduate assistants, so there is justification to increase the number of
graduate assistantships.
As noted, a student assistant is hired to support the secretaries. In addition, between 15 and 20
student lab assistants are hired to help students in the evenings with their programming projects.
These undergraduate student assistants are a great help to students in the introductory
programming sequence and we believe are essential in retaining students in these courses and
hence in the major. Student assistants are paid from the department’s operating budget rather
than from the personnel budget, so these positions are vulnerable to general budget cuts.
Furthermore, more student assistants will be needed if enrollment continues to increase.
Consequently there is a need for stable and probably increasing funding for these positions.
A-6 Technological Support
The CS department must have computer laboratories sufficient to support our courses that have
laboratory components, our distance program in InfoSec, research, and extra-curricular activities.
Teaching Labs: Currently the department has a Software Engineering Lab with 30 Macs, a
Program Development Lab with 30 Linux machines, a Systems Development Lab with 24
seats for networking and operating systems work, and several Linux machines accessible
over the web. The Software Engineering and Program Development labs, along with support
provided by the servers, are sufficient to support our general lab classes, but if enrollment
increases, we will not have enough seats, particularly for our introductory courses. The
Computer Science Graduate Programs Self-Study Report 2012
12
Systems Development Lab has outdated machines and is not able to support the needs of
courses in operating systems and networking. Faculty interested in pursuing course
development in other areas (such as robotics or embedded programming) have no space to do
this work and no budget to acquire equipment.
InfoSec program: The InfoSec program needs servers to support the program web site,
which provides the virtual campus for the program. Currently the servers themselves are
adequate to the needs of the program, but adequate network connectivity, security, and file
storage are lacking. Another area of need is backup technology.
Research: The department has a Computer Forensics lab to support research in this area.
There is no budget available for purchasing equipment to support research in other areas.
CyberDefense: The department currently has one 24 seat CyberDefense lab to support
classes and the CyberDefense club. This resource is adequate to needs in this area.
A problem that affects all our labs is an inability on the part of the JMU administration and
Information Technology organization to recognize the need for Computer Science to have labs
different from general purpose labs, and the lack of expertise and ability to support nonWindows environments.
A-7 Non-Personnel Support
The department’s operating budget has been virtually unchanged for 20 years. Fortunately, the
department has an arrangement whereby it receives a fraction of the tuition money from the
InfoSec program, which has provided funding for travel, equipment, and so forth for which the
operating budget has not been sufficient.
After the last APR, a major effort was begun by Malcolm Lane to obtain scholarship funding.
This effort has been quite successful, with several individuals and companies donating money
supporting about a dozen modest scholarships. Furthermore, JMU has in recent years provided
more scholarship money to departments. In 2011 Computer Science undergraduate received a
total of $27,700 in scholarships.
A-8 Adequacy of Facilities
The CS department is housed in a modern and well-maintained building (ISAT/CS), and it
controls most of the space on the second floor, which houses offices, support spaces (such as a
mailroom and workroom), two classrooms, and three laboratories. We also have two labs on the
first floor of ISAT/CS, and we can schedule classes into rooms in the Health and Human
Services (HHS) building.
Currently all faculty have private offices. All classrooms are adequate. We have space for
existing laboratories (as noted above), but there is no space available to support new initiatives in
teaching or research, such as a space for a robotics or embedded systems labs or for new research
projects. Furthermore, enrollment growth in the last three years has been 5%, 8.7%, and 9.2%. If
enrollment continues to increase (and especially if the increase continues to accelerate), then
classroom and teaching lab facilities will not be adequate in two to three years. Faculty office
space will not be adequate if we hire more than one additional faculty member.
A-9 Recommendation for Meeting Future Needs
Predicting enrollment in Computer Science is very difficult, as witnessed by the unexpected
Computer Science Graduate Programs Self-Study Report 2012
13
crash in enrollment after 2000, and the much anticipated but tardy recovery that finally began
three years ago. However, the CS undergraduate program is growing at a rate of about eight
percent per year. We do not anticipate significant growth in the CS graduate programs, but there
is still need for better support for the infrastructure undergirding the InfoSec program.
The CS department is currently at capacity with respect to class size, office space, and general
labs, and it lacks space and equipment for special purpose labs. If the undergraduate program
continues to grow, as seems likely, the department will need to offer more sections of classes
within two to three years, which will require hiring more faculty (who will need office space),
and opening another general lab (which will require space and equipment).
In light of this analysis, the CS department makes the following recommendations:
• Upgrade the network connectivity, security, storage capacity, and backup mechanisms for
the Information Security servers.
• Purchase new equipment for the Systems Development Lab sufficient to the needs of
courses in operating systems and networking.
• Allocate space and budget necessary to equip one small laboratory used for project courses
and Honors projects.
• Allocate space and budget for equipment, perhaps in partnership with other departments,
to support new program development and research. There is currently interest in a robotics
program, for example, which needs this kind of support.
• Plan for new faculty offices and another general purpose CS lab to meet anticipated
growth.
• Plan to replace equipment in the existing general purpose labs in the next three years as
equipment ages and becomes obsolete.
• Plan for more classroom space to be used by CS in the ISAT/CS/HHS building complex.
• Work to help the administration and university IT organization understand that Computer
Science has need of specialized laboratories, and encourage IT to develop expertise in
supporting non-Windows environments.
The upcoming move of several departments out of HHS provides a rare opportunity for CS to
acquire more space that could be used to support research and enrollment growth. However, the
university needs to recognize that CS needs more space, and money must be allocated to
refurbish the space.
Computer Science Graduate Programs Self-Study Report 2012
14
IIIa. Computer Science Graduate Information Security Program Narrative
A. InfoSec Program History and Mission
A-1 History of the program
The mathematics and computer science department began offering graduate courses in computer
science as part of the MS program in mathematics in 1985. A graduate program in computer
science was approved that year, and the MS program in computer science was offered for the
first time in 1986. In the mid-1990s, a college mandated effort to establish a graduate computer
science distance education program began. In 1997, a radically new computer science graduate
program appeared that had two concentrations: an on-campus program in general computer
science and a distance education program in information security.
The information security distance education program was taught mainly over the Internet (and
eventually entirely so). It consisted of the same 9-credit core as the on-campus program, plus 18
hours of required courses in information security, and a three-credit elective in information
security. The distance information security program grew rapidly thanks to a concerted recruiting
effort, eventually enrolling cohorts as high as 100 students, and it received accolades and
contractual support from the National Security Agency and other organizations. But many
problems attended the birth of this new program. Web server infrastructure and support were
initially lacking; the curriculum was very unsettled due to the novelty of the subject area; course
development was a challenge due partly to the lack of experience in developing online materials,
and partly to the large cost of developing them. Finally, and most seriously, it proved very
difficult to find and retain qualified and reliable online instructors in information security. All
these problems lead to much dissatisfaction and many changes over the first several years of the
program.
In 2001 it was decided that the distance program could not support such large cohorts of
students, and it was decided to limit each cohort to about 40 students. This move resolved most
of the outstanding problems with the program, and program quality greatly improved. Recently,
to keep the quality of education without over stressing our faculty resources, we would like to
start with around 30 students in each new cohort, to end up with around 22 in the cohort, due to
attrition. We believe this is the maximum number of students we should have in any of our
Internet-based courses, without sacrificing quality. The curriculum has also been evolving
steadily. We are always conscious of the program quality and its relevance. The web
infrastructure and support problems have mostly been resolved, and we hired a great group of
faculty whose expertise is in the Information Security. This greatly helped our technical course
offerings in Information Security, were faculty expertise is at a premium. We still have to rely
on adjunct faculty to teach five of our courses. Ideally, we need to hire at least one more faculty
with expertise in Information Assurance to teach our courses, so we don’t have to rely on
adjuncts, although they are highly qualified. Overall, the program is now stable and well
established.
A-2 Current Mission Statement
The mission statement for the graduate Information Security program is the following:
Computer Science Graduate Programs Self-Study Report 2012
15
We are committed to providing a premier information security education that equips
graduates with the knowledge and skills necessary to design, implement, and maintain secure
modern information infrastructures and systems.
A-3 Mission Statement Development
This mission statement was developed by the Information Security committee and was modified
and adopted by the Computer Science faculty in 2005.
A-4 Support of College and University Statements
University and College Mission Statements—The JMU mission statement is the following.
We are a community committed to preparing students to be educated and enlightened
citizens who lead productive and meaningful lives.
The mission statement of the College of Integrated Science and Technology is the following.
To educate students in the areas of the applied sciences, health, technology and human
services, as well as to prepare them to enter professions or to undertake advanced study.
The CS Department’s graduate mission statements share an emphasis on preparing students to
implement and maintain secure computing infrastructure; this supports the College’s mission to
educate students in applied science and technology and the University’s mission to prepare
educated and enlightened citizens. The CS Department’s graduate mission to prepare highly
skilled individuals ready for professional employment supports the College’s mission to prepare
students to enter professions and the University’s mission to prepare citizens to lead productive
and meaningful lives. Our graduates are highly successful Information Security professionals
serving government and industry, protecting the nation's information system infrastructures.
Please see a sample list of our alumni in the following section.
B. Program Goals and Objectives
B-1 Program Objectives and Mission
The 100% online Information Security (InfoSec) Master's program at James Madison University
caters to the needs of working professionals. The online program is delivered to students
asynchronously over the Internet, so courses are available anytime and at any location.
In addition to a Master of Science in Computer Science degree, all graduates receive two
certifications, approved by the National Security Agency (NSA) and The Department of
Homeland Security (DHS). These certificates are Information Systems Security (INFOSEC)
Professionals (NSTISSI No. 4011) and Information Systems Security Officers (CNSSI No.
4014).
We are also officially recognized to offer three additional NSA and DHS approved certifications,
National Information Assurance Training Standard for Senior Systems Managers (CNSSI-4012),
National Information Assurance Training Standard for System Administrators (CNSSI-4013),
and National Training Standard for Systems Certifiers (NSTISSI-4015). Courses for these
certificates will be offered as we have enough student interest to justify offering them.
The need for well-trained security professionals increases as companies and government rely
more on the Internet and computer networks. Today, U.S. government and industries need
techniques, methods, and disaster recovery plans developed and implemented to better protect
Computer Science Graduate Programs Self-Study Report 2012
16
information infrastructures. Research shows that billions of dollars are wasted each year due to
security breaches and the spread of malicious code. Assurance techniques are needed to protect
critical information from the following:
•
•
•
•
•
Hacker Attacks
Internal Attacks
Malicious Code (Trojan horses, worms, viruses)
Government and Industrial Espionage
Natural Disasters
JMU InfoSec provides a highly technical education designed to educate the next generation of
security professionals. Students need exposure to technical aspects and policies and procedures
of Information Security in order to fill this vital need. Each cohort starts with a sequence of
preparatory courses in May. Students can finish their preparatory courses by the end of the fall
semester. Throughout the program, students take two courses each semester.
The InfoSec program provides quality education, professional development, and research
opportunities in the area of Information Security. The InfoSec program enjoys a great reputation
in both government and Industry.
Graduates shall be able to:
•
•
•
•
•
•
•
Understand, evaluate, and implement Computer Security,
Understand, evaluate, and implement Network and Web Security,
Understand, evaluate, and choose Cryptographic algorithms for a given application,
Understand, evaluate and implement Distributed Network Security,
Understand, evaluate, and implement proper methodologies to implement secure software.
Understand, evaluate, and implement Intrusion Detection (recovery and response) procedures
to better protect the infrastructure.
Understand Cyber Ethics and Law and implement procedures to better secure the
organization’s assets.
Students graduating from the InfoSec Masters program will be able to:
•
•
•
•
•
•
•
Assess and detect Computer Security issues and design and implement policies and
procedures to protect such systems.
Assess and detect Network and Web Security issues and design and implement policies
and procedures to protect such systems.
Learn and evaluate different Cryptography techniques and recommend most appropriate
algorithms for a given application.
Assess and detect Distributed Network Security issues and design and implement policies
and procedures to protect such systems.
Design and implement policies and procedures to improve Assurance and Secure
Operations of a given network and system
Detect malicious intrusions into an Information System Infrastructure, recover from such
intrusions, and respond to such intrusions.
Understand and evaluate ethical issues, legal resources and recourses, policy
implications, and ethical challenges faced by individuals and organizations in the
information age. Understand the complex and dynamic state of the law as it applies to
behavior in cyberspace.
Computer Science Graduate Programs Self-Study Report 2012
17
•
•
Perform computer crime investigations, recover and analyze digital evidence, addressing
legal and technical issues.
Design and evaluate certification and accreditation of trusted systems, including
hardware and software considerations. Implement and configure management and
systems administration of trusted systems. Design and implement aggressive monitoring
and setting traps for the intruder. Understand the psychology and successful modus
vivendi of the attacker to generate and maintain a powerful defense for a given
Information Infrastructure.
Courses in the InfoSec program are:
CS 523: Ethics, Law and Policy in Cyberspace
CS 550: Operating Systems
CS 555: Secure Software Engineering
CS 560: Networks and Network Security
CS 625: Secure Operations
CS 627: Cryptography: Algorithms and Applications
CS 633: Computer Forensics
CS 652: Formal Methods for Information Security
CS 660: Advanced Network Security
CS 700: Thesis, or two of the following courses:
CS 621: Software Assurance
CS 640: Malware Analysis
CS 675: Distributed Computing and Security
CS 685: Selected Topics
Program objectives are mapped to the courses in the following table:
Objective
CS523 CS550 CS555 CS560 CS621 CS625 CS627 CS633 CS660 CS675
Computer
Security
X
X
X
Network and
Web Security
X
X
X
Cryptography
X
Intrusion
Detection
(recovery and
response)
X
X
Distributed
Network
Security
X
Software
Assurance
X
X
X
X
X
X
Computer Science Graduate Programs Self-Study Report 2012
X
18
Objective
Cyber Ethics
and Law
CS523 CS550 CS555 CS560 CS621 CS625 CS627 CS633 CS660 CS675
X
X
Computer
Forensics
X
B-2 Activities Supporting Achievement of Goals and Objectives
We periodically map our course objectives to the essential Information Security body of
knowledge. This helps us make sure we are covering the latest developments in the field.
The InfoSec program is responsible for the Department of Defense (DoD) designation of JMU as
one of the original seven National Centers of Academic Excellence in Information Assurance
Education (CAEIAE). The National Security Agency (NSA) and the Department of Homeland
Security (DHS), in support of the President's National Strategy to Secure Cyberspace, jointly
sponsor the CAEIAE program. The goal of the program is to reduce vulnerability in our national
information infrastructure by promoting higher education in information assurance (IA), and
producing a growing number of professionals with IA expertise in various disciplines. The
following paragraphs are copied from the NSA’s website:
Under this program, 4-year colleges and graduate-level universities are eligible to apply to be
designated as a National Center of Academic Excellence in IA Education. Each applicant must
pass a rigorous review demonstrating its commitment to academic excellence in IA education.
During the application process applicants are evaluated against stringent criteria. Designation
as a CAEIAE is valid for five academic years, after which the school must successfully reapply in
order to retain its CAEIAE designation.
CAEIAEs receive formal recognition from the U.S. government, as well as opportunities for
prestige and publicity, for their role in securing our nation's information systems. Students
attending CAEIAE schools are eligible to apply for scholarships and grants through the
Department of Defense Information Assurance Scholarship Program and the Federal Cyber
Service Scholarship for Service Program (SFS).
JMU was up for the renewal of its CAE designation in 2007-2008 academic year. We submitted
our course syllabi, mapped our courses to the DoD standards, and submitted our application
throughout the year. We were officially re-designated as a CAE in June 2008; Dr. Heydari
attended the award ceremony. We had to apply for re-designation, once every three years.
Starting 2007 the process changed, the designation is now good for five years. We are up for our
re-designation this year. We will do our best to qualify, once again. Based on our course
evaluation/mapping, we are authorized to offer five DoD/DHS approved certifications:
NSTISSI No. 4011: Information Systems Security (INFOSEC) Professionals
CNNS 4012: Information Systems Security Managers
CNNS 4013: Information Systems Security Administrators
CNSSI No. 4014: Information Systems Security Officers.
Computer Science Graduate Programs Self-Study Report 2012
19
CNNS No. 4015: Systems Certifier Professionals
These certificates are valuable for all companies working with DoD, so graduates with these
certificates have better job opportunities with these companies (most are located in our
geographical area). Also, some agencies (including NSA) hires students with theses certificates a
grade higher, so they also have monetary value.
Our InfoSec program is one of the most comprehensive masters programs in Information
Security in the nation. It covers all aspects of InfoSec, from Law and Ethics in Cyberspace to
Computer Forensics. It is one of the best quality technical masters programs in the nation and
enjoys a great reputation both in government and industry.
B-3 Faculty Role in Achieving Goals and Objectives
All full time faculty teaching our InfoSec courses participate in our bi-weekly scheduled InfoSec
Committee meetings. Discussions in these meetings include course content, program content,
program issues, program improvement ideas, content relevance, and recruiting ideas. We also
ask our adjunct faculty for their input, where appropriate and relates to their course or field of
expertise. Student comments from the exit surveys and from course evaluations are discussed in
these meeting as well. InfoSec faculty also discusses the recommendations made by the advisory
committee, executive committee, and the retreats, explained below.
So, our faculty is heavily involved in carrying out our program’s goals and objectives.
C. Program Structure and Reputation
C-1 Current Structure of the Program
The Graduate InfoSec program at James Madison University is designed for working
professionals. The program is delivered to students through the Internet without the frustration of
commuting in traffic to and from on-campus classrooms. JMU InfoSec provides professional
development and research opportunities for those currently employed or interested in
information security or infrastructure protection positions in both the government and private
industry.
The program is attuned to the rapid advances in our information society and incorporates new
technologies into the program curriculum. Information Security is covered in every class as it
relates to the course subject matter.
Typically, candidates have prior degrees in Computer Science or ample work experience in the
field. Although programming is not used extensively, students are required to write programs in
several courses. In order to succeed in the program, candidates must have skills in the following
areas:
•
•
•
•
C++ Programming
Computer Organization
Data Structures
Discrete Mathematics
We have designed four preparatory courses to cover the prerequisite knowledge required.
Depending on their backgrounds, students may be required to take one or more of these
preparatory courses. These courses are offered online by the JMU InfoSec program. Students
may decide to take these courses at a local college or university, but prior approval is necessary.
Computer Science Graduate Programs Self-Study Report 2012
20
Many students, with Computer Science background, take the preparatory courses to refresh their
basic computer science skills and knowledge.
Since almost all the students in the program are working professionals, they take two courses
each semester. The program is cohort based, so students who start the program together, usually,
finish the program at the same time, taking the same courses together. This gives students a sense
of community.
Following is a typical cohort schedule for this program (copied from our 2012 Cohort schedule):
Preparatory Courses – 2012
The following four online courses provide a strong foundation for the Master’s program and
students are encouraged to take the courses as refreshers. These courses do not count toward the
hours required for the Master’s degree. CS510 and CS511 are taught every summer, and CS512
and CS515 are taught every fall.
Summer Courses
May 7 – June 29, 2012 CS511: Computer Organization
May 7 – Aug 10, 2012 CS510: Object Oriented Programming
Fall Courses
Starts Aug 27, 2012
CS512: Data Structures
CS515: Foundations of Computer Science
2012 Tentative Cohort Schedule
All courses are offered asynchronously over the Internet. The schedule follows JMU’s calendar
for fall and spring semesters. Course schedules and courses offerings are subject to change with
advance notice to students.
Semester 1
Starts Jan 7, 2013
CS550: Operating Systems
CS652: Formal Methods of Information Security
Summer Course
CS523: Ethics, Law and Policy in Cyberspace
June 4 – July 26, 2013
Semester 2
Starts Aug 26, 2013
Semester 3
Starts Jan 6, 2014
CS555: Secure Software Engineering
CS560: Networks and Network Security
CS633: Computer Forensics
CS627: Cryptography: Algorithms and Applications
Summer 2014 - Summer Thesis Work or Comprehensive Exam Prep
Semester 4
Starts Aug 25, 2014
CS660: Advanced Network Security AND
InfoSec Elective (non-thesis students) OR
CS700: Thesis (thesis approval and research)
Semester 5
Starts Jan 5, 2015
CS625: Secure Operations AND
InfoSec Elective (non-thesis students) OR
CS700: Thesis (continued research, thesis defense)
Computer Science Graduate Programs Self-Study Report 2012
21
InfoSec Electives:
CS621: Software Assurance
CS640: Malware Analysis
CS675: Distributed Computing and Security
CS685: Special Topics
C-2 Curriculum Development and Long-Range Planning
CS department has three separate committees where curriculum and academic policy changes
originate, the Undergraduate Program Committee, Graduate Program Committee (for the oncampus Digital Forensics concentration), and the InfoSec Program Committee (for the
Information Security concentration).
All full time faculty teaching our InfoSec courses participate in our bi-weekly scheduled InfoSec
Committee meetings. Discussions in these meetings include course content, program content,
program issues, program improvement ideas, and recruiting ideas. We also ask our adjunct
faculty for their input, where appropriate and relates to their course or field of expertise.
Based on the recommendations from the last APR, CS established an External Advisory
Committee (EAC), in 2006. The EAC comes to campus, at least once annually for a one-day
meeting. These events consist of meetings with the administrators, faculty, and student to discuss
current departmental issues, and visiting classrooms. An EAC visit ends with a closed session
where they discuss their findings and draft a report. The EAC subsequently submits a report to
the department and the administration, advising the department of its findings and
recommendations.
Computer Science Department also typically has an annual retreat, where we discuss long-range
planning and ways to improve the quality of the education in our department. Faculty retreats
normally are focused on a small number of issues with the goal of problem-solving or achieving
consensus on department goals.
Long-range planning for the department also takes place at the meetings of the CS Executive
Committee, which comprises the department head, all three program directors and one at-large
faculty member. The Executive Committee meets regularly to discuss policy and operational
issues that transcend program boundaries.
Based on the recommendations from the faculty, students (exit surveys and course evaluations),
EAC, CS Executive Committee, and the retreats, the InfoSec committee originates discussions
and proposes changes to the entire faculty, regarding curriculum, policy, and other matters
related to the program. The CS department faculty as a whole makes all the final decisions
concerning curriculum and substantive policy issues.
C-3a Program Evaluation Against National Standards
Due to our program’s efforts, JMU is designated (by National Security Agency (NSA) and the
Department of Homeland Security (DHS)) as a Center of Academic Excellence in Information
Assurance Education (CAE). We are one of the original seven such centers (starting in 1999).
We were re-designated as a CAE by NSA course evaluators several times in the past. Our last re-
Computer Science Graduate Programs Self-Study Report 2012
22
designation was in 2008. We are up for renewal this year, once every 5 years. This is a tedious
and detailed evaluation of our course contents.
We mapped our courses to the Department of Defense standards 4011 - 4015. This mapping
forces us to carefully evaluate the Information Security topics we teach against the Department
of Defense’s (specifically, NSA and DHS) benchmark.
As a CAE member, we participate in the annual Colloquium for Information Systems Security
Education conference, organized by NSA and DHS. The Colloquium's goal is to work together
to define current and emerging requirements for information assurance education and to
influence and encourage the development and expansion of information assurance curricula,
especially at the graduate and undergraduate levels. The Colloquium has become the leading
proponent for implementing courses of instruction in INFOSEC in education.
The InfoSec director also participates in the annual CAE Principals meetings. The main purpose
of these meetings is to share information about different Information Assurance programs
offered across the country, including program descriptions, courses, laboratories, and outreach
activities. These are the best places to network with faculty from other universities and look for
program improvements and collaboration opportunities.
Due to the dynamic nature of our field, our curriculum is re-evaluated, for its relevancy and
possible updates, at the end of each year. We try to identify new developments in the field and
accommodate these in our courses. We have bi-weekly InfoSec Program Committee meetings,
discussing all program level issues and concerns. Major issues and concerns are further
discussed at the department meetings, held bi-weekly as well.
Our Department’s External Advisory Council, high-level managers from government and
industry, meets at least once a year. We discuss our program and courses in these meetings and
ask for their recommendations to improve the quality of education in our program.
a. Department Advisory Committee has been established and met again this year. They
were pleased with the program’s direction and achievements.
b. The advisory board suggested ways to recruit more students. We are doing all we can
to recruit more students. We are hoping to get more recruiting resources for the new
academic year.
Our program has a great reputation in both government and industry. We claim to have one of
the best quality, highly technical, highly interactive, and most comprehensive Information
Security masters programs in the nation. Some of our students indicated that they had up to three
promotions, as they were going through our program. Our graduates have been very successful in
getting high profile jobs (and keeping these jobs for many years) in both government and
industry. This is a testimony to the quality of the education they receive in our program. Please
see the following section for an impressive sample list of positions our alumni hold.
C-3b Responsiveness of the Curriculum to Societal Needs
Almost everybody in the society uses vulnerable technology, including cellular phones, emails,
video chats (Skype and others), Internet browsing, e-banking, and others. Home computers (and
more recently, smartphones) are the most vulnerable systems on the Internet. They are the prime
targets of Cyber Criminals for identity theft, use as botnets to attack other systems, and other
malicious activities.
Computer Science Graduate Programs Self-Study Report 2012
23
Information Assurance awareness is a necessity for the society, in this day and age. We
organized a high school cyber defense completion in the Fall 2008, where we invited high school
students, from all over the state, to campus for a day of training and cyber defense competition.
We have submitted several grant proposals for summer High School Cyber Security Boot
Camps, summer High School Technical Education Teachers Cyber Security Boot Camp, and
summer Community College and University Faculty Cyber Security Boot Camp. We have two
such grant proposals pending review at this point. A major reason for these efforts is to
disseminate Cyber Security knowledge to High School students. In most cases these students are
the System Administrator for their home computers. So, what they learn would be shared with
their family members, helping the most vulnerable users of technology in the society. The main
objective of our Community College faculty Boot camp is also for dissemination of knowledge
to the community. Most colleges don’t have the faculty expertise in Cyber Security. With this
proposal, we would like to teach faculty the fundamentals of security and prepare a canned
course they can take with them to their institutions, so they can teach these critical security skills
to their students for years to come.
D. Program Viability
D-1 Program Viability in terms of State, Regional and National Needs
The Graduate InfoSec program at James Madison University is designed for working
professionals. The program is attuned to the rapid advances in our information society and
incorporates new technologies into the program curriculum. Information Security is covered in
every class as it relates to the course subject matter.
The Commonwealth of Virginia and the surrounding regions are hosts to a large concentration of
government and technology related industries that depend on the availability of competent
information technology professionals. In the Strategic Plan for Technology 2002-2006, the
Governor of Virginia announced a commitment to continued economic development of
Virginia’s technology industry, which will increase the demand for qualified IT professionals in
the state and region.
Security breaches and network attacks cost the country billions of dollars each year, and the
problem is getting worse each year. The InfoSec program helps to fill this need by providing an
education in computing that prepares graduates to develop security solutions today and in the
future.
The InfoSec program curriculum is one of the most comprehensive technical information
Security masters programs in the nation. Our courses are applications oriented and provide
students with a deep understanding of Information Security issues and a practical knowledge of
how to solve them. In addition to the core Computer Science, our graduates also gain deep
understanding of the following areas:
•
•
•
•
•
•
•
Ethical, Legal, and Policy Issues,
Operating Systems Security
Networks and Network Security
Fundamentals of Assurance Technology
Secure Software Engineering
Audit and Secure Operations
Cryptography Algorithms and Applications
Computer Science Graduate Programs Self-Study Report 2012
24
•
•
•
•
•
Formal Methods for Information Security
Advanced Network Security
Digital Forensics
Malware Analysis
Distributed Computing and Security
This practical background enables InfoSec graduates to be immediately productive and to
propagate state of the art knowledge of Information Assurance within the organizations that
employ them. Almost all JMU InfoSec students are working professionals. They are applying the
knowledge and skills learned while earning their master's degree in securing nation’s networks,
systems and infrastructures. Many graduates have used their degrees to obtain promotions and
move into high-level security positions. Following is a sample list of impressive positions held
by our graduates:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Director of National Cyber Security Division, U.S. Department of Homeland Security
Director of Information Security Technology, U.S. Senate
Chief Information Officer, U.S. House of Representatives
Chief Information Security Officer, Department of Homeland Security
Vice President and CIO, Zel Technologies
Director for Communication Infrastructure Protection, The White House
Deputy Director, Computer Science Laboratory, SRI International
Senior Member of Technical Staff, Sandia National Laboratories
Chief, DOD Computer Emergency Response Team
Director of Security Technologies, Northrop Grumman Mission Systems
President and CEO, TWM Associates, Inc.
COO, Prevailance Inc.
CEO, Prevailance Inc.
Vice President, National Security Policy, Verizon Communications
CEO, NACON Consulting LLC
Systems Engineer Staff, Lockheed Martin
Information Security Specialist, Rockwell Automation
Security Engineer, Red River Networks
Instructor for Computer Science, US Air Force Academy
IT Senior Manager, Capital One
Manager of IT Operations/Connectivity, CommScope
Associates, Booz Allen Hamilton
Director, Information Security, CGI Group, Inc
Senior Manager, Symantec Corporation
Information Systems Security Engineer, Raytheon Network Centric Systems
Manager, Cyber Security, Nuclear Energy Institute
Manager, Information Security Compliance, The University of Kansas
Also, three JMU graduates have established a new organization called the Cyber Conflict Studies
Association. Members include employees and staff from the White House, DHS, DoD, NSA,
CIA, DIA and academia and private industry.
Additionally, a number of our students work in local and state institutions and many work in
private sector, mostly in Northern Virginia and greater Washington DC metropolis.
Computer Science Graduate Programs Self-Study Report 2012
25
Training knowledgeable and educated workforce in Information Security is a matter of National
Security concern. With all the cyber crimes reported almost daily and the potential for cyber
attacks on our national infrastructure (financial systems, electric grid, water supply, etc.),
government and the industry leaders realize a great need for highly educated workforce in the
field. The impressive list, above, is a testimony to our program’s contribution to this critical
national need, protecting the nation’s systems and infrastructures.
D-2 Program Size and Needs for Expansion
We would like to have around 22 students in each cohort, for a total of around 65 students in the
program. We believe between 18 and 22 students in each course is optimum, to have quality
discussion on the course subjects and to avoid overstressing faculty. Although we have admitted
around 25 students in past couple of years, economic situations forced many of the students not
to show up. So, we have around 9 students in our latest cohort. This is not healthy and we need
to recruit more students.
We also need at least one more faculty with expertise In Information Security, so we don't rely
on adjuncts to teach any courses.
E. Academic Program Resource Use
E-1 Changes Since the Last APR
During the spring semester of last APR, we had 68 students in the program, with 20 students in
the new cohort (taking their first two core courses in the program), spring 2004. This semester,
spring 2012, we have 40 students in the program, with 9 students in the new cohort (taking their
first two core courses in the program).
We have accepted between 25 and 35 students in each new cohort for past few years. The latest
economic situation is effecting our student population. Most of our students are working
professionals and most are supported financially by their employers.
Last year, we accepted around 35 students. Around 20 students delayed their education for the
next year, due to their employer’s more demanding schedule (they said they have to work around
60 hours a week) and because their employers cut their educational financial support. Around 5
didn’t start because they didn’t feel like they have a secure job (they didn’t know if they would
have a job in few months). Few students quit the program or where dismissed, due to program’s
demand for their time and effort. We ended up with 9 students in our cohort this year. This is the
smallest number of students we have had in a cohort, which is a major concern for us. Our
courses are discussion based and we believe we need at least around 15 students in a course to
get good discussions going. We have around 23 students so far who are supposed to start this
year (we are expecting at least 5 more students between now and May). This is a healthy
number, if at least 20 of them survive the preparatory courses and start with their courses in
spring 2013.
Lowe enrollment has not affected the faculty resource needs of the program, since we have to
offer the same number of courses each semester.
Recently, we changed a couple of courses in the program. We added a Malware Analysis course,
which is being taught as one of the electives we have been offering for last two years. Also, we
made our Computer Forensic course a required course for all students, in place of the Software
Assurance course. This course was not required for the students who were taking the thesis route.
Computer Science Graduate Programs Self-Study Report 2012
26
We believe these two courses are more important than the ones they replace for our students. We
also have in-house expertise in the area, so we don't have to rely on adjuncts for these subject
areas.
E-2 Changes Resulting from Technology
Our program is 100% Internet-based and we have been using the BlackBoard course delivery
system for over ten years. Some faculty record some of their lectures and post the videos to the
BlackBoard. Using the streaming media feature of the BlackBoard, students can easily watch
these lectures.
We have used Skype for Thesis Defense, so committee members who are not on-campus can
participate in the defense.
Some faculty use Camtesia and other available tools to hold occasional live sessions. We, of
course, are available to our students via email and phone.
We are using VMWare and similar technologies in our labs to simulate different devices, so
students can log into our labs, remotely, to work on their projects.
Our faculty is very technology savvy and use technology where they think is appropriate and
adds to the quality of the education students receive.
F. The Role of the Program in the College and University
F-1 University-Wide Efforts
The InfoSec graduate program was established in 1997. We hired at least five faculty with
expertise in different aspects of Cyber Security to teach our courses. Faculty interest has trickled
down to our Computer Science undergraduate majors. We established an Information Security
Certificate program at the undergraduate level. Students who finish this certification program
receive the Information Systems Security (INFOSEC) Professionals (NSTISSI No. 4011)
certification, approved by the National Security Agency and the Department of Homeland
Security.
With all the Cyber Security activities in the department, we established a Cyber Defense club
where students (mostly undergraduates) meet once a week in our Cyber Defense lab to get
hands-on experience on the latest tools available to them in the lab. Our Cyber Defense Club
team (consisting of at least 6 undergraduates and up to 2 graduates) has been participating in the
regional Cyber Defense competitions for past 7 years. Our team has an excellent reputation in
Mid-Atlantic region and they have always been ranked very close 2nd and 3rd in these
competitions (part of the annual National Collegiate Cyber Defense Competitions). This makes
our undergraduate students highly marketable.
Also, faculty expertise in Cyber Security enabled us to change our on-campus graduate program
to Digital Forensics masters program, which is one of the few highly technical masters programs
in Digital Forensics in the nation.
Because of this program, JMU is designated as one of the original 7 National Centers of
Academic Excellence in Information Assurance Education. This designation makes our students
and faculty eligible to apply for DoD Information Assurance Scholarships and the National
Science Foundation’s Scholarship for Service Scholarships. Our students have received several
Computer Science Graduate Programs Self-Study Report 2012
27
generous full-ride DoD Scholarships and the faculty has received few hundred thousand dollars
of capacity building grants, over the years.
Our InfoSec program helped the Master of Business Administration (college of Business) to
establish their MBA with InfoSec concentration, in early 2000.
F-2 Commitment of Students and Faculty to College and University-Wide Efforts
The Computer Science faculty is highly involved in efforts across campus. The following list
gives some idea of the extent of our involvement.
•
•
•
•
•
•
•
•
•
Taz Daughtrey served on the Quality Enhancement Plan committeee in 2011 as part of a
University- wide quality improvement effort. Furthermore, he served as a coach for one
of the five finalist proposals.
Ralph Grove works with others in the community to run a regional First Lego League
competition (2007-2011). In 2011 over 500 teams came to JMU to participate.
Christopher Fox was part of the committee that obtained a chapter of Phi Beta Kappa for
JMU (2008).
David Bernstein assisted writing two University-Wide proposals to the Howard Hughes
Medical Institute (2007 and 2011).
Christopher Fox was in the search committee to select a new Director of the Honors
Program (2006).
J. Archer Harris worked on revisions of the JMU Faculty Handbook (2009).
• Nancy Harris and Taz Daughtrey were both faculty associates of the JMU Center for
Faculty Innovation (Harris 2006-2009, Daughtrey 2007-2010).
Christopher Fox is a member of the committee to establish a Logic Institute at JMU
(2011).
Florian Buchholz has served on the Dingledine Scholarship faculty panel (2010-2012)
Students are also involved. The following list illustrates examples.
•
•
•
CS students assist in enrichment activities in both the morning and afternoon of the
weekend in December when the First Lego League statewide competition occurs.
CS students participate on a panel to describe their JMU experience for the Universitywide Choices presentations recruiting event, and talk to families after the session during
the open house which follows. One of our students participated in the university wide
opening session as well (2004-2011).
Our Cyber Defense team has been asked to talk about their experience in Cyber Defense
competition to JMU visitors from industry, in many occasions.
G. The Role of Students and Alumni in the Program
G-1 Students
Student Organizations—The CS department supports four student organizations:
ACM Student Chapter—This club meets regularly to sponsor various activities, including a
movie night, a Linux install fest, talks by recruiters, employers, and alumni, and so forth. Up
until 2009, the chapter also regularly competed in the programming contest.
CyberDefense Club—This club meets the learn cyber defense and enters teams in the
National Collegiate Cyber Defense Competition. A lab is available for their use. In 2011, the
Computer Science Graduate Programs Self-Study Report 2012
28
JMU team placed second in the Mid-Atlantic Regional Cyber Defense Competition.
Forensics Club—This club meets to study computer forensics and does activities like
presentations of interesting topics and tools, participation in national forensics challenges,
provision of data recovery services and development of custom tools. The group has
established a partnership with the JMU Police Department to provide support for some of
their technical problems and to learn about computer crime investigations. In 2011, the club
placed sixth in the HoneyNet challenge, the highest ranking for a student team.
Upsilon Pi Epsilon Honors Society—This group honors excellence in computer science
scholarship and inducts members every year as part of the CS awards night. Eleven students
were initiated in 2011. UPE this year launched a LaTex tutorial web site.
In addition, a new Women in Technology student organization was established in 2011 with
Nancy Harris as co-academic advisor. This group has student members from Computer Science,
Computer Information Systems, Engineering, Integrated Science and Technology, and
Biotechnology.
G-2 Alumni
Alumni Involvement—One of the major recommendations of the last APR was that CS
establish an External Advisory Committee. Such a committee was established in 2006 and a
number of our alumni are members of the committee. The EAC comes to campus annually for a
one-day meeting. These events consist of meetings with administrators, faculty, and student to
discuss current departmental issues, visits to classrooms, and closed sessions where the EAC
decides on recommendations to the department. The EAC subsequently writes a report advising
the departments of its findings and recommendations.
At least once a year we send emails to our alumni, asking them for help in recruiting students.
We have a number of students each year who are referred by our graduates.
H. Assessment Findings on Student Learning Objectives
H-1 Assessment Findings
H-1a Course Based Assessment Mechanism Findings
To date the Information Security program has explicitly solicited feedback from students through
end-of-course surveys for each course and an end-of-program survey taken by graduating
students. Additional insights are available from in-course assignments, although they have not
been used as systematically as they might.
1. Course Assignments and Exams – Students have projects and assignments to complete and
turn in by their due dates in each course. They are also required to take a comprehensive final
exam for each course. The comprehensive exams are taken at professional testing centers,
requiring government issued ID.
Graded course assignments and exams are based on the objectives of each course, which in
turn map to the overall objectives of the program.
Instructors can informally use data such as average grade or percentage of students who
answered an item correctly to gauge the effectiveness of teaching and learning for that
content.
Computer Science Graduate Programs Self-Study Report 2012
29
2. Course Evaluations by Students — We pay attention to course evaluations done at the end
of each semester. This helps us in improving the quality of the courses we teach and keep
track of the quality of instruction.
Standardized surveys are administered to students near the end of each course. The survey
items are designed to identify student perceptions of those instructor behaviors that have
been identified in the literature as most closely related to student achievement. Instructors use
course evaluations to make improvement to individual courses. The data is also examined by
the program committee in annually scrutinizing the program for improvement opportunities.
H-1b Non-Course-Based Assessment Mechanism Findings
1. Comprehensive exams: Students have a culminating experience through either a
comprehensive examination or a thesis. Each method provides insights for evaluation at a
program-wide level.
Comprehensive exams provide evidence of student success in relation to the core courses of
the program. Students are given a comprehensive exam covering at least 4 major areas of
study in Computer Science and security. Questions are chosen to see how students can put
together a solution that covers knowledge they have gained throughout the program (not just
the areas they are tested on). The emphasis is on a comprehensive solution to the problems
asked. The four core areas chosen for Comprehensive Exam include Operating Systems,
Networks and Network Security, Secure Software Engineering, and Cryptography. Please
note that these four general areas encompass all aspects of Information Security/Assurance.
These cover Systems and System Security, Networks and Network Security, Software and
Software Security, and Cryptography that is applicable in the other major areas of Security.
So, the Comprehensive Exam is designed to directly assess major objectives of the program.
A record of exam results since 2003 is available.
2. Graduate Exit Survey: All graduating students are also surveyed about global and topicspecific issues, during the last semester in the program. Historically there has been a very
high response rate, with numerous helpful observations and suggestions.
We used to require graduating students to write an essay, reflecting on their education
experience and make recommendation on what we can do to improve the quality of the
education they receive. These essays are available from the program office to all interested
faculty. We replaced the essay to a survey, for the past two years, submitted as part of this
document (please see appendix for the survey results for past two years), reflecting on what
students have learned, what effect the program has had on their career, and what
improvements they suggest for the program. Almost unanimously, graduating students are
very positive about their education and many indicate they have learned way more than what
they expected.
General Info/Relationship to Objectives/Validity Evidence: The Graduation Survey was
created internally by the program’s faculty two years ago. It was written to be an indirect
measure of our program’s objectives. The survey has three major parts, Program Satisfaction,
Curriculum Coverage, and An Additional Comments/Thoughts section. First two parts have
several questions and justification for their answers. Each item asks students to identify their
Computer Science Graduate Programs Self-Study Report 2012
30
level of perceived growth in components of each objective using the following scale:
(Strongly Agree, Agree, Neutral, Disagree, and Strongly Disagree). We are extremely
pleased with the scores and explanations we have received for past two years (since the
survey’s inception)
Data Collection: All graduating students take the graduation Survey at the end of their final
semester. In spring 2011, 8 out of the 10 students who were graduating completed the survey.
At the beginning of the each academic year, September, Information Security Committee
takes a close look at the survey results and recommendations. We then decide to act on the
recommendations that will improve the quality of education for our students.
3. Due to our program’s efforts, JMU is designated (by National Security Agency and the
Department of Homeland Security) as a Center of Academic Excellence in Information
Assurance Education (CAE). We are one of the original seven such centers (starting in 1999).
We were re-designated as a CAE by NSA course evaluators in 2008 (we will be up for
renewal once every 5 years). This is a tedious and detailed evaluation of our courses.
4. We mapped our courses to Department of Defense standards 4011 - 4015. This mapping
forces us to carefully evaluate the Information Security topics we teach against the
Department of Defense (specifically, the National Security Agency and the Department of
Homeland Security) benchmark.
5. Due to the dynamic nature of our field, our curriculum is re-evaluated, for its relevancy and
possible updates, at the end of each year. We try to identify new developments in the field
and accommodate these in our courses. We have bi-weekly InfoSec Program Committee
meetings, discussing all program level issues and concerns. Major issues and concerns are
further discussed at the department meetings, held bi-weekly as well
6. Our Department’s External Advisory Council, high-level managers from government and
industry, meets once a year. We discuss our program and courses in these meetings and ask
for their recommendations to improve the quality of education in our program.
7. Department Advisory Committee has been established and met again this year. They were
pleased with the program’s direction and achievements.
8. The advisory board suggested ways to recruit more students. We are doing all we can to
recruit more students. We are hoping to get more recruiting resources for the new academic
year.
9. We have a great reputation in both government and industry. We claim to have one of the
best quality, highly technical, highly interactive, and most comprehensive Information
Security masters programs in the nations. Our graduates have been very successful in getting
high profile jobs (and keeping these jobs for many years) in both government and industry.
This is a testimony to the quality of the education they receive in our program; please see a
sample list in next section).
We are working on ways, so we can quantify these assessments.
H-2 Quality of the Program’s Assessment Activities
Program objectives are currently more descriptive of technical content than of student learning
outcomes. They need to be restructured in order to allow both course-based and non-course-
Computer Science Graduate Programs Self-Study Report 2012
31
based assessment items to be mapped to student learning outcomes. This restructuring would
allow individual courses to identify which specific learning outcomes should be assessed within
that course.
The previous Graduate APR stated, “Though the InfoSec program has some regular assessment,
primarily qualitative, of graduating students, there has been little ongoing regular assessment of
the graduate program. The ad-hoc assessment done for this report is a good starting point for
developing a regular assessment program that will provide ongoing feedback to the department
about how well the program is meeting its goals. Assessment components could include student
surveys, employer surveys, exit interviews (already in place in the InfoSec program), course
evaluation data, comprehensive exam results, and student grades.”
Some of these steps have been taken, including surveying students within courses and
considering comprehensive examination results. A more explicit statement of student learning
outcomes would allow more direct assessment within and across courses.
Computer Science Graduate Programs Self-Study Report 2012
32
IIIb. Computer Science Graduate Digital Forensics Program Narrative
A. Digital Forensics Program History and Mission
A-1 History of the program
The mathematics and computer science department began offering graduate courses in computer
science as part of the MS program in mathematics in 1985. A graduate program in computer
science was approved that year, and the MS program in computer science was offered for the
first time in 1986. The program required 30 credit hours with a core of 18 hours consisting of
courses in programming languages, operating systems, database systems, and software
engineering, as well as electives in complexity theory, numerical methods, and topics in
computer science. The program did not change until 1992, when the core was changed to 12
credit hours in operating systems, applied complexity theory, programming languages, and
database systems; the remaining 18 hours were electives chosen from these areas as well as
software engineering, numerical analysis, or a variety of other topics such as artificial
intelligence and natural language processing.
The graduate program was always small, and students typically had a great deal of difficulty with
the comprehensive examinations. Consequently discussions took place in the mid-1990s about
ways to increase enrollment and ease the burden of the comprehensive examinations, which
culminated in the introduction of a radically new computer science graduate program in 1997.
The program had three core courses in operating systems, database system, and software
development (a combination of software engineering and programming languages). Each core
course was the first in a series of three courses leading to certificates in networks and data
communications, database management systems, and software engineering. The certificate
programs were intended to attract enrollees from the community who might then complete the
entire MS program (still 30 credits consisting of 9 credits in the core plus 21 credits of electives).
The new graduate curriculum was both a success and a failure. The certificate program did
attract many more students, but few continued in the program after completing a certificate.
Meanwhile, concern grew about the qualifications of graduates from a program with such a small
core. Concern also grew regarding the quality of students in the program. As a result of these
concerns regarding the program quality, the department toughened admission standards
beginning in 2001, and changed the curriculum in 2003. That new curriculum featured a 36-hour
concentration in Secure Software Engineering (SSE), a combination of information security and
software engineering. The core of this program consisted of 18 hours in operating systems,
database systems, software engineering, programming languages, applied complexity theory, and
information security. The program required an additional six hours in each of software
engineering and information security. Finally, students had to complete six hours of thesis or
elective courses. While the faculty was quite happy with the rigor, content, and format of this
program, student enrollment remained low.
In 2005, based on the recommendations of the last APR in 2004, the Graduate Program
Committee, started working on a five-year combined BS/MS program, that would allow
Computer Science undergraduate students to enroll in the SSE program with only an additional
year of studies. The rationale was to make the program attractive to our own undergraduates
through the accelerated schedule. The five-year program was first offered in the 2006-2007
Computer Science Graduate Programs Self-Study Report 2012
33
academic year. While the combined program attracted a certain number of students, the overall
enrollment did not go up, on average. A subsequent switch to a concentration in Secure Software
Systems (SSS) for the 2008-2009 academic year with slight changes in the curriculum (the
Applied Complexity Theory course – CS 552 – was added as a required course, replacing the
Secure Software Requirements and Architecture course – CS 664) also effected no change on the
low enrollment numbers.
The Computer Science Department faculty began in the fall of 2008 to discuss the future of the
on-campus graduate program. Enrollment was not going up, thus there was no growth as hoped
for when the concentration was created. Furthermore, with the loss of Sam Redwine, who retired
after the 2008-2009 academic year, the number of faculty who would be able to teach some of
the specialized software engineering courses was drastically reduced, and there were concerns
about faculty becoming tired of having to teach the same graduate courses repeatedly.
Thus, the CS faculty solicited proposals as to where to move next for the on-campus graduate
program. By the beginning of the 2009 Spring Semester, there were four proposals for new
directions, as well as a proposal to continue on as before, and one to eliminate the on-campus
graduate program. The four proposals for new directions were (in order they were presented to
the faculty): a Career Change Master's program (aimed at B.S. students without a CS degree), a
Ph.D./Master's program with a concentration in Information Security, a Master's program with a
concentration in Digital Forensics, and a Master's program with a concentration in Interactive
Software Engineering. In five rounds of voting (where one option would be eliminated in each
round), the faculty voted to further explore the Digital Forensics concentration. Florian
Buchholz, who spearheaded the proposal, has since led the effort to develop the program.
The proposal for the Digital Forensics program posited that there is a wide range of reasons why
students enroll in a particular program:
•
•
•
•
•
Employment prospects
Quality
Popularity of the subject matter (is it fun to learn, fun to do research; there needs to be
something that engages students)
Prestige of institution/program
Opportunities for students to get involved beyond the classroom (internships, research,
student interest groups)
Obviously, financial support for students also plays a very large factor, and will need to be
addressed. Also, employment prospects and quality of the program cannot be the only important
factors that attract graduate students, as both of those had been very good with the existing SSS
program. The proposal addressed how Digital Forensics would address all listed factors as
follows:
•
•
Employment prospects should be very good with a growing number of crimes having a
digital component, and a need for experts in the areas of law enforcement, intelligence
agencies, insurance companies, corporate incident response teams, as well as the
consulting sector.
A quality program in Digital Forensics can be offered in the department based on the
quality of the existing core Computer Science courses, the long history of having a
quality Information Security concentration, and Florian Buchholz's expert knowledge in
the Computer Forensics domain.
Computer Science Graduate Programs Self-Study Report 2012
34
•
•
•
Regarding the popularity of the topic, Florian Buchholz had previously taught Computer
Forensics at both the undergraduate and the graduate levels. Student evaluations regularly
were well above average, and student comments about the course included the following:
o “One of the best CS courses at JMU,”
o “Overall, I thought this was one of the most eye-opening, exciting, and
challenging courses that I have taken at JMU,”
o “It made me consider Computer Forensics as a career.”
JMU is a highly respected institution with a reputation for producing quality graduates.
Regarding the prestige of the new program, very few graduate programs existed that
would look at Digital Forensics from a Computer Science perspective (and not many new
ones have since emerged). Thus, the department has the opportunity to establish one of
the leading programs in the country.
A student group that focuses on computer forensics already exists within the department.
Furthermore, opportunities for new students to get involved should be provided through:
o building partnerships
o grants – capacity building; STEM; education; research
o outreach – support for local law enforcement; services for community
o certification
o research – encourage M.S. theses and publication; educational
conferences/journals
A requirement for the new concentration would be to make do with existing resources and
faculty expertise. Thus, for the Digital Forensics concentration, both short-term and long-term
plans were developed. The short-term plan looked at the minimal changes necessary to change
the existing SSS curriculum to one with a forensics focus. The long-term plan would then
consider the ideal structure of a Digital Forensics concentratio, should there be no constraints
regarding faculty expertise.
To get a feel for the demand for a graduate-level CS digital forensics program, and to see how to
best structure the curriculum for the short-term and long-term plans, members of the forensics
program committee conducted a market survey among potential employers (for details see
Section C-2). Based on the market survey and the existing SSS curriculum, the committee
developed a curriculum for the short-term by keeping the existing curriculum with the following
changes:
•
•
•
•
Eliminate the Software Engineering courses (CS 555 and CS 666) and the Database
course (CS 574) from the list of required courses.
Require the Operating Systems course (CS 550) for all students (including the 5-year
program students).
Add a Compilers course (CS 630) and a Malware Analysis course (CS 640) to the
curriculum.
Allow non-thesis students to take three elective courses (instead of two in the previous
concentration), and thesis students to take one elective course (instead of zero).
At the end of the 2009-2010 academic year, Dr. Malcolm Lane retired as the department head of
the Computer Science Department. Dr. Sharon Simmons was hired, starting her appointment in
the 2010-2011 academic year. Furthermore, the department (unsuccessfully) attempted to hire
new tenure-track faculty during that time period. The faculty therefore decided not to
Computer Science Graduate Programs Self-Study Report 2012
35
aggressively pursue the new concentration until it was sure that there would be support for it
from the new department head as well as consensus among the faculty that it is worthwhile to
pursue. Thus, during the 2009-2010 academic year, little progress was made toward the new
concentration.
During the 2010-2011 academic year, significant progress was made on curriculum
development. These efforts enabled the Computer Science Department to begin offering the
Digital Forensics concentration in the 2011-2012 academic year. As the focus on curriculum
development precluded significant recruiting effort, the program started with a cohort of 10
graduate students.
In the 2011-2012 academic year, the main focus was shifted to recruitment. Word of the new
program has been disseminated throughout the State of Virginia as well as universities’
Computer Science department with a security focus on a national scale. Furthermore, Profs.
Buchholz and Heydari were successful in obtaining a grant from the National Science
Foundation’s “Federal Cyber Service: Scholarship for Service” program. This program funds full
scholarships for students that agree to work for a federal, state, or local agency after graduation.
For the 2012-2013 academic year, there is funding for 5 graduate students, funding for 6
additional graduate students the year after that, and possible funding for 8 further graduate
students in the following year.
A-2 Current Mission Statement
The mission statement for the graduate Digital Forensics program is the following:
To offer quality education in digital forensics from a computer science perspective through a
systems-oriented curriculum that provides the skills and knowledge needed to support digital
investigations.
A-3 Mission Statement Development
The Forensics Program Committee developed this mission statement in April 2011.
A-4 Support of College and University Statements
University and College Mission Statements—The JMU mission statement is the following.
We are a community committed to preparing students to be educated and enlightened
citizens who lead productive and meaningful lives.
The mission statement of the College of Integrated Science and Technology is the following.
To educate students in the areas of the applied sciences, health, technology and human
services, as well as to prepare them to enter professions or to undertake advanced study.
The Digital Forensics program mission accords with the University mission in that offering a
quality education and the necessary skills and knowledge in the field are essential for leading
productive lives and to be considered educated and enlightened. The mission statement also
resonates with the College mission statement. Computer Science is very much an applied
science, and the program’s mission directly aims at preparing our graduates to enter the
professions of a digital forensic investigator or computer scientist.
Computer Science Graduate Programs Self-Study Report 2012
36
B. Program Goals and Objectives
B-1 Program Objectives and Mission
After completing the program, a graduate of the Digital Forensics concentration should be able
to:
1. demonstrate an understanding of operating systems and networks commensurate with
conducting a digital forensic investigation:
a. analyze a file system
b. analyze system memory
c. analyze network traffic
d. identify and analyze operating system audit data
2. design and assess system-level, large-scale computer programs
3. demonstrate fundamental forensic knowledge:
a. explain and apply the forensic process
b. explain of laws relevant to digital evidence
c. explain the technical problems that arise during computer forensics investigations
4. conduct computer software analyses and perform reverse engineering on binary code:
a. analyze assembly code and explain what it does
b. identify and explain how a compiler optimizes high-level code
c. disassemble unknown binaries and assess their functionality
d. identify and circumvent code obfuscation techniques such as packing and payload
encryption
e. explain how shellcode works and how it uses system library functions
5. evaluate data organization and perform data processing for the purpose of analyzing
digital evidence:
a. search for data with certain characteristics
b. manage and process large scale evidence
c. apply indexing algorithms and techniques
d. parse data formats and extract forensically relevant information from them
6. design efficient algorithms and evaluate their complexity
7. demonstrate a strong security background:
a. identify common attacks based on the audit trail they leave behind
b. demonstrate fundamental cryptography and cryptanalysis concepts
c. assess appropriate techniques to defend a computing system against attacks
d. explain how rootkits and malware function
e. explain evasion techniques (attackers, malware)
8. apply their knowledge and general techniques to solve problems they have not
encountered before
9. compose presentations, conveying the results of analyses to the appropriate target
audience
Computer Science Graduate Programs Self-Study Report 2012
37
B-2 Activities Supporting Achievement of Goals and Objectives
The programmatic objectives have been mapped onto courses offered within the program where
these objectives are addressed, as shown in the table below.
Objective
1a: Analyze a file system
1b: Analyze system memory
1c: Analyze network traffic
1d: Identify and analyze operating
system audit data
2: Design and assess system-level,
large-scale computer programs
3a: Explain and apply the forensic
process
3b: Explain of laws relevant to
digital evidence
3c: Explain the technical problems
that arise during computer forensics
investigations
4a: Analyze assembly code and
explain what it does
4b: Identify and explain how a
compiler optimizes high-level code
4c: Disassemble unknown binaries
and assess their functionality
4d: Identify and circumvent code
obfuscation techniques such as
packing and payload encryption
4e: Explain how shellcode works
and how it uses system library
functions
5a: Search for data with certain
characteristics
5b: Manage and process large scale
evidence
5c: Apply indexing algorithms and
techniques
5d: Parse data formats and extract
forensically relevant information
from them
6: Design efficient algorithms and
evaluate their complexity
7a: Identify common attacks based
on the audit trail they leave behind
7b: Demonstrate fundamental
Courses/Experience
CS 550, CS 633
CS 550, CS 633
CS 610, CS 633
CS 633
CS 530, CS 550
CS 633
CS 633
CS 633
CS 630, CS 640
CS 630, CS 640
CS 640
CS 640
CS 640
CS 552
CS 633
CS 552
CS 630, CS 633
CS 552
CS 557, CS 633, CS 635
CS 557
Computer Science Graduate Programs Self-Study Report 2012
38
cryptography and cryptanalysis
concepts
7c: Assess appropriate techniques to
defend a computing system against
attacks
7d: Explain how rootkits and
malware function
7e: Explain evasion techniques
(attackers, malware)
8: Apply their knowledge and
general techniques to solve problems
they have not encountered before
9: Compose presentations,
conveying the results of analyses to
the appropriate target audience
CS 557, CS 635
CS 640
CS 635, CS 640
Many courses will contain homework
or projects where the student is faced
with a scenario not fully covered in
the class lectures. This lies within the
discretion of the instructor for each
respective course.
Students will have to give
presentations on projects and submit
written reports in various courses.
This lies within the discretion of the
instructor for each respective course.
Non-thesis students also have to pass
a comprehensive assessment, for
which they need to work on a project
that encompasses areas from multiple
courses and give a talk describing it.
Thesis students need to give a
presentation about their work as part
of their thesis defense.
Besides class work, the clubs sponsored by the CS department help achieve these goals, as
follows:
ACM Students Chapter—Promotes teamwork and communication skills in planning and
carrying out club activities. Promotes technical knowledge of various kinds by holding
technical talks, UNIX install meetings, and so forth. Promotes design and programming skill
by participating in programming contests.
CyberDefense Club—Promotes teamwork and problem solving in cyber defense
competitions. Students also learn a lot about professionalism and ethics, operating systems,
networking, data structures, and algorithms.
Forensics Club—Allows students to learn about professionalism and ethics, problem
solving, communication, computer organization, operating systems, data structures, and
algorithms.
Upsilon Pi Epsilon Honors Society—Promotes teamwork and communication skills in
planning and carrying out club activities.
Women in Technology—Promotes teamwork and communication skills in planning and
Computer Science Graduate Programs Self-Study Report 2012
39
carrying out club activities, and provides leadership role models for women in technological
careers.
B-3 Faculty Role in Achieving Goals and Objectives
In addition to teaching all courses for the program, faculty members advise the ACM student
chapter and the CyberDefense and Forensics clubs. Faculty members also engage with students
through Master’s thesis supervision and independent studies. This engagement provides students
with the opportunity to explore particular topics in greater detail, thus enabling the customization
of program objectives to better match student interests. Faculty members also lead computer
science activities outside of the classroom such as programming, cyber defense competitions,
and participation in forensics challenges. These activities further contribute to department
objectives.
The curriculum and objectives of the department are actively monitored and updated by the
faculty. The Forensics Committee, consisting of CS faculty members with a special interest in
digital forensics and security, brings curriculum changes to the entire CS faculty for
consideration.
C. Program Structure and Reputation
C-1 Current Structure of the Program
The current program is a 36-credit Master’s program. Students take required core classes from
Computer Science, Information Security, and Digital Forensics areas. Every student in the
program will take at least one elective course. Students also have the option of pursuing a thesis
project, which will count as six credits of elective work. Students who do not pursue a thesis will
need to take three elective courses. The program requirements are as follows:
Minimum Requirements
Credit Hours
CS 530. Programming Languages
3
CS 550. Operating Systems
3
CS 552. Applied Complexity Theory
3
CS 557. Information Security
3
CS 610. Networking and Security
3
CS 630. Complier Theory and Implementation
3
CS 633. Computer Forensics
3
CS 635. Secure Network Operations
3
CS 640. Malware Analysis
3
Approved elective
3
30
Thesis Route
Credit Hours
CS 700. Thesis
6
36
Non-Thesis Route
Credit Hours
Approved electives
6
36
The following is the recommended course sequence:
Computer Science Graduate Programs Self-Study Report 2012
40
Semester 1 (Fall)
CS 530 Programming Languages
CS 550 Operating Systems
CS 552 Applied Complexity Theory
Semester 2 (Spring)
CS 557 Information Security
CS 630 Compiler Theory and Implementation
CS 633 Computer Forensics
Semester 3 (Fall)
CS 610 Networking and Security
CS 640 Malware Analysis
Elective / Thesis Research
Semester 4 (Spring)
CS 635 Secure Network Operations
Elective
Elective / Thesis Research
There is also a five-year combined BS/MS program, in which students enrolled in our
undergraduate program can obtain the MS degree in addition to the BS degree within five years
of study. To achieve this, students need to complete much of their undergraduate work before
their second semester as a senior. In the fall semester of their senior year, they will take one
graduate-level course in addition to their undergraduate course load. In their senior spring
semester, they will take the same graduate courses as the first-year “regular” graduate students.
To accommodate for the compressed schedule, the five-year graduate program is only a 30-credit
program, and the students are waived the CS 530 (Programming Languages) and CS 552
(Applied Complexity Theory) requirements. Students in our undergraduate program are required
to take a Programming Languages course (CS 430), and we are encouraging applicants to the
five-year program to also pursue the undergraduate Design and Analysis of Algorithms course
(CS 452), which is an elective. The program requirements for the five-year program are as
follows:
Minimum Requirements
Credit Hours
CS 550. Operating Systems
3
CS 557. Information Security
3
CS 610. Networking and Security
3
CS 630. Complier Theory and Implementation
3
CS 633. Computer Forensics
3
CS 635. Secure Network Operations
3
CS 640. Malware Analysis
3
Approved elective
3
24
Thesis Route
Credit Hours
CS 700. Thesis
6
30
Non-Thesis Route
Credit Hours
Approved electives
6
Computer Science Graduate Programs Self-Study Report 2012
41
30
C-2 Curriculum Development and Long-Range Planning
The Graduate Program Director for the Digital Forensics program heads the Forensics Program
Committee. The committee monitors the graduate on-campus curriculum based on feedback
from students, faculty, and employers, does long-range planning, and develops curriculum
proposals. The Forensics Program Committee often brings issues to the entire faculty for
discussion and advice. Furthermore, the faculty members hold retreats in the summer to discuss
outstanding departmental issues, including long-range planning and curriculum issues.
The Forensics Program Committee is responsible for writing up formal program and course
proposals. When the committee has finalized such a proposal, it is brought to the department’s
Curriculum and Instruction (C&I) Committee, which is the committee of the whole. This
committee (in other words, the faculty) must approve any proposal before it can move on in the
approval process. Thus the entire faculty is involved (in varying degrees) in long-range planning
and curriculum development.
To get a feel for the demand for a graduate-level CS digital forensics program, as well as to see
how to best structure the curriculum for the short-term and long-term plans, we conducted a
market survey among potential employers. We assembled a list of potential survey candidates,
obtained contact information for them, and arranged for a phone interview to ask specific
questions about hiring graduates from forensics programs and skills the employers would like to
see when hiring. We explained to them the nature of the program that we envisioned and asked
them the following set of questions:
1. We are trying to gauge the market for graduates of a Computer Science Master's degree
that focused on Computer Forensics. Do you believe there is a market for such graduates?
Specifically for your company or organization, do you think you would hire graduates
from such a program in the foreseeable future?
2. Has your company/organization hired people for computer forensics positions? [If not,
skip to question #6.]
3. What skills do you value when hiring? What skills are essential and which others are
desired?
4. When looking at candidates applying for a computer forensics position in your
organization, what sort of deficiencies have you observed regarding their skills?
5. After hiring people for computer forensics positions were there any particular areas in
which you still needed to train them?
6. Would you be interested in establishing partnerships regarding research collaborations,
scholarships, internships, site visits, and/or guest lectures?
7. Do you know of any other companies/organizations that would be interested in our
program?
Out of the roughly 25 entities that were contacted, we received responses from the following 11:
•
•
•
•
Architecture Technology Corporation (Gov. Contractor)
Booz Allen Hamilton (Industry)
Capital One (Industry)
Computer Sciences Corporation (Industry)
Computer Science Graduate Programs Self-Study Report 2012
42
•
•
•
•
•
•
•
DoD Defense Cyber Crime Institute (Government)
Gemini Security Solutions (Industry)
General Electric (Industry)
Johnson and Johnson (Industry)
Mitre (Gov. Contractor)
Nuclear Energy Institute (Industry)
Symantec (Industry)
In summary, 10 of the 11 people interviewed agreed that there is a high demand for graduates of
a graduate-level Computer Science-based forensics program (the contact at NEI felt that this was
not part of their expertise, so the interview ended with Question 1). Out of the remaining 10
entities, 8 had recently hired people for computer forensics positions. The top responses for
desired skills were (in order, starting with the most desirable ones):
•
•
•
•
•
•
presentation skills
malware analysis skills
network analysis skills
understanding of file and operating systems
strong programming skills
familiarity with memory analysis
The top deficiencies were:
•
•
•
•
a lack of presentation skills
malware analysis skills
network analysis skills
general Computer Science expertise
The detailed answers to Questions 3 through 5 are listed below, together with other things that
were discussed in the phone interview that were relevant to the program:
Question 3: What skills
do you value when
hiring? What skills are
essential and which
others are desired?
•
•
[They prefer to] hire candidates with BS Computer Science (or
EE). They look for broad expertise across the digital forensics
area, including network analysis, basic malware analysis, media
analysis, memory analysis.
[They consider] depth, but rarely look at someone that has a
limited focus, say just using EnCase or some other tool to do what
[they consider] "traditional" computer forensics.
Critical thinking, analytical skills, programming, and effective oral
and written communication are all critical skills. More than just
one field of knowledge in the area is desired.
Essential skills:
o Investigators with skills in:
 forensics software (e.g. Encase and FTK)
 Incident handling/ Incident response
 ethical hacking
o Must understand a variety of OSes (in order of importance):
 Windows
 Linux
 Mac OS
Computer Science Graduate Programs Self-Study Report 2012
43
•
•
•
•
o Must understand malware (what it is and what it does), how to
clean up after it, and reverse engineer it.
Capturing packet traces
evidence handling
Essential:
Basic scripting (One of these: Perl, Python, Ruby)
Basic object oriented development (Java or C# would be best)
Solid System Admin Skills (Windows and Linux)
Knowledge of correct forensic processes (chain of custody, etc)
Solid Networking Skills (ability to read packet captures,
understand routing and switching, etc)
General Security Knowledge (the ability to understand the big
picture and put tactical items in perspective)
Basic Reverse Engineering (live analysis of a malware.. what
connections does it make, etc)
Good written communication
Desired:
Advanced Reverse Engineering (deobfuscation, unpacking, live
memory forensics, rootkit detection and evaluation, etc.)
Advanced scripting and programming (candidates have to be able
to write small scripts to automate tasks, but it would be best if they
could write complete tools
There are a lot of skills we desire when hiring someone and it
really depends on the position (there are 4 or 5 different groups
within the GE-CIRT). Generically, I would say the following are
essential:
- Knowledge of networking (IP packets, protocols, etc)
- The ability to analyze network based alerts, packets or protocols
- Creativity
- OS knowledge - Windows definitely, UNIX is a plus
- Forensics analysis skills (disk based analysis, log analysis)
Desired Skills:
- Malware Analysis/Reverse Engineering
- Programming (knowing at least 1 programming or scripting
language should be a req't IMO)
- Pen testing knowledge
Written communication
ability to learn a new technology
understanding OS and networking protocols
understanding filesystems
firewalls
See the whole picture. Malware analysis; deep understanding,
kernel knowledge. As many programming languages as possible, a
lot of scripting, reverse engineering, OSI model, understanding of
where things occur.
Computer Science Graduate Programs Self-Study Report 2012
44
•
•
•
Question 4: When
•
looking at candidates
applying for a computer
forensics position in
•
your organization, what
sort of deficiencies
•
have you observed
regarding their skills?
•
•
•
•
•
•
Question 5: After hiring •
people for computer
forensics positions were •
there any particular
areas in which you still •
needed to train them?
•
Hands-on experience with Encase
Be able to run a case from beginning to end
Must know:
- filesystems
- O.S.
- network intrusions
- searching large data sets
Remediation
Understand current technology. Able to adapt. Articulate a
problem.
Lots of folks that have experience in a small number of tools. They
see lots of resumes of criminal justice folks that have been doing
this sort of work, but don't have solid CS skills.
Technically usually pretty good. Deficiencies usually in process,
evidence handling, and presentation
Lack of experience is a big one. Any efforts that you can make to
get internships, etc will be very important. Also, there seems to be
a general lack of solid fundamentals of computer science (he has
had candidates that could not distinguish between encryption and
encoding, candidates that did not clearly understand hashing, etc).
Other than the "point and click" deficiencies I mentioned before,
we've seen a lot of people that were lacking true experience. To
me, experience is really key. That being said, we've interviewed
(and hired) people who were just out of school and didn't have
formal experience, but had worked on projects on their own or in
school that showed they knew how to apply their knowledge.
We've also seen people who had 10 years of work experience
doing forensics or IR that couldn't do the things they said they
could.
Documenting and report writing
Not broad enough perspective. How do programs relate to other
things, especially morphing malware?
Network intrusion knowledge/understanding
host-based forensics
Not degrees. What they are able to do.
Presentation skills. Ability to interact. Writing skills.
Usually it's broadening them to include the other aspects of the
problem space, such as network analysis or malware analysis.
How to deal with Law Enforcement is a big one, but he is not sure
that you can really train for that in our program.
A few areas that come to mind are malware analysis, live response
and memory analysis. In my mind, these are fairly new areas of
study and we don't expect them to be known.
Train people so they understand hardware, incident responder
course: handle information from an L.E. standpoint; use of write
Computer Science Graduate Programs Self-Study Report 2012
45
•
Other things that were
discussed:
•
•
•
blockers, proper acquisition.
Not the tools so much as how to do an investigation properly from
beginning to end
[They deal] with advanced cyber attacks; network analysis and
code analysis are very important.
Suggested three courses:
o host-based forensics
o network-based
o evidence discovery
Good understanding of software systems is needed everywhere.
Forensics teaches thoroughness and problem solving. All things
are valuable for other disciplines: formal process, curiosity, and
documentation.
The committee also looked at current research trends in Digital Forensics. There is a clear trend
toward the analysis of more and more complex systems and file systems, an ever increasing
volume of metadata that may need to be analyzed and correlated, malware that becomes more
sophisticated in its ability to conceal its presence and functionality from an investigator, and an
increasing importance of system memory acquisition and analysis. To be able to understand, let
alone address, these problems, specialists are needed that have a strong Computer Science
background. Students need expertise in operating systems (understanding file systems and
organization as well as memory layout), languages and compilers (understanding of features and
constructs of programming languages for program analysis), programming (developing forensics
tools and software), as well as algorithms and complexity (being able to cope with and process
large amounts of evidence). Based on these findings and the results of the market survey the
Forensics Program Committee developed a short-term curriculum that accommodates the current
resources within the department as well as a long-term curriculum goal, which represents the
ideal curriculum for the program.
Short-term curriculum—The program committee decided to build the new curriculum based
on the existing Computer Forensics course (CS 633) in a fashion that would not require any
additional resources beyond what was already available within the department. The department
decided to make the following changes to the existing curriculum to transform it to the Digital
Forensics program:
•
•
Remove the two Software Engineering classes (CS 555, CS 666) and the Database class
(CS 574) from the list of required courses. These courses still can be taught as electives if
needed/desired.
Develop new courses in Compilers (CS 630) and Malware Analysis (CS 640).
o The purpose of the Compilers course is to strengthen the overall Computer
Science core of the program as well as to introduce students to concepts of
parsing data for information/syntax, the mechanics of how a compiler affects code
generation, and an introduction to assembly language and opcode generation. The
course was developed by Prof. Mata-Toledo and is currently being taught in the
Spring 2012 semester for the first time.
o The purpose of the Malware Analysis course is to directly address the skills need
determined in the market survey. There is a high demand for malware analysis
Computer Science Graduate Programs Self-Study Report 2012
46
•
•
and reverse engineering skills and the area is certainly a discipline within Digital
Forensics. The course was developed by Prof. Buchholz, and has been
successfully taught as a special topics course (CS 685) for the InfoSec program in
the fall of 2011. It will be taught for the first time in the on-campus program in
the fall of 2012.
Overhaul the existing Computer Forensics course. The material on malware analysis was
removed and units on memory forensics and network forensics were added to the course.
Change the comprehensive assessment procedure from a comprehensive exam to a
project presentation. This way, students can work on a project that involves aspects from
multiple courses and improve their presentation skills by giving a public talk about their
results.
The removal of three required courses and only replacing them with two leaves the students with
an additional elective to take. This gives the faculty some leeway in scheduling courses based on
what faculty expertise is available in a given semester. Elective courses ideally are forensics or
security related, but can also be courses from the core CS curriculum. For example, in the fall of
2012 a Cryptography course will be offered, and in the spring of 2013 there will be a special
topics course in Mobile Device forensics along with an elective that is yet to be determined.
Long-term curriculum—Ideally, and to best help our students to become expert Digital
Forensics Computer Scientists, the focus of the program should further move toward a systemoriented CS curriculum with even more emphasis on digital forensics. This is based on the
results of the market survey but also on the fact that currently, the student’s first semester in the
program does not address forensics at all. In the long term, another program objective should be
added to the list: “Conduct in-depth technical forensic analyses.” This is an important area for
which there is currently no time in the curriculum. The Computer Forensics course (CS 633) is
already very much packed with material, which prevents the instructor from going over in-depths
examples or assigning too many complex deliverables. Thus, the long-term curriculum goals are
as follows:
•
•
•
Split the Computer Forensics course into an introductory course (to be taught in the first
semester and replacing CS 530) and an advanced course where more technically
demanding and complex topics can be addressed.
Add a course in Network Forensics and/or Intrusion Detection to the curriculum. This
directly addresses the skills needs from the market survey.
Explore the offering of two-semester long combined Computer Science/Forensics special
topics as electives. In the first semester, CS fundamentals (such as Databases or Software
Engineering) could be taught, and in the second semester a follow-up, forensics-related
course (such as Database Forensics or Forensic Tool Development) could be offered.
The implementation of the long-term curriculum plan is greatly dependent on making new
resources available to the department, especially in the area of faculty expertise. Currently, only
Prof. Buchholz has a strong background in Digital Forensics. While other faculty members have
shown an interest in obtaining the knowledge to teach “basic” forensics courses, teaching more
advanced forensics courses will require the hire of another expert in the field.
C-3a Program Evaluation Against National Standards
There are no national standards for either graduate Computer Science or Digital Forensics
curricula against which the program could be evaluated.
Computer Science Graduate Programs Self-Study Report 2012
47
C-3b Responsiveness of the Curriculum to Societal Needs
The curriculum of the existing SSS program was transformed to the one for the Digital Forensics
program explicitly with the results from the employer survey in mind. The survey identified the
most pressing needs graduates of a program like ours should have, and the direct results of this
were the creation of the Malware Analysis course (CS 640) and changing the comprehensive
assessment component from an exam to a presentation-style format.
The demand for computing professionals in the workforce is growing and not currently being
met because of the low Computer Science major graduation rate. This is especially true for
advanced degrees, such as a Master’s degree, whose recipients have advanced, specialized skills
that are in even higher demand. The areas of operating systems, networking, and security are
particularly highly sought in the workforce. Our curriculum addresses this societal need with
courses that prepare students for occupations in these areas. Graduates of the program
automatically earn the NSTISSI No. 4011 and CNSSI No. 4014 NSA/DHS approved certificates
as Information Security Professionals. This credential is highly valued in the cyber-defense and
information security community.
Especially on the Digital Forensics side, there is a high and fast-growing demand. The federal
Bureau of Labor Statistics (BLS) includes computer forensic investigators under SOC Code 339021 (Private Detectives and Investigators). They define the sub-category for computer-related
jobs as follows: “Computer forensic investigators specialize in recovering, analyzing, and
presenting data from computers for use in investigations or as evidence. They determine the
details of intrusions into computer systems, recover data from encrypted or erased files, and
recover e-mails and deleted passwords.”
The entire category is expected to have “much faster than average” (which is the fastest rate of
growth) employment growth over the period 2008-2018. Specifically, they expect employment
in the category to grow by 22% during that 10-year period. Though they do not break out
computer forensic investigators numerically, they do project that “opportunities are expected to
be favorable for qualified computer forensic investigators.” Within SOC Code 33-9021, the BLS
breaks out the following two industries (which, presumably, include computer forensic
investigators) in more detail:
•
•
Computer systems design and related services: 38.80%
Data processing, hosting, related services, and other information services: 37.45%
For comparison, the employment of forensic science technicians (SOC Code 19-4092) is
expected to grow by a rate of 20%.
Many existing “Computer Forensics” programs focus on people with a non-Computer Science
background and teach the basics of technical knowledge needed to conduct certain tasks within
digital forensic investigations. Due to the background of the students and the objectives of those
programs, graduates will not have acquired the deep knowledge of computing systems and code
that is needed to master many aspects of Digital Forensics. Besides our program very few
Computer Science departments in the U.S. are currently offering a graduate degree that involves
Digital Forensics.
Computer Science Graduate Programs Self-Study Report 2012
48
D. Program Viability
D-1 Program Viability in terms of State, Regional and National Needs
The Commonwealth of Virginia and neighboring states are host to a large concentration of
government and technology related industries that depend on the availability of competent
information technology professionals. In the Strategic Plan for Technology 2002-2006, the
Governor of Virginia announced a commitment to continued economic development of
Virginia’s technology industry, which will increase the demand for qualified IT professionals
both in the state and in the region. The Bureau of Labor Statistics, in the Occupational Outlook
Handbook for 2010-2011 states, “Computer software engineers are among the occupations
projected to grow the fastest and add the most mew jobs over the 2008-2018 decade, resulting in
excellent job prospects.” It also states that “Overall, employment of computer software engineers
and computer programmers is projected to increase 21 percent from 2008 to 2018, much faster
than the average for all occupations.” Furthermore, “Growth will also be driven by the increasing
need for information security,” and, “Workers with knowledge of information security also will
be in demand.”
The graduate Digital Forensics program helps to fill this state and national need by providing
students with in-depth study of digital forensics, including how operating systems, networks, and
computer programs function. The combination of the technical curriculum and the forensic
process provides students with the requisite background for high-demand skills, such as digital
evidence acquisition, file system analysis and data recovery, data carving, incident analysis and
evidence correlation. In addition to technical and policy courses, Digital Forensics graduates
have the opportunity to complete a thesis built on original research. Please also see Section
IIIb.C-3b above for more details on the workforce needs for Digital Forensics specialists.
D-2 Program Size and Needs for Expansion
Demand for CS graduates, at both the national and regional levels, is large and increasing. The
Bureau of Labor Statistics estimates that between 2008 and 2018 there will be over 750,000 new
computer specialist positions created, and need for almost 1,400,000 computer specialists to fill
both new and replacement positions. Additionally, the BLS cites information security as one of
the driving factors for growth. Meanwhile, supply is not keeping up with demand: the National
Science Foundation reports that from 2004 through 2008 (the most recent five years for which
data is available), the number of CS graduates was 244,074. Doubling this number (thus
estimating for the period 2008-2018) will produce only about 65% of the people needed to fill
new positions, and about 35% of the people needed for new and replacement positions.
The Digital Forensics program aims to contribute to the supply of CS graduates with strong
technical skills in security-related fields. At this time, the number of faculty members in the
department limits the program size. Currently the program can accommodate for one section
being taught in each course. Thus we can comfortably have cohort sizes of up to 20 graduate
students. Any growth beyond that would mean doubling the number of sections the department
would have to offer double the sections in most courses and effectively double the resource
needs for the entire program.
Computer Science Graduate Programs Self-Study Report 2012
49
E. Academic Program Resource Use
E-1 Changes Since the Last APR
The student enrollment since the last APR in 2004 for the on-campus graduate program has
remained fairly constant, which is one of the reasons the faculty decided to switch to the new
concentration. Regardless of the actual enrollment, there is a minimum of required resources
needed for the on-campus graduate program. Every semester, six graduate courses need to be
taught. Based on the requirement that faculty members teach three sections every semester, two
FTEs are needed to sustain the graduate program. From a resource perspective it does not matter
if there is one student in each section or if the section is completely full. Ideally, we will be able
to accommodate around 20 students in each section. Going beyond that number would imply
opening up two sections per course, effectively requiring a doubling of all graduate sections and
a doubled resource need of four FTEs.
E-2 Changes Resulting from Technology
The CS department faculty maintained their own course web sites in 2004, but most faculty have
switched to using the Blackboard Course Management system since its introduction at JMU
several years ago.
F. The Role of the Program in the College and University
F-1 University-Wide Efforts
In 2008 then Vice-Provost Jerry Benson announced a new effort to increase enrollment in
Science, Technology, Engineering and Mathematics (STEM) majors. The Computer Science
department has since played an important role in increasing enrollments in this area.
Graduate Programs—The Computer Science graduate program is recognized as one of the
original seven NSA Centers of Academic Excellence in Information Assurance Education
(CAE/IAE). In addition, the program is associated with a number of security-related initiatives,
including The Institute for Infrastructure and Information Assurance (IIIA), National
Infrastructure Advisory Council, The National Alliance for Information Assurance (NAIA),
Virginia Alliance for Secure Computer and Networking (VASCAN), and Colloquium on
Information Systems Security Education (CISSE). These associations conform to the JMU
graduate school’s requirement that all graduate programs at JMU be “programs of distinction.”
Furthermore, the focus on forensic technology is unique among CS graduate programs and gives
the program the opportunity to distinguish itself from similar Master’s programs.
F-2 Commitment of Students and Faculty to College and University-Wide Efforts
The Computer Science faculty is highly involved in efforts across campus. The following list
gives some idea of the extent of our involvement.
•
•
•
Taz Daughtrey submitted Quality Enhancement Proposal in 2011 as part of a Universitywide quality improvement effort. Furthermore, he was part of the QEP Committee and
served as a coach for one of the five finalist proposals.
Ralph Grove works with others in the community to run a regional First Lego League
competition (2007-2011). In 2011 over 500 teams came to JMU to participate.
Christopher Fox was part of the committee that obtained a chapter of Phi Beta Kappa for
JMU (2008).
Computer Science Graduate Programs Self-Study Report 2012
50
•
•
•
•
•
•
David Bernstein assisted writing two University-Wide proposals to the Howard Hughes
Medical Institute (2007 and 2011).
Christopher Fox was in the search committee to select a new Director of the Honors
Program (2006).
J. Archer Harris worked on revisions of the JMU Faculty Handbook (2009).
Nancy Harris and Taz Daughtrey were both faculty associates of the JMU Center for
Faculty Innovation (Harris 2006-2009, Daughtrey 2007-2010).
Christopher Fox is a member of the committee to establish a Logic Institute at JMU
(2011).
Florian Buchholz has served on the Dingledine Scholarship faculty panel (2010-2012)
Students are also involved. The following list illustrates examples.
•
•
•
CS students assist in enrichment activities in both the morning and afternoon of the
weekend in December when the First Lego League statewide competition occurs.
CS students participate on a panel to describe their JMU experience for the Universitywide Choices presentations recruiting event, and talk to families after the session during
the open house which follows. One of our students participated in the university wide
opening session as well (2004-2011).
Members of the Computer Forensics group perform outreach activities in that they offer
data recovery services to members of the JMU and Harrisonburg communities.
Furthermore, the group has played a support role for some investigations of the JMU
Police Department. While students were not directly involved with any investigations, the
group provided technical assistance with some problems the police officers faced.
G. The Role of Students and Alumni in the Program
G-1 Students
Student Organizations—The CS department supports four student organizations:
ACM Student Chapter—This club meets regularly to sponsor various activities, including a
movie night, a Linux install fest, talks by recruiters, employers, and alumni, and so forth. Up
until 2009, the chapter also regularly competed in the programming contest.
CyberDefense Club—This club meets the learn cyber defense and enters teams in the
National Collegiate Cyber Defense Competition. A lab is available for their use. In 2011, the
JMU team placed second in the Mid-Atlantic Regional Cyber Defense Competition.
Forensics Club—This club meets to study computer forensics and does activities like
presentations of interesting topics and tools, participation in national forensics challenges,
provision of data recovery services and development of custom tools. The group has
established a partnership with the JMU Police Department to provide support for some of
their technical problems and to learn about computer crime investigations. In 2011, the club
placed sixth in the HoneyNet challenge, the highest ranking for a student team.
Upsilon Pi Epsilon Honors Society—This group honors excellence in computer science
scholarship and inducts members every year as part of the CS awards night. Eleven students
were initiated in 2011. UPE this year launched a LaTex tutorial web site.
In addition, a new Women in Technology student organization was established in 2011 with
Nancy Harris as co-academic advisor. This group has student members from Computer Science,
Computer Science Graduate Programs Self-Study Report 2012
51
Computer Information Systems, Engineering, Integrated Science and Technology, and
Biotechnology.
Student Involvement in Departmental Activities—Students are involved in departmental
business in the following ways:
• Search committees include a student member. The student is involved in all business of the
committee and is a voting member. In the last searches (for department head and the last
two faculty searches) there were both a graduate and an undergraduate student who served
on the committee.
• Every year a student becomes a member of CISAT Dean’s Student Advisory Council.
Student Satisfaction—Student evaluations indicate that the CS faculty and courses are well
regarded by students. While most of this data is from the SSE/SSS program, it is nevertheless
indicative of the general satisfaction our students have with the on-campus graduate program.
Furthermore, we only made changes to a subset of the curriculum, so the numbers are indicative
of the new program, as well. The following table lists average overall instructor ratings for the
on-campus graduate courses in a given semester on a five-point scale for each semester of the
past four years.
Semester
Fall 2011
Spring 2011
Fall 2010
Spring 2010
Fall 2009
Spring 2009
Fall 2008
Spring 2008
Score
4.52
4.69
4.29
4.42
4.46
4.29
4.23
4.64
Standard Deviation
0.56
0.30
0.36
0.60
0.52
0.55
0.68
0.52
The following table lists the mean overall on-campus graduate course rating on a five-point scale
for each semester of the past four years.
Semester
Fall 2011
Spring 2011
Fall 2010
Spring 2010
Fall 2009
Spring 2009
Fall 2008
Spring 2008
Score
4.39
4.50
4.18
4.18
4.05
4.31
4.38
4.43
Standard Deviation
0.55
0.24
0.27
0.76
1.04
0.55
0.37
0.68
Advising—The Graduate Program Director of the Digital Forensics program is the advisor for
all on-campus graduate students. Students meet with their advisor at the beginning of their first
semester to discuss their course sequence. Given that the sequence is generally the same for most
Computer Science Graduate Programs Self-Study Report 2012
52
students, only students with special needs (such as part-time students or students entering the
program with course waivers) need to work on customized schedules. Students can also come to
their advisor to talk about thesis work, comprehensive assessment questions or concerns, and to
get more information about independent studies or internships. The advisor also functions as a
mediator if there is a conflict between a student and another faculty member. If the advisor
himself is involved in such a conflict, the Computer Science Department Head will take on the
mediator function.
G-2 Alumni
Alumni Involvement—One of the major recommendations of the last APR was that the
department should establish an External Advisory Group. Such a group was established in 2006.
The EAG comes to campus annually for a one-day meeting. These events consist of meetings
with administrators, faculty, and student to discuss current departmental issues, visits to
classrooms, and closed sessions where the EAG decides on recommendations to the department.
The EAG subsequently writes a report advising the departments of its findings and
recommendations.
Currently, however, there are not yet any alumni for the Digital Forensics program, as we have
just started the first cohort of students last fall.
H. Assessment Findings on Student Learning Objectives
H-1 Assessment Findings
H-1a Course Based Assessment Mechanism Findings
As this program is just underway, there are no historical data on which to base any findings.
Instead, the following describes how the assessment process will proceed on an ongoing basis.
Course Assignments and Exams—Course evaluations and other assessments are to be related
directly to the learning outcomes described above in B-1. Course-based assessments are to be
conducted in each course for those objectives been identified for that course in B-2. (Objectives
8 and 9 will be evaluated in those courses where the instructor provides assessment data.)
Each instructor will map course content against the applicable objectives, specifying which
assignments, projects, and exam questions assess which objective. The instructor will then
deliver representative aggregate data (such as average grade or percentage of students who
answered correctly) to the program director. In consultation with the Forensics Program
Committee, target values will be set for each measure. For example, “90% of students should be
able to adequately analyze assembly code and explain what it does” or “The average score on the
oral presentation rubric should be at least 4 on a 5-point scale.”
These assessment results will be used to identify potential improvements and track their
implementation within and across individual courses. Trending data will indicate progress
semester-by-semester, and absolute values will show if targets are being met.
Course Evaluations by Students—Standardized Department-wide surveys are administered to
students near the end of each course. The survey items are designed to identify student
perceptions of those instructor behaviors that have been identified in the literature as most
closely related to student achievement.
Computer Science Graduate Programs Self-Study Report 2012
53
Course evaluations are read first by the Academic Unit Head, and then given to the course
instructor. Members of the Personnel Advisory Committee (PAC) review course evaluation
results as part of the portfolio presented by faculty up for promotion and tenure. Course
evaluation data consists of tables showing aggregate responses to all questions, and respondents,
means and standard deviations of responses to each question for each section, each course, each
instructor, and the entire department. Written comments are also included.
Instructors use course evaluations to make improvement to individual courses. Evaluation results
are also used as a major input to performance evaluations in the area of teaching, which has a
direct relationship to faculty salary increases. The Academic Unit Head and the PAC also
consider these results in making tenure and promotion decisions. Finally, course evaluation
results have been used to help determine who will or will not teach various courses.
(Some instructors also design course-specific questionnaires or other informal feedback
mechanisms, and may administer them at various times through the semester. These results may
also be submitted during performance appraisals.)
H-1b Non-Course-Based Assessment Mechanism Findings
Intermediate Student Survey—The SSS program conducted regular surveys of the students
who had completed their first year of study in the program. We plan to continue this assessment
strategy. Given that all of our students are still within their first year of study, we have not
actually conducted such a survey yet. We plan on keeping the questions from the SSS
questionnaire about what attracted the students to JMU and which parts of the curriculum were
valuable or not valuable to the students. The Forensics Program Committee still needs to address
what (if any) additional questions should be asked and how the results from the survey need to
be processed.
Student Exit Survey—The SSS program asked every graduating student to complete an exit
survey. The questionnaire consisted of questions about student satisfaction, quality of the
curriculum and faculty, and the students’ future career. We plan to utilize the existing
questionnaire with appropriate modifications based on the changed curriculum and the new
program objectives. The first such survey will be given at the end of the Spring 2013 semester.
Alumni Survey—We plan to ask alumni of the program to complete a survey in the future. The
purpose of the survey should be to measure to what extent the curriculum of the program
prepared alumni for their jobs, collect statistics about the careers of our graduates, and see if
there are any emerging trends that need to be addressed in the curriculum. Obviously, this
implementation of such a survey is at least a couple of years away.
EAG Recommendations—The CS External Advisory Group began meeting in Spring 2007.
While it has made several recommendations since then, none of them directly addressed the
graduate programs.
Peer Reviews—There are two forms of peer reviews currently conducted in Computer Science:
•
A Teaching Analysis Poll (TAP) is a mid-semester evaluation that provides instructors
with feedback from their students regarding the learning environment in a course. TAPS
are conducted by faculty members trained through the Center for Faculty Innovation
(CFI). The faculty consultant contacts the instructor prior to the TAP to discuss basic
course information and any concerns the instructor might have about the course. The
Computer Science Graduate Programs Self-Study Report 2012
54
consultant then comes to the class and spends 30 minutes conducting the TAP with the
class. During the TAP, the consultant guides the students through a discussion based on
questions concerning what helps learning in this course, what hinders learning in the
course, and what suggestions students have for improving the course. Students explore
these questions in small groups and write their responses on the board. The TAP
consultant then moderates a discussion with all the students based on the boarded
comments. After the TAP, the consultant meets with the instructor to discuss the TAP
feedback. TAPS are entirely voluntary and results are kept confidential by the CFI. If a
faculty member chooses to include TAP results in his or her annual activities report or
promotion and tenure package, he or she may do so.
•
In 2007 the Computer Science department adopted a policy allowing peer reviews by
other department members. The purpose of a peer review is to make suggestions to help
faculty members improve their teaching by providing a frank and confidential assessment
of their teaching. A faculty member may at any time ask the PAC to arrange a peer
review of one or more of the faculty member’s courses. The PAC then forms an ad hoc
committee of three faculty members one of whom, at most, may be from another
department. The PAC will then charge the review committee to perform a peer review.
Oversight by the PAC ends at this point. The review committee then meets with the
faculty member to discuss the course, and then arranges for each committee member to
observe one or more class. The review committee prepares a written report and delivers it
to the reviewed faculty member; the review committee then destroys all material from the
review and keeps the results of the review confidential. The reviewed faculty member
may submit the report to the department head as part of his or her annual activities report
or as part of his or her tenure and promotion package.
Many faculty members have availed themselves of peer reviews or TAPS, and presumably have
used them to improve their courses and teaching, but statistics and details about this are
obviously unavailable, due to the confidential nature of both processes. This confidentiality is
also one of the great strengths of these processes: honest assessments and improvement efforts
can be made because there is no threat to the faculty members.
H-2 Quality of the Program’s Assessment Activities
These activities will be reported annually in the program’s Assessment Progress Template. In
addition to studying feedback routinely provided by JMU’s Center for Assessment and Research
Studies (CARS), the program will enlist the resources of the Program Assessment Support
Service at CARS to strengthen the assessment effort as data begins to accumulate.
Computer Science Graduate Programs Self-Study Report 2012
55
IIIc. Combined Narrative for both Graduate Programs
I. Role of Faculty in the Program
I-1 Faculty Activities
The JMU Computer Science faculty views its primary mission as teaching, with service and
scholarly activity as subordinate supporting activities to its main instructional focus. The default
activity weighting in the three areas is 70% for teaching, and 15% for each of professional
service, and scholarly achievement and professional qualifications. Each year faculty negotiate
these weights for the coming year as part of their anticipated activity plan, but teaching effort for
full-time faculty can never be less than 60% (department policy) and effort in the other two areas
can never be less than 10% (Faculty Handbook, section III.E.4.a).
Teaching and Advising—The target teaching load for full-time faculty in Computer Science is
6 three-credit sections per year. Some faculty may teach only one graduate section per year (with
the remaining sections consisting of undergraduate courses) while other faculty members may
teach up to 5 graduate sections per year. Regardless of how the teaching load is divided between
graduate and undergraduate courses, the department still strives to require no more than two
preparations per semester for a faculty member. Faculty are also required to hold at least five
office hours per week (department policy).
The Program Coordinator for the program in which they are enrolled primarily advises graduate
students. However, several students each year complete either Independent Study classes or a
Master's Thesis under the supervision of a graduate faculty member. Some recent Master's
Theses completed by our students include:
•
James O. Holley, A Framework for Controlled Testing of Software Tools and
Methodologies Developed for Identifying, Preserving, Analyzing and Reporting
Electronic Evidence in a Network Environment
•
Philip Dale Huff, Fuzzy Extractors Using an Improved Set Intersection Function
•
Michael Smith, Identifying Malware with Byte Frequency Distribution and Context
Triggered Piecewise Hashing
•
Michael Ferrell, A New View and Guidelines for Data Centric Security
•
Timothy Kelley, A Method for Increasing Transmission Rates in Covert Timing
Channels
Scholarship and Research—Faculty members have active research programs in both Forensics
and Information Security. The following are a selection of recent grants received by our faculty:
•
Florian Buchholz and M. Hossain Heydari, NSF Federal Cyber Service: Scholarship for
Service, “Digital Forensics and Undergraduate Information Security”, $2,377,267 ,
September, 2011 – August, 2016 .
•
M. Hossain Heydari, DoD Information Assurance Scholarship, $34,574.55, academic
year 2011-2012.
•
M. Hossain Heydari, DoD Information Assurance Scholarship, $31,350.67, academic
year 2010-2011.
Computer Science Graduate Programs Self-Study Report 2012
56
•
M. Hossain Heydari, National Security Agency NSPW scholarship grant, $15,000,
academic year, 2010-2011.
•
Florian Buchholz and David Bernstein, “An Easy-to-use and Extensible Data Carving
Framework”, US Department of Justice, National Institute of Justice, $140,000, 20092010.
•
M. Hossain Heydari, National Security Agency NSPW scholarship grant, $15,000,
academic year 2009-2010.
•
Brett Tjaden and M. Hossain Heydari, “A Cyber Defense Competition for Recruiting
Under-Represented Students into STEM Programs”, Institute for Infrastructure and
Information Assurance, $24,456.27, April, 2009 – October, 2009.
•
M. Hossain Heydari, DoD Information Assurance Scholarship, $73,341.59, for academic
year 2008-2009.
•
Brett Tjaden and M. Hossain Heydari, “Hosting a Cyber Defense Competition”, Institute
for Infrastructure and Information Assurance, $35,971.27, April, 2008 – September,
2008.
•
Florian Buchholz, “Analysis of Distributed Timestamps for Computer Forensics
Investigations” , National Science Foundation, Cybertrust, $98,000, 2007-2010.
The following are a selection of recent publications by our faculty and students:
•
Michael S. Kirkpatrick, Gabriel Ghinita, and Elisa Bertino, “Resilient Authenticated
Execution of Critical Applications in Untrusted Environments.” IEEE Transactions on
Dependable and Secure Computing (TDSC), February 2012.
•
Michael S. Kirkpatrick , Gabriel Ghinita, and Elisa Bertino, “Privacy-Preserving
Enforcement of Spatially Aware RBAC.” IEEE Transactions on Dependable and Secure
Computing (TDSC), December 2011.
•
Michael S. Kirkpatrick, Maria Luisa Damiani, and Elisa Bertino, “Prox-RBAC: A
Proximity-based Spatially Aware RBAC.” 19th ACM SIGSPATIAL International
Conference on Advances in Geographic Information Systems (ACM SIGSPATIAL GIS),
Chicago, IL, November 2011.
•
Brett Tjaden and Robert Floodeen, "Cyber Defense", McGraw-Hill Yearbook of Science
and Technology, 2011 Edition. (Robert Floodeen was a graduate student.)
•
Michael S. Kirkpatrick , Sam Kerr, and Elisa Bertino, “PUF ROKs : A Hardware
Approach to Read-Once Keys.” 6th ACM Symposium on Information, Computer and
Communications Security (ASIACCS), Hong Kong, March 2011.
•
Xunhua Wang, Ralph Grove, and Hossain Heydari, “Secure Electronic Voting with
Cryptography”, in Applied Cryptography for Cyber Security and Defense, Hamid R.
Nemati and Li Yang, Ed.s, Information Science Reference, Hershey, NY, 2011.
•
Michael S. Kirkpatrick and Sam Kerr, “Enforcing Physically Restricted Access Control
for Remote Data.” 1st ACM Conference on Data and Application Security and Privacy
(CODASPY), San Antonio, TX, February 2011.
Computer Science Graduate Programs Self-Study Report 2012
57
•
Bernstein, D. and T.L. Friesz (2010) "Mobile Commerce", A Dictionary of Transport
Analysis, Nijkamp, Button and Vega (eds.), Edward Elgar Publishing, 2010.
•
Sam Kerr, Michael S. Kirkpatrick , and Elisa Bertino, “PEAR: A Hardware-based
Authentication System.” 3rd ACM SIGSPATIAL International Workshop on Security
and Privacy in GIS and LBS (SPRINGL), San Jose, California, November 2010.
•
Ben Rodes, X. Wang, “Security analysis of a Fingerprint-protected USB Drive”,
Proceedings of the 2010 Annual Computer Security Applications Conference (ACSAC).
Pages 89-96. Austin, TX, USA. December 6~10, 2010.
•
Xunhua Wang and Hua Lin, “Cryptography-based authentication for protecting cyber
systems”, Hamid R. Nemati and Li Yang, editors, Applied Cryptography for Cyber
Security and Defense: Information Encryption and Cyphering, chapter 2, pages 32-50.
Information Science Reference, 2010.
•
Xunhua Wang, Ralph Grove, and M. Hossain Heydari, “Secure electronic voting with
cryptography”, Hamid R Nemati and Li Yang, editors, Applied Cryptography for Cyber
Security and Defense: Information Encryption and Cyphering, chapter 12, pages 271288. Information Science Reference, 2010.
•
Michael S. Kirkpatrick , Sam Kerr, and Elisa Bertino, “PUF ROKs: Generating ReadOnce Keys with Physically Unclonable Functions.” Extended abstract, 6th Annual Cyber
Security and Information Intelligence Research Workshop (CSIIRW), Oak Ridge, TN,
April, 2010.
•
X. Wang and H. Lin, “PAKE on the Web”, International Journal of Information Security
and Privacy, 3(4):29-42, December 2009
•
Florian Buchholz, Xuxian Jiang, Aaron Walters, Dongyan Xu, Yi-Min Wang, and
Eugene H. Spafford. “Tracing Worm Break-In and Contaminations via Process Coloring:
A Provenance-Preserving Approach”, IEEE Transactions on Parallel and Distributed
Systems 19(7), July 2008.
•
Xunhua Wang, Philip Huff, and Brett Tjaden, “Improving the Efficiency of Captureresistant Biometric Authentication based on Set Intersection”, Annual Computer Security
Applications Conference (ACSAC 2008), Anaheim, California, December 8-12, 2008.
(Philip Huff was a graduate student.)
•
Ridgeway, K., J. Magnotti, and D. Bernstein (2008) “Using Java’s Generics Mechanism
to Improve Type Safety in the Command Pattern”, Proceedings of the ACMSE, 2008. (K.
Ridgeway and J. Magnotti were both undergraduate students.)
•
Florian Buchholz and Eugene H. Spafford, “Run-time Label Propagation for Forensic
Audit Data”, Computers and Security 26(7-8), December 2007.
•
Florian Buchholz and Brett Tjaden, “A Brief Study of Time”, Seventh Annual Digital
Forensics Research Workshop (DFRWS 2007), Pittsburgh, Pennsylvania, August 13-15,
2007.
•
X. Wang and D. Rine. “Secure Online DNS Dynamic Updates: architecture and
implementation.” International Journal of Information Technology and Web Engineering.
2(3), 17-36. July-September, 2007.
Computer Science Graduate Programs Self-Study Report 2012
58
Service and Support Activities—The Computer Science faculty is very active in service and
support activities. The department is organized with three program directors, one each for the
undergraduate program, the on-campus Forensics program, and the distance-learning
Information Security program. Program directors receive one course release time per semester.
They are responsible for day-to-day operational oversight and paperwork, advising, program
curricula, and program improvement. The directors plus the Academic Unit Head comprise the
Executive Committee. The department also has the following standing committees:
•
Undergraduate Program Committee—Charged with oversight of the undergraduate
program, mainly having to do with curriculum. There are currently four faculty members
on this committee.
•
Forensics Program Committee—Charged with oversight of the on-campus graduate
program in Secure Software Systems, mainly having to do with curriculum. There are
currently five faculty members on this committee.
•
InfoSec Program Committee—Charged with oversight of the distance graduate program
in Information Security, mainly having to do with curriculum. There are currently five
faculty members on this committee.
•
Personnel Advisory Committee—Charged with reviewing tenure and promotion decisions
and making recommendations to the Dean, hearing appeals of decisions, formulating
personnel policies, and so forth. There are four faculty members on this committee.
•
Assessment Committee—Charged with overseeing program assessment, including
collecting data and filling in the annual Assessment Progress Template (APT). There are
currently three faculty members on this committee.
•
Lab Committee—Charged with monitoring the state of the department’s laboratories,
dealing with problems, planning their evolution, and making recommendations to
administration about equipment and space. There are currently six faculty members on
this committee.
•
Awards Committee—Charged with choosing students for scholarships and end-of-theyear awards. There are currently three faculty members on this committee.
In addition, the department, college, and university have many service roles that need to be
filled, as follows:
•
•
•
•
•
•
•
•
•
•
•
•
Faculty senator
Internship coordinator
Computer science minor advisor
Transfer advisor
Freshman advisor
Telecommunications minor advisor
UPE advisor
ACM advisor
Cyber Defense club advisor
Forensics club advisor
Honors program liaison
Library liaison
Computer Science Graduate Programs Self-Study Report 2012
59
•
•
•
•
•
•
•
•
•
•
•
•
•
Honors banquet coordinator
Webmaster
CISAT Leadership Council member
CISAT Undergraduate Curriculum and Instruction Committee member
CISAT Graduate Council member
CISAT Dean’s Advisory Council member
CISAT Tech User’s Group member
CISAT Faculty Development Committee member
CISAT International Committee member
CISAT Diversity Council member
University Graduate Council member
Freshman Advisory Board member
STEM Retention Committee member
Finally, faculty members are free (and often encouraged) to participate in additional service
supporting the department, college, and university. The following list summarizes activities in
which faculty are currently participating:
•
Aboutabl: Member of the InfoSec Committee; Member of the Forensics Committee;
Internship Coordinator; Telecommunications Minor Advisor; Member of the CS Lab
Committee; Co-Advisor of the Cyber Defense Cub; CISAT Undergraduate C&I
Committee Member; CISAT International Committee.
•
Bernstein: Member of the Personnel Advisory Committee; Chair of the CS Awards
Committee; Honors Program Liaison
•
Buchholz: Forensics Program Director; Chair of the Forensics Committee; Advisor of the
Forensics Group; Member of the InfoSec Committee; Member of the CS Executive
Committee; Member of the CS Lab Committee; CS Web Master; University Graduate
Council.
•
Daughtrey: CFI Faculty Affiliate; Member of the Forensics Program Committee; Chair of
the CS Assessment Committee; CS Minor Advisor.
•
Fox: President, Xi of Virginia Chapter of Phi Beta Kappa; Communications Chair, JMU
Chapter of Phi Kappa Phi; Logic Institute committee member; Computer Science
Undergraduate Program Director; Chair of the Undergraduate Program Committee; CS
Minor Advisor; Member of the CS Executive Committee; Member of the CS Awards
Committee; CS Web Master.
•
Grove: Co-Director, FIRST Lego League Regional Tournament; Member of the
Personnel; Advisory Committee; Chair of the Space Planning Committee; Member of the
Undergraduate Program Committee; Member of the CS Assessment Committee;
Representative on the Faculty Senate; CISAT Faculty Development Committee; Member
of JMU Honors Council.
•
Harris: Women in Technology club advisor; CFI Faculty Affiliate; Member of the
Undergraduate Program Committee; Member of the CS Assessment Committee;
Freshman Advisor; Member of the CS Awards Committee; Freshman Advisory Council;
STEM Retention Committee.
Computer Science Graduate Programs Self-Study Report 2012
60
•
Heydari: InfoSec Program Director; Chair InfoSec Committee; Member of the Forensics
Committee; Member of the CS Executive Committee; Co-advisor of the Cyber Defense
Club; CS Web Master; CISAT Graduate Council.
•
Kirkpatrick: Member of the Undergraduate Program Committee; CS Library Liaison.
Mayfield: ACM Advisor. Mata-Toledo: Chair of the Personnel Advisory Committee.
•
Norton: Member of the Undergraduate Program Committee.
•
Simmons: CISAT Leadership Council; Chair CS Executive Committee; Honors Banquet
Coordinator.
•
Sprague: Member of the Personnel Advisory Council; CISAT Diversity Committee.
•
Tjaden: Member of the InfoSec Committee; Member of the Forensics Committee;
Member of the CS Lab Committee; Co-advisor of the Cyber Defense Club; Chair of the
Strategic Planning Committee.
•
Wang: Member of the InfoSec Committee; Chair of the CS Lab Committee; Member of
the Forensics Committee; UPE Advisor; CISAT Tech Users Group.
I-2 Faculty Qualifications
Faculty vitae are found in Appendix 7.
Over the past five years, faculty members have tended to teach the same graduate courses year
after year. This is partly due to the interests and expertise of individual faculty members and
partly due to a lack of interest by other faculty members in teaching graduate courses –
especially for the distance-education InfoSec program. This trend is changing slightly as newlyhired faculty members may teach some graduate courses while some faculty members who have
been in the department for many years are scheduled to teach graduate courses they have never
taught before in the coming academic year (specifically, Taz Daughtrey will teach a graduate
Secure Software Engineering course in the fall and Brett Tjaden will teach a graduate Forensics
course in the spring).
The majority of our graduate classes are on advanced and specialized topics, and we feel that the
faculty members who have taught them have been well qualified to do so. The following is a list
of graduate faculty members and the courses they have taught over the past five years:
•
Aboutabl: Ph.D. in Computer Science, University of Maryland, College Park;
specializations: operating systems and networks and security. Courses: CS 511 Computer
Organization, CS 550 Operating Systems, CS 557 Information Security, CS 560
Networks and Network Security, CS 610 Networking and Security
•
Bernstein: Ph.D. in Operations Research, University of Pennsylvania; specializations:
mobile computing, multimedia. Courses: CS 555 Secure Software Engineering
•
Buchholz: Ph.D. in Computer Science, Purdue University; specializations: operating
systems and forensics. Courses: CS 552 Applied Complexity Theory, CS 633 Computer
Forensics, CS 675 Distributed Computing and Security, CS 685 Selected Topics –
Malware Analysis
•
Daughtrey: M.E. in Education, University of Virginia; specialization: science education,
quality. Courses: CS 555 Secure Software Engineering, CS 665 Software Requirements
Computer Science Graduate Programs Self-Study Report 2012
61
and Design, CS 666 Software Construction and Assurance
•
Fox: Ph.D. in Information Studies, Syracuse University; specializations: software
engineering design, software construction, formal methods. Courses: CS530
Programming Languages, CS 555 Secure Software Engineering, CS 665 Software
Requirements and Design, CS 666 Software Construction and Assurance
•
Grove: Ph.D. in Computer Science, University of Louisville; specializations: web
development, object-oriented design, artificial intelligence. Courses: CS 510 Object
Oriented Programming, CS530 Programming Languages, CS 644 Artificial Intelligence
•
Heydari: Ph.D. in Computer Science, University of Texas at Dallas; specializations:
networks and security. Courses: CS 512 Data Structures, CS 550 Operating Systems
•
Kirkpatrick: Ph.D. in Computer Science, Purdue University; specializations: computer
security, computer architecture, and operating systems. Courses: CS 550 Operating
Systems, CS 652 Formal Methods for Information Security
•
Mata: Ph.D. in Computer Science, Kansas State University; specializations: discrete
mathematics, databases, natural language processing. Courses: CS 530 Programming
Languages, CS 574 Database Systems, CS 630 Compilers, CS 634 Natural Language
Processing
•
Tjaden: Ph.D. in Computer Science, University of Virginia; specializations: network
security and cyber defense. Courses: CS 510 Object Oriented Programming, CS 560
Networks and Network Security, CS 610 Networking and Security, CS 625 Secure
Operations, CS 635 Secure Network Operations
•
Wang: Ph.D. in Computer Science, George Mason University; specializations:
information security and cryptography. Courses: CS 552 Applied Complexity Theory, CS
557 Information Security, CS 610 Networking and Security, CS 627 Cryptography:
Algorithms and Applications, CS 660 Advanced Network Security
I-3 Professional Development Overview
In 2006 James Madison University established the Center for Faculty Innovation (CFI), whose
mission is to foster “experiences and dialogue designed to promote excellence in teaching,
scholarship, service, and leadership with the goal of enhancing the academic culture of the
university.” The CFI sponsors multiple workshops, seminars, speakers, discussions, and other
programs contributing to the professional development of the faculty. The Computer Science
faculty members often attend CFI programs, and two faculty members (Daughtrey and Harris)
have been CFI Faculty Associates and are now CFI Faculty Affiliates. The CFI is the source of
most internal professional development activities in the department.
Faculty members sometimes attend tutorials at conferences and workshops to educate themselves
and keep up to date with the field and its pedagogy. These activities are limited by funding. For
example, in August 2011 Nancy Harris and Mike Norton attended a two-day workshop focused
on attracting and retaining female students in science and technology majors conducted by
Donna Milgram of the National Institute for Women in Trades, Technology, and Science.
Every year the College of Integrated Science and Technology sponsors educational leaves for a
limited number of faculty. Leaves are full-time for either a semester with full pay or a year with
Computer Science Graduate Programs Self-Study Report 2012
62
half-pay. Faculty must submit a proposal to the college; a committee ranks the proposals and the
Dean decides how to award them. Brett Tjaden was awarded an educational leave for the fall
semester in 2011 during which he studied Digital Forensics to be better able to contribute to the
teaching and scholarship of the on-campus graduate program.
J. Quality and Quantity of Academic Support
J-1 Adequacy of Staffing
Full-Time Faculty— From the beginning of the InfoSec program till 2011, courses taught in the
distance InfoSec program were counted as two sections when calculating the course load of
faculty members. The justification was that delivering a high quality online course that fosters
substantial interaction among students and between faculty and students requires at least twice
the preparation time and effort during course development and delivery as a comparable oncampus course. Beginning with the fall, 2011 semester the weighting of InfoSec courses was
reduced from 2 sections to 1.5 sections. The result is that faculty who teach in the InfoSec
program now teach one additional on-campus course per year; hence have less time to spend on
their InfoSec classes than they did previously. This change has helped the department with 4
section loads, but it has made teaching InfoSec courses less appealing for the few faculty who
have the passion and like to teach Internet based courses. We fear that this development will also
have an adverse impact on the quality of the InfoSec program going forward. For example, one
faculty who used to record two 75-minute video lectures each week for his InfoSec classes has
ceased this practice in order to be able to manage his extra section load. This change has been
very unpopular with the InfoSec students who would like to see more of this type of material,
especially in some courses, and not less.
In the InfoSec program we still have to rely on adjunct faculty to teach five of our courses. We
have asked two of our on-campus faculty members to teach two of these courses, for the coming
year. This does put stress on our undergraduate program, where our faculty resources are already
stretched. We need to hire at least one more faculty with expertise in Information Assurance to
teach our courses, so we don’t have to rely on adjuncts.
The faculty resource demands for the Digital Forensics program are constant at 2 FTEs to teach
six sections of graduate courses each semester. However, there is currently only one faculty
member who has a background in forensics. In order to proceed with the long-term curriculum
plan for the program as well as to be able to offer more interesting and relevant electives to our
students, more faculty expertise in the area of digital forensics is needed.
Part-Time Faculty—Neither the InfoSec nor the Digital Forensics Program makes use of parttime faculty.
Adjuncts— In the InfoSec program we still have to rely on adjunct faculty to teach five of our
courses. Although we have been able to find highly qualified adjuncts, Ph.D.s (and J.D. for the
law course) with expertise in the field teaching these courses, we had a few problems in the past
few years. Teaching Internet-based courses take special skills and passion and many of our
faculty don’t like to teach Internet-based courses.
The Digital Forensics Program does not make use of adjunct faculty.
Classified and Wage Staff—The CS department has three secretaries and one computer support
technician. Gwen Good is the departmental office manage and the Academic Unit Head’s
Computer Science Graduate Programs Self-Study Report 2012
63
administrative assistant. She handles all budgets and supports the Academic Unit Head. Carole
Ritchie supports the undergraduate program. Kathy Laycock supports the graduate programs.
Livia Griffith takes care of the department’s labs and Linux servers. Finally, a part-time student
assistant is hired every semester to assist the secretaries. These resources are adequate to
departmental needs.
Graduate and Teaching Assistants—The graduate program has six graduate assistant
positions. Faculty request assistants to help with courses or research at the start of each semester.
No graduate students ever teach classes on their own. The on-campus graduate program often
has trouble recruiting students, and faculty could probably make use of more graduate assistants,
so there is justification to increase the number of graduate assistantships.
J-2 Library Resources
JMU has excellent library facilities, including online access to several research databases, the
ACM and IEEE digital libraries, and Safari books. Our physical book collection in the east
Campus Library is adequate overall and strong in the areas of software engineering and
information security.
J-3 Technological Support
The CS department must have computer laboratories sufficient to support our courses that have
laboratory components, our distance program in InfoSec, research, and extra-curricular activities.
Teaching Labs: Currently the department has a Software Engineering Lab with 30 Macs, a
Program Development Lab with 30 Linux machines, a Systems Development Lab with 24
seats for networking and operating systems work, and several Linux machines accessible
over the web. The Software Engineering and Program Development labs, along with support
provided by the servers, are sufficient to support our general lab classes, but if enrollment
increases, we will not have enough seats, particularly for our introductory courses. The
Systems Development Lab has outdated machines and is not able to support the needs of
courses in operating systems and networking. Faculty interested in pursuing course
development in other areas (such as robotics or embedded programming) have no space to do
this work and no budget to acquire equipment.
InfoSec program: The InfoSec program needs servers to support the program web site,
which provides the virtual campus for the program. Currently the servers themselves are
adequate to the needs of the program, but adequate network connectivity, security, and file
storage are lacking. Another area of need is backup technology.
Research: The department has a Computer Forensics lab to support research in this area.
There is no budget available for purchasing equipment to support research in other areas.
CyberDefense: The department currently has one 24 seat CyberDefense lab to support
classes and the CyberDefense club. This resource is adequate to needs in this area.
A problem that affects all our labs is an inability on the part of the JMU administration and
Information Technology organization to recognize the need for Computer Science to have labs
different from general purpose labs, and the lack of expertise and ability to support nonWindows environments.
Computer Science Graduate Programs Self-Study Report 2012
64
J-4 Non-Personnel Support
The department’s operating budget has been virtually unchanged for 20 years. Fortunately, the
department has an arrangement whereby it receives a fraction of the tuition money from the
InfoSec program, which has provided funding for travel, equipment, and so forth for which the
operating budget has not been sufficient.
J-5 Adequacy of Facilities
The CS department is housed in a modern and well-maintained building (ISAT/CS), and it
controls most of the space on the second floor, which houses offices, support spaces (such as a
mailroom and workroom), two classrooms, and three laboratories. We also have two labs on the
first floor of ISAT/CS, and we can schedule classes into rooms in the Health and Human
Services (HHS) building.
There are currently two labs used primarily for the two graduate programs: The INFOSEC lab
(CS 142) and the Forensics lab (CS 231). Regarding the INFOSEC lab, there is an alarming trend
of the department losing physical space as well as control over who has access to the lab. The lab
is essentially a cluster of powerful servers that deploy virtual machines. Students and faculty
connect to the cluster via VPN and can access or create virtual machines for class work as
needed. Many courses in the InfoSec program rely on the availability of these machines. Due to
the nature of the server cluster, locating them in CS 142 is necessary due to the electrical and
climate control requirements of the hardware. The hardware does not require the entire space in
the room, and other departments have begun moving equipment in the location, as well. As a
result, the climate requirements for the cluster hardware may no longer be guaranteed.
Furthermore, the CS department can no longer control who has access to the room, which is a
troubling development for an area that hosts equipment that needs to be highly available and
plays a crucial role in our distance education model.
The Forensics lab is a small room that currently hosts 8 workstations, a very large file server, and
other forensics-related, specialized hardware. The workstations have special forensics software
installed. The lab can seat about 10 students comfortably, and there is a projector and screen so
that an instructor can demonstrate and lecture to an extent. However, the lab space was not
designed for a teaching lab. Should enrollment grow (which is our goal), the space and
configuration of the lab in CS 231 will no longer be adequate to teach parts of the Computer
Forensics class. Using the general-purpose labs is not feasible due to the specialized hardware
and software requirements of the curriculum.
In 2010, due to needs of other departments within the college, the CS department has lost a
laboratory room where faculty and graduate students would conduct research. Currently, there is
no dedicated lab available where faculty or students can work on their research.
Currently all faculty have private offices. All classrooms are adequate. We have space for
existing laboratories (as noted above), but there is no space available to support new initiatives in
teaching or research, such as a space for a robotics or embedded systems labs or for new research
projects. Faculty office space will not be adequate if we hire more than one additional faculty
member.
J-6 Recommendation for Meeting Future Needs
With the present faculty expertise, the Digital Forensics program is limited to the curriculum that
Computer Science Graduate Programs Self-Study Report 2012
65
we currently offer. The InfoSec program currently relies heavily on adjunct faculty for teaching
some of the core courses. The CS department is currently at capacity with respect to office space
and general labs, and it lacks space and equipment for special purpose labs.
In light of this analysis, the CS department makes the following recommendations:
• Explore the possibility of hiring another faculty member with expertise in digital forensics
and/or another faculty member to support the InfoSec program. Planning for new offices
should go in hand with those efforts.
• Upgrade the network connectivity, security, storage capacity, and backup mechanisms for
the Information Security servers.
• Allocate space and budget for equipment, to support new program development and
research. Especially a forensics teaching lab and a general-purpose research lab should be of
priority for the graduate programs.
• Allocate a budget for graduate recruitment and advertising activities (see Section K below)
K. Strategic Plan/Initiatives
InfoSec Program— For the first few years, when the InfoSec program started, we had a full
time person who recruited for the program. This position was removed from the program in
2000.
In early 2000, our program was one of only few Master’s programs in Information Security in
the country. We had a sufficient recruiting budget, mostly through DoD grants, to recruit
students in few Information Security related conferences and workshops. We had more students
than we could teach, without sacrificing quality.
In the past few years, recruiting budget was cut to a minimum, so we could only recruit in at
most one or two conferences each year. Many universities are now offering Master’s programs in
InfoSec, some of which are Internet based. So, we have stiff competition from many universities,
some with a large recruiting budget (we often hear about University of Maryland University
College, Capella, and many others on TV and the radio). Many of the students admitted to our
InfoSec program delayed their education due to the economic downturn, as was mentioned in the
previous sections. This has resulted in having 9 students in our latest cohort, started spring
semester, 2012. We believe we need to have around 20 students in a course, to get a good
discussion going on the subjects discussed.
Most recently, our department head has been trying to get an increased recruiting budget for both
graduate programs. We use our budget most efficiently, so almost all the recruiting efforts
mention both programs. Most of the recruiting efforts mentioned in the next section, also include
a pitch for the InfoSec program.
Digital Forensics Program—The primary goal for the Digital Forensics Program is to increase
enrollment to the point that section sizes are at capacity. This should be achieved with around 20
students enrolling in the program every year. To achieve this goal, we have started to undertake
the following initiatives:
•
Advertising and recruitment. After the curriculum and new program was approved in the
Spring of 2011, the Forensic Program Committee concentrated its efforts on advertising
the new program. For this purpose, the committee, with assistance from CISAT Creative
Services, created a flyer for the new program that can be printed as a poster or letter as
Computer Science Graduate Programs Self-Study Report 2012
66
well as disseminated via e-mail. The flyer was widely distributed (with an accompanying
letter or e-mail text) as follows:
o GRE students: we purchased a list of contact information for people who had
recently taken the GRE from ETS. The list was composed of U.S. as well as
international residents who had indicated that they are interested in pursuing a
Master’s degree in Computer Science in the Mid-Atlantic region. We sent letters
and flyers to all the potential students within the U.S. and e-mails to all
international prospects.
o Virginia schools: we contacted all the Computer Science departments in the state
of Virginia and sent a letter accompanying the flyer which explained the new
program and asked to disseminate the information to their undergraduate students.
o Direct contacts: within the CS department we assembled a list of people who we
know directly and are teaching Computer Science to undergraduates. We sent
them letters and flyers asking to make their students aware of the opportunities
with our new program (including the SFS scholarship, see below).
o Centers of Academic Excellence in Information Assurance: The NSA contact
person for the CAEs agreed to forward an e-mail (which included the flyer as an
attachment) to all the individual institutions’ contacts.
In addition to the above, we also made announcements to our own undergraduate
students, informing them about our graduate program as well as the combined BS/MS 5year program.
Another opportunity for recruitment is through JMU’s agreement with Study Group.
Study Group is an international placement/recruiting company, whose International Study
Center is located on the JMU campus. Study Group provides specialized language
training and academic preparation programs and recruits students for the purpose of
enrolling them at universities in the U.S. The JMU Graduate School has an agreement
with Study Group that students who successfully complete their language program are
waived the TOEFL requirements. Furthermore, departments can make a conditional
admissions decision before the students enroll in the language program, and the students
can defer taking the GRE until after its completion. Thus far, we have had a couple of
applications through Study Group, and one student has been conditionally admitted to the
Digital Forensics program.
We are seeking to expand our efforts in advertising and recruiting, but can use some
advice on how to do so efficiently. Possible things the committee discussed were to
extend the advertising to CS departments from just those in Virginia to a certain mile
radius from our location so that schools in MD, WV, and NC would be included. Also,
giving forensics talks to undergraduates at regional universities, coupled with a short
recruiting pitch is being considered. These efforts cannot be done without a dedicated
budget, though.
•
Increasing scholarship funding. The Computer Science Department has six graduate
assistantship positions available: three for in-state tuition and three for out-of-state
tuition. Thus, every year we can offer three assistantships to students. Students have their
tuition paid and receive a stipend. While the stipend amount ($8826.83 per academic
year) is above what JMU pays their GAs on average, compared to other Computer
Computer Science Graduate Programs Self-Study Report 2012
67
•
Science graduate programs in the nation it is a rather small amount. Furthermore, being
only able to offer three assistantships every year has in the past resulted in students who
were interested in our graduate program to not attend, because no funding was available
for them.
As a first step in making more funding available for supporting students, we applied for
the National Science Foundation’s Scholarship for Service: Cyber Service program. Our
grant proposal was accepted and funded, and we have committed support for five fullride, two-year scholarships for students starting in the Fall 2012 semester and for six
students starting in the Fall 2013 semester. There is projected continuation funding
budgeted for supporting eight more students starting in the Fall 2014 semester.
Establish new partnerships. To establish our program as one of the premier institutions in
the country, we are looking to establish partnerships with government and industry
leaders in the field. This will raise awareness for both prospective students for our
program as well as for prospective employers of our graduates. Furthermore, such
partnerships can lead to internship opportunities for our students, and to potential
research collaborations. In the fall of 2011 we entered into an Education Partnership
Agreement with the U.S. Department of Defense’s Defense Cyber Crime Center (DC3).
This agreement makes it easier to exchange information and data for potential research
collaborations and it offers our students an opportunity to conduct research in digital
forensics while being mentored by a researcher or forensic expert that is working at DC3.
A secondary goal for the program is to implement the long-term curriculum goals. As mentioned
above, there is a need for additional faculty expertise in the area of digital forensics to achieve
this goal. To work toward this goal, we have applied for capacity building grants in the past to
obtain funding for our existing faculty to educate themselves about the field of digital forensics.
Thus far, these efforts have not yielded any results, but we continue to explore these
opportunities.
L. Potential Areas for Additional Review/Consulting
Recruitment and program visibility—The advertising and recruitment initiative we have
started for the Digital Forensics Program in the fall of 2011 has thus far not resulted in a
significant increase in applications or number of admitted students to the program. Furthermore,
there is capacity for the InfoSec program to grow so that around 20 students will actually
graduate every year. For this purpose, around 30 students starting in the prep courses and first
semester courses would be ideal.
Thus, the graduate program committees can use some guidance on how to advertise the
respective programs (which have very different target audiences), increase their visibility on a
national and regional level, and generally how to get the word out about scholarship
opportunities such as the SFS scholarship or available GA positions.
Financial support for students—The CS department has six GA positions available, which
allows us to offer three positions every year to new students. The stipend amount is
comparatively low ($8,826.83 per academic year) compared to other Computer Science graduate
programs in the nation. When looking at JMU, the stipend amount is actually higher than what
other departments pay. This is because the department used to hold seven GA positions, but one
position was sacrificed to increase the stipend amount for the other six. Being able to offer only
three students financial support (scholarships notwithstanding – there is no guaranteed long-term
Computer Science Graduate Programs Self-Study Report 2012
68
funding) limits the ability to grow the program. Also, the low stipend amount makes JMU
unattractive compared to other institutions. Thus, high-quality students may choose to enroll
elsewhere, regardless of how well our curriculum may match their interests.
Thus, we are looking to increase long-term funding for GA positions. An immediate step could
be to attempt to re-claim the seventh position the department used to hold and try to stock up the
stipend money through other means (such as endowments). The graduate committee would
appreciate any specific ideas or guidance in this area, as well.
Computer Science Graduate Programs Self-Study Report 2012
69
IV. Documentation
Appendix 1: Program Requirements and Curriculum Design
Concentration in Information Security
This concentration is offered in a remote, electronic distance-learning format that, while
satisfying all requirements for the Master of Science program, is especially appropriate for
people with professional interests in information security. Further information can be obtained
from the InfoSec Web site. The distance-learning courses are available only to students in the
information security concentration, who will pay a different tuition rate than students taking
traditional courses at the university.
Students completing this concentration will also receive two NSA approved certificates:
Information Systems Security (INFOSEC) Professionals (NSTISSI No. 4011) and Information
Systems Security Officers (CNSSI No. 4014).
Information Security Concentration Requirements
Minimum Requirements
Credit Hours
CS 523. Ethics, Law and Policy in Cyberspace
3
CS 550. Operating Systems
3
CS 555. Secure Software Engineering
3
CS 560. Networks and Network Security
3
CS 621. Software Assurance
3
CS 625. Secure Operations
3
CS 627. Cryptography: Algorithms and Applications
3
CS 652. Formal Methods for Information Security
3
CS 660. Advanced Network Security
3
Total
27
Thesis Route
Credit Hours
CS 700. Thesis
6
Total
33
Non-Thesis Route
Credit Hours
CS 633. Computer Forensics
3
CS 675. Distributed Computing and Security
3
or CS 685. Selected Topics
3
Total
Computer Science Graduate Programs Self-Study Report 2012
33
70
Preparatory Courses
Depending on undergraduate background and work experience, students may be required to take
one or more of the following preparatory courses. These courses do not satisfy degree
requirements for the Information Security concentration.
Courses
Credit Hours
CS 510. Object Oriented Programming
3
CS 511. Computer Organization
3
CS 512. Data Structures
3
CS 515. Foundations of Computer Science
3
Certificate Courses
Eligible students may take certificate courses CS 502 – CS 506 to receive specific security
certificates.
Concentration in Digital Forensics
The digital forensics concentration combines core computer science concepts with an in-depth,
technical study of digital forensics. The curriculum is highly system-oriented, where students
gain deep insights into how operating systems, networks and computer programs function and
how those systems relate to forensics and security in general. Coupled with these technical
computer science topics, a core digital forensics component addresses the forensic process,
relevant laws and analysis techniques, as well as report writing. Students with exceptional
undergraduate preparation may choose electives in place of selected required courses with prior
approval of the concentration director. For electives, students may also choose independent
studies, reading and research courses, or special courses offered by faculty on topics of interest.
Students completing this concentration will also receive the Information Systems Security
(INFOSEC) Professionals certificate (NSTISSI No. 4011).
This concentration is available on campus only. Additional information can be found at
http://cs.jmu.edu/forensics/index.html.
Digital Forensics Concentration Requirements
Minimum Requirements
Credit Hours
CS 530. Programming Languages
3
CS 550. Operating Systems
3
CS 552. Applied Complexity Theory
3
CS 557. Information Security
3
CS 610. Networking and Security
3
CS 630. Compiler Theory and Implementation
3
Computer Science Graduate Programs Self-Study Report 2012
71
CS 633. Computer Forensics
3
CS 635. Secure Network Operations
3
CS 640. Malware Analysis
3
Approved elective
3
Total
30
Thesis Route
Credit Hours
CS 700. Thesis
6
Total
36
Non-Thesis Route
Credit Hours
Approved electives
6
Total
36
Five-Year Concentration in Digital Forensics
This concentration allows students to complete both a bachelor's degree and a master's degree in
computer science in five years by combining the first year of graduate studies with the senior
year of undergraduate studies. The curriculum requires 30 credit hours of graduate courses, of
which 21 hours are required courses and nine hours are electives or thesis credit. Substitutions
for required courses may be made with permission of the concentration coordinator. Additional
information can be found at http://cs.jmu.edu/forensics/index.html.
Students completing this concentration will also receive the Information Systems Security
(INFOSEC) Professionals certificate (NSTISSI No. 4011).
Admission requirements include nine undergraduate CS courses that are normally taken by CS
undergraduate majors and that may also be taken by JMU undergraduates who minor in CS, as
an extension of regular minor requirements. Applicants must also be on track to have completed
at least 99 hours of credit by the end of the junior year. Course selection for the junior-senior
years should be done in consultation with the concentration coordinator.
In comparison to the traditional concentration in digital forensics, this concentration requires the
same 600-level courses, and all but two of the same 500-level courses (completion of an
undergraduate version of CS 530 is required as a condition of admission).
Five-Year Digital Forensics Concentration Requirements
Minimum Requirements
Credit Hours
CS 550. Operating Systems
3
CS 557. Information Security
3
Computer Science Graduate Programs Self-Study Report 2012
72
CS 610. Networking and Security
3
CS 630. Compiler Theory and Implementation
3
CS 633. Computer Forensics
3
CS 635. Secure Network Operations
3
CS 640. Malware Analysis
3
Approved elective
3
Total
24
Thesis Route
Credit Hours
CS 700. Thesis
6
Total
30
Non-Thesis Route
Credit Hours
Approved electives
6
Total
30
These undergraduate courses are required for admission to this concentration:
CS 227/228. Discrete Structures I and II
CS 239. Advanced Computer Programming
CS 240. Algorithms and Data Structures
CS 345. Software Engineering
CS 350. Computer Organization
CS 430. Programming Languages
CS 450. Operating Systems
The department strongly encourages that this undergraduate course should be taken by
undergraduates intending to apply for this concentration: CS 452. Analysis of Algorithm
This undergraduate course should not be taken by undergraduates intending to apply for this
concentration: CS 457. Information Security
Course Descriptions
CS 501. Workshop in Computer Science. 1-3 credits. Designed to provide workshop
experience in a variety of computing areas. Does not satisfy graduation requirements for the
Master of Science degree in computer science. Prerequisite: Permission of the concentration
coordinator.
CS 502. Introduction to Information System Security. 3 credits. This course provides an
introduction to the design and management of operating systems and networks, focusing on those
aspects that affect information security. It provides students with the skill or ability to design,
execute and evaluation information system security procedures and practices. This course does
Computer Science Graduate Programs Self-Study Report 2012
73
not satisfy any requirements for the Master of Science degree in computer science. Prerequisite:
Approval of instructor.
CS 503. Information Systems Security Management. 1 credit. An advanced study of the basic
material needed to manage an information system. Topics covered include granting final
approval to operate, accreditation of the system, and verifying compliance with stated policies
and procedures. This course does not satisfy any requirements for the Master of Science degree
in computer science. Prerequisite: CS 502, CS 560 or CS 610.
CS 504. Information System Security Administration. 1 credit. An advanced course to
prepare a student to ensure information systems and networks are used securely; to identify and
report security incidents; to maintain configuration control of systems and software; and to
identify anomalies or integrity loopholes. This course does not satisfy any requirements for the
Master of Science degree in computer science. Prerequisite: CS 502, CS 560 or CS 610.
CS 505. Information System Security Operations. 1 credit. This course covers the basic
knowledge needed by information system security officers to protect their information systems.
Topics covered include certification, accreditation, site security policy, security policy
enforcement and security reporting. This course does not satisfy any requirements for the Master
of Science degree in computer science. Prerequisite: CS 502, CS 560 or CS 610.
CS 506. Assessment of Secure Information Systems. 1 credit. This course considers the
assessment of the technical and non-technical security features of an information system in an
operational configuration. Upon completion of the course, students should be able to identify the
assurance levels achieved in meeting all applicable security policies, standards and requirements.
This course does not satisfy any requirements for the Master of Science degree in computer
science. Prerequisite: CS 502, CS 560 or CS 610.
CS 510. Object Oriented Programming. 3 credits. Fundamental programming techniques,
including basic data types, control structures, algorithm development, procedures, arrays, and the
definition of abstract data types. Does not satisfy graduation requirements for the Master of
Science degree in computer science.
CS 511. Computer Organization. 3 credits. The study of the organization of computer systems,
including a brief study of number systems and digital circuits. Also covers basic components of
computer systems such as main memory, CPU, I/O and their interconnection mechanisms. Does
not satisfy graduation requirements for the Master of Science degree in computer science.
CS 512. Data Structures. 3 credits. This course covers commonly used data structures including
stacks, queues and lists using both static and dynamic memory allocations and including
elementary performance analysis of these data structures. Does not satisfy graduation
requirements for the Master of Science degree in computer science. Prerequisite: CS 510 or
equivalent.
CS 515. Foundations of Computer Science. 3 credits. Survey of fundamental computer science
concepts such as iteration, recursion, induction, analysis of algorithms, combinations and
probability, data structures, automata theory and regular expressions, context-free grammars and
parsing, and propositional and predicate logic. This course does not satisfy graduation
requirements for the program.
Computer Science Graduate Programs Self-Study Report 2012
74
CS 523. Ethics, Law and Policy in Cyberspace. 3 credits. Study of ethical issues, legal
resources and recourses, and policy implications inherent in our evolving online society.
Provides an overview of the ethical challenges faced by individuals and organizations in the
information age. Introduces the complex and dynamic state of the law as it applies to behavior in
cyberspace. Prerequisite: CS 550.
CS 530. Programming Languages. 3 credits. Study of the fundamental principles of
programming language design and their realization in actual programming languages. Examines
programming languages from the procedural, object-oriented, and functional and declarative
paradigms. Introduces basic concepts of grammars and parsing. Prerequisites: CS 240 and CS
350, or CS 511 and CS 512, or equivalent.
CS 547. Interaction Design. 3 credits. Processes, principles, tools, models, and techniques for
designing interactions between humans and digital products and systems. Students will learn
through directed reading, design exercises, heuristic design evaluations, and empirical studies of
designs.
CS 550. Operating Systems. 3 credits. Concepts and principles of multiple-user operating
systems. Memory, CPU, I/O device allocation, scheduling and security. Memory hierarchies,
performance evaluation, analytic models, simulation, concurrent programming and parallel
processors. Completion of a student project is a significant part of the course. Prerequisite: CS
350, CS 511 or equivalent.
CS 552. Applied Complexity Theory. 3 credits. Algorithms (sorting and searching, graph
theory, arithmetic) with space and time complexity and analyses; formal models of computation;
theoretical aspects of computational complexity, including complexity measures and hierarchies,
intractable problems, and the P=NP question. Other topics in theoretical computer science with
applications. Prerequisite: CS 240, CS 512 or equivalent.
CS 555. Secure Software Engineering. 3 credits. An overview of methodologies, tools and
techniques for producing secure software systems. Students will cooperatively develop a secure
software product. The course will also provide an introduction to professional resources and
ethical issues for software developers. Prerequisite: CS 240, CS 512 or equivalent.
CS 557. Information Security. 3 credits. Fundamental concepts of information security
including identification and authentication, access control, security models, security kernels, and
Windows and Unix security. Discussions will cover the historical development of information
security, cryptology, PKI key management, application-level security issues and security
evaluation. Prerequisite: CS 550.
CS 560. Networks and Network Security. 3 credits. Fundamental concepts, principles, and
practical networking and internetworking issues relevant to the design, analysis and
implementation of enterprise-level trusted networked information systems. Topics include
networking and security architectures, techniques and protocols at the various layers of the
Internet model. Prerequisite: CS 550.
CS 574. Database Systems. 3 credits. Types of physical storage and access methods; data
models; relational algebra and calculus, data definition and query languages; dependencies,
decomposition and normalization; database design; recovery; consistency and concurrency;
distributed databases. Examples from commercial databases. Prerequisite: CS 350, CS 511 or
equivalent.
Computer Science Graduate Programs Self-Study Report 2012
75
CS 585. Selected Topics I. 3 credits. Study of selected topics not otherwise covered in the
regular offerings of the department. May be repeated for credit when course content changes.
CS 588. Introduction to Computer Graphics. 3 credits. Problems, objectives and study of
computer graphics to include hardware, software and applications. Graphics, data structures and
languages. Vectors, curves and character generation. Interactive display devices. Construction of
hierarchical image lists. Surface representations. Discussion of problems of current
interest. Prerequisites: CS 510 and knowledge of calculus.
CS 610. Networking and Security. 3 credits. Fundamental concepts, principles, and practical
networking and internetworking issues relevant to the design, analysis and implementation of
enterprise-level trusted networked information systems. Topics include networking and security
architectures, techniques and protocols at the various layers of the Internet
model. Prerequisite: CS 550.
CS 620. Introduction to Information Security. 3 credits. Provides the manager with a broad
overview of the threats to the security of information systems, the responsibilities and basic tools
for information security and for the areas of training and emphasis needed in organizations to
reach and maintain a state of acceptable security. The course provides an introduction to the
language of information security and provides an overview of hardware, software and firmware
components of an information security system, as well as their integration into an organization's
information system operations for policy makers. The object of this course is to enable managers
to make more informed policy and procedural evaluations in the information security area.
CS 621. Software Assurance. 3 credits. This course investigates the engineering of robust
security solutions. We study security problem definition and modeling, policy-to-code modeling,
security factoring of software source code, model-based vulnerability analysis, and how security
solutions are related to security problems through an assurance argument. Prerequisites: CS
555 and CS 652.
CS 625. Secure Operations. 3 credits. This course covers the principles of secure composition
of heterogeneous security components such as servers, firewalls, workstations and intrusion
detection systems. It also covers principles and practice related to secure operation of existing
distributed systems. Principles of penetration testing for assessment of system security are also
addressed. Prerequisites: CS 627 and CS 660.
CS 627. Cryptography: Algorithms and Applications. 3 credits. Cryptographic techniques to
achieve confidentiality, integrity, authentication and non-repudiation are examined. The
underlying mathematical concepts are introduced. Topics to be covered include symmetric and
public key encryption, hashing, digital signatures, cryptographic protocols and other recent
developments in the field. Prerequisite: CS 252, MATH 227 or CS 515.
CS 630. Compiler Theory and Implementation. 3 credits. This course teaches an introduction
to the theory of grammars and the mathematical foundations of compilers along with the
practical considerations for developing them. The course covers practical aspects of all phases of
the compilation process including lexical analysis, parsing, code generation, and code
optimization. Students develop a compiler for a small grammar using the appropriate techniques.
CS 633. Computer Forensics. 3 credits. This course teaches how to perform computer crime
investigations. The course covers the recovery and analysis of digital evidence, addressing legal
Computer Science Graduate Programs Self-Study Report 2012
76
and technical issues. Forensic examination of Windows and Unix systems are used to illustrate
typical investigative processes. Prerequisite: CS 560, CS 610 or equivalent.
CS 634. Natural Language Processing. 3 credits. Implementation of computer-based, natural
language understanding systems; natural language syntax and processing knowledge
representation, natural languages generation. Prerequisite: CS 555.
CS 635. Secure Network Operations. 3 credits. Standard network security techniques for
monitoring and maintaining an organization's internal and external networks. Students will learn
how to detect network-based attacks, diagnose an attacker's intent, and respond to and recover
from intrusions. Prerequisite: CS 610.
CS 640. Malware Analysis. 3 credits. This course deals with the classification, identification,
and forensic analysis of malicious code found on computing systems or transmitted via digital
networks. Topics will include types and classification of malware, a review of assembly
programming and shell code exploits, reverse engineering techniques, dynamic and static code
analysis, as well as techniques to identify and capture malicious code.
CS 644. Artificial Intelligence. 3 credits. Application of heuristics to problem solving;
perception and pattern recognition; search methods, production systems and knowledge
representation; applications to expert systems, automatic programming and natural language
processing. Prerequisite: CS 240 or CS 512.
CS 649. Operating Systems II. 3 credits. A study of various topics in operating systems such as
distributed file systems, security, architectural support for operating systems, performance
measurement, recovery management and real-time systems. Prerequisite: CS 550.
CS 650. Computer Networks. 3 credits. The Open Systems Interface reference model. Network
hardware, topologies and routing algorithms, reliability and security, application programs.
Examples of various networks and protocols such as Ethernet, TCP/IP, NFS and
USENET. Prerequisite: CS 550.
CS 652. Formal Methods for Information Security. 3 credits. A formal specification language
is presented with case studies, proofs and the formal specification of software components.
Additional topics may include formal security policy modeling, seminal formal systems, firstorder logic, set theory, relations, functions, sequences, bags, free types, formal and rigorous
proof, immanent reasoning, reification, decomposition, and Floyd-Hoare logic.
CS 655. Programming Languages II. 3 credits. A study of various topics in programming
languages such as proof techniques, formal specification of syntax and semantics, operational,
denotational and axiomatic semantics. Prerequisite: CS 555.
CS 660. Advanced Network Security. 3 credits. This is a project-based course. Students will
learn advanced network security concepts, conduct information security research and apply what
they have learned throughout the information security master's program to better secure critical
information infrastructure.
CS 665. Software Requirements and Design. 3 credits. Study of the state of the art in software
requirements engineering and design. Topics include techniques for system specification and
verification, security models, software analysis and design methods and techniques, software
architectures, and design patterns. Prerequisite: CS 555.
Computer Science Graduate Programs Self-Study Report 2012
77
CS 666. Software Construction and Testing. 3 credits. Study of the state of the art in software
construction and testing. Topics include tools, techniques, and practices for software production,
testing, verification, validation, and evaluation. Prerequisite: CS 555.
CS 674. Database Systems II. 3 credits. Continuation of CS 574. Prerequisite: CS 574.
CS 675. Distributed Computing and Security. 3 credits. Covers theoretical and applied aspects
of security and privacy needed for middleware and service-ware to offer reasonable assurance
for modern distributed systems. Topics include distributed systems architectures, technologies
and management; distributed system design, security and privacy issues; and applications such as
Web services and mobile commerce. Prerequisite: CS 560.
CS 676. Distributed Databases. 3 credits. Distributed databases and networks, levels of
distribution, transparency, fragments and their allocation, distributed queries, optimization, and
concurrency. Prerequisite: CS 574.
CS 680. Reading and Research. 3 credits. Opportunity for supervised reading and research in
areas of special interest to the student. Reading and research may be done only in the major field
of study.
CS 685. Selected Topics II. 3 credits. An in-depth study of selected topics not otherwise
covered in the regular offerings of the department. May be repeated for credit when course
content changes.
CS 690. Practicum. 3 credits. Provides a variety of supervised project, laboratory, leadership
and instructional experiences. This course is graded on a satisfactory/unsatisfactory (S/U) basis.
May be repeated for credit, but no more than six hours can be counted toward a degree
program. Prerequisites: Consent of instructor and program coordinator.
CS 698. Comprehensive Continuance. 1 credit. Continued preparation in anticipation of the
comprehensive examination. Course may be repeated as needed.
CS 699. Thesis Continuance. 1 credit. Continued study, research and writing in the area of
thesis concentration. Course may be repeated as needed.
CS 700. Thesis Research. 2-3 credits. This course is graded on a
satisfactory/unsatisfactory/incomplete (S/U/I) basis.
Computer Science Graduate Programs Self-Study Report 2012
78
Appendix 2: Alumni Surveys
The InfoSec program contacts our alumni at least once a year and asks students for their help in
recruiting students for our program. We also occasionally ask them for updates on the new
positions they hold. We update our partial Alumni list on our website based on the new
information we receive. This list is presented in Section D of this report. As mentioned earlier,
our alumni are holding very impressive positions in government and industry, an indication of
the quality of the education they receive from our program. Our graduates are in high demand
and we have not had any graduate who is not employed so far.
We have not done a survey with detailed informational survey for assessment purposes yet. We
are designing surveys to help us with assessment. We are planning to use this survey starting
next year. This should help us assess our program in a more quantitative manner. This will also
help our assessment in our annual progress report.
The Digital Forensics program will not have any alumni until after the 2012-2013 academic year.
The Forensic Program Committee will create an alumni survey that will be administered to
alumni after one year of their graduation (and further time intervals yet to be determined). The
survey will ask about placement statistics, satisfaction with the program, and emerging skills and
needs in the discipline.
Computer Science Graduate Programs Self-Study Report 2012
79
Appendix 3: Number of Declared Majors and Minors—A Four Year Retrospective
2008-09
2009-10
2010-11
2011-12
Master’s Enrollment On Campus
22
25
24
19*
Master’s Enrollment Online
56
50
56
41
* 12 completing SSE + 7 starting Forensics
Appendix 4: Service Role of the Academic Unit—A Four Year Retrospective
Masters Enrollment On Campus
Faculty
Student:Faculty Ratio
On Campus Independent Studies
On Campus Thesis Sections
Masters Enrollment Online
Faculty
Student:Faculty Ratio
Online Independent Studies
Online Thesis Sections
2008-09
22
16
5.5
7
5
56
18*
11.5
1
13
2009-10
25
16
7.2
8
4
50
18*
12.5
1
5
2010-11
24
16
6.3
6
2
56
18*
13.8
1
2
2011-12
12 + 7
16
8.5
8
2
41
18**
10.2
4
8
Notes:
• The faculty count is the number of Graduate Faculty members listed in the graduate
catalog.
• Two additional individuals are listed as “Adjunct Faculty” and are factored in as
explained below.
• The Student:Faculty ratio is calculated as the average number of students enrolled in each
section.
• The number of independent studies and thesis sections are the total number of sections
for CS 680 and CS 690 (independent studies) and CS 699 and CS 700 (theses) for each
academic year.
* includes 4 adjuncts, each teaching 1 course
** includes 5 adjuncts, each teaching 1 course
Computer Science Graduate Programs Self-Study Report 2012
80
Appendix 5: Academic Unit Budget Information—A Five Year Retrospective
2007-08
Personnel Services Budget
2008-09
2009-10
2010-11
2011-12
2,105,332 2,126,288 1,921,423 1,929,777 2,006,181
Non-Personnel Services Budget
79,067
87,120
61,316
58,974
79,003
Appendix 6: External Support and Sponsored Research
Provided in a Separate Document
Appendix 7: Faculty Vitae
Provided in a Separate Document
Computer Science Graduate Programs Self-Study Report 2012
81
Appendix 8: Equipment and Facilities
Facilities
The Computer Science Department is located on the east side of JMU's campus, on the second
floor of the CS-ISAT Building. The building was completed in 1996; the east side of the campus
(which consists of a group of modern, sand-colored buildings) will be completed shortly. Since
the east side of campus is on a hill, we have a beautiful view of the historic side of campus (and
it's bluestone buildings with red tile roofs).
Most of our courses are offered in the CS-ISAT Building with a few offered in the connected
HHS Building. The Department's Windows and Linux labs and the Department's networking lab
are all nearby.
Computer Forensics Lab
This lab (located in Room 231) is equipped with dual-boot Linux/Windows workstations, which
lets computer science students conduct forensic analyses of computer incidents, disk and
memory images, mobile phones, as well as malware binaries. The lab contains a variety of
workstations configured with open-source and commercial computer forensics software and
facilities to secure, store, and share digital evidence. Furthermore, the lab is equipped with
special hardware to analyze mobile devices and a number of computers that can be isolated from
the rest of the campus network and freely configured so that malicious code that is being
investigated can be contained.
Computer Science Program Development Lab
This lab (located in Room 248) is integral to the introductory programming classes as well as
supporting a number of the advanced Computer Science classes. This lab has 30 student
workstations grouped in pairs which allow for individual or pair programming. These
workstations run the RedHat Linux operating system. In addition to the student machines, there
is a dedicated teacher workstation connected to a projection system for demonstrations and other
classroom activities. The software contained on machines in this lab include general tools such
as Open Office and the Firefox web browser as well as several integrated development
environments(IDEs) such as Eclipse, Kate, and JGrasp which are used by students to develop
computer applications. The machines also run Visual Paradigm, a software development tool
used in a number of upper division CS courses. Students are provided with RedHat Linux to use
on their own personal computers so that they can duplicate the lab environment for work outside
of class.
From this lab, students may access network file storage that enables them to save the work that
they have done in the lab and access it from both on and off campus.
This lab is used by the two introductory courses (CS139 and CS239) on a regular basis with 2 lab
periods each week in addition to the 2 lecture days. All day Sunday and most evenings during the
week, the lab is staffed by teaching assistants who provide support to students working on their
labs and programming projects outside of class. Upper division classes, such as CS347 and
CS474 often use the lab for exercises to supplement the lecture content of the course.
Computer Science Graduate Programs Self-Study Report 2012
82
Computer Science Software Engineering Lab
The Software Engineering Lab, located in Room 250, is equipped with about 30 workstations,
whiteboards, a projector, and other hardware for use by students interested in programming and
software engineering. Out-of-class it is used by students working on programming assignments,
projects, and research. In-class it is used for lectures/presentations, directed exercises and
experiments, and exams/assessments. The lab is configured to allow students to work alone, in
pairs (e.g., the so-called agile method known as pair programming), and in groups. The
workstations are equipped with a variety of specialized tools that support the activities of
programmers/software engineers at all levels, from beginning to advanced. This includes a
variety of integrated development environments (IDEs), programmers editors, unit testing tools,
unified modeling language (UML) tools, static analysis tools, debuggers, version control
systems, and graphical user interface (GUI) design tools. It also includes compilers for a wide
array of programming languages, libraries for scientific, engineering, and business applications,
and libraries for graphical and auditory processing.
The Software Engineering Lab is able to support the development of software for a wide variety
of platforms, including desktop/laptop computers, portable computers (e.g. iPads and netbooks),
smart phones, embedded devices, and robots. It is also able to support the development of a
variety of different kinds of technical documentation, including documents that requires
mathematical typesetting (e.g., TeX, MathML), multimedia, and hypermedia. For course-related
assignments, the lab is equipped with a custom electronic submission system.
Upper division classes, such as CS240 and CS430 often use the lab for exercises to supplement
the lecture content of the course. Since this lab is physically located next door to the
Programming Development Lab, teaching assistants staffing the Program Development Lab, can
also support to students working in the Software Engineering lab.
Computer Science Systems Development Lab
This lab (located in Room 143) is designed to support low-level exploration of computer network
and operating system environments. It is equipped with workstations capable of running a variety
of operating systems; students are provided with copies of Redhat Linux and Windows operating
for use in the lab or on their own computers. The lab is designed to facilitate individual or group
work; workstations can be used as stand-alone systems, clustered in small networks, or attached
to a server farm.
The lab is used to experiment with network and operating system configurations. It also is used
to experiment with network communications in a variety of network topologies. The lab is
equipped with a variety of network communications equipment. Computers in this lab can be
isolated from the rest of the campus network and freely configured without the possibility that
they compromise computer operations outside the lab. Virtual machine software allows
experimentation to occur using actual hardware or in a virtual environment.
Computer Science Laboratory Support
This facility (Room 142) supports various lab operations. Up to 100 servers can be installed in
server racks to support the requirements of the Computer Science department. Additional space
and workbenches are provided for preparing and maintaining computer equipment.
Computer Science Graduate Programs Self-Study Report 2012
83
High-Performance Computing Facility
The High-Performance Computing Facility at JMU has a variety of different systems. Most of
the facility's efforts in the area of vector processing involve Graphic Processing Units (GPUs).
The facility's "workhorses" are its four NVIDIA Tesla S1070 computing systems. An S1070
consists of 4 Tesla GPUs each of which has 240 cores (for a total of 960 cores). Each core
operates at about 1.4 GHz. Hence, each Tesla S1070 has a peak single precision floating point
performance of about 4 TFlops. The facility also has several multi-core/multi-processor
computing systems. The "workhorse" is a server with four quad-core Xeon CPUs and 128GB of
fast RAM and eight 150GB hard drives.
High-Resolution Visualization Facility
The High-Resolution Visualization and Animation Group consists of JMU students and faculty
in a wide variety of disciplines. What brings them together is an interest in and/or need for
visualization and animation systems with a resolution that is an order of magnitude greater than
that provided by traditional graphics workstation. The facility's "work horse" is a cluster of
graphic workstations. The 32 displays are tiled to create a single presentation surface with about
50 million pixels.
Computer Science Graduate Programs Self-Study Report 2012
84
Appendix 9: Summary of Assessment Data
The InfoSec program started to work with CARS on submitting an Assessment Progress
Template (APT) in 2011 for the 2010-2011 academic year. Thus, only one APT report exists for
the program, which is provided in a separate document.
The Digital Forensics program has yet to submit an Assessment Progress Template to CARS.
Appendix 10: Annual Reports
Provided in a Separate Document
Appendix 11: Course Syllabi
Provided in a Separate Document
Appendix 12: Reports Related to External Accreditation
The Computer Science Department is not externally accredited.
Computer Science Graduate Programs Self-Study Report 2012
85
Appendix 13: University Planning Database Information about Program
Objectives
Short Description
Objective
Critique and modify the
mission of the
undergraduate Computer
Science curriculum
During this process, an emphasis will be placed on a quality
Computer Science curriculum and careful consideration of the
impact on resources.
Explore and employ new
assessment strategies
Explore and employ new assessment strategies for both
Assessment Day and the Alumni surveys. Our assessment
considerations will emphasize the ability to use the gathered data
to analyze Computer Science education and experience.
Revitalize the CS onRevitalize the CS on-campus graduate program in the area of
campus graduate program. Forensics. In three years build enough foundation to determine
success. The area of Forensics is in high demand in both industry
and research. The major desired result of an emphasis change
from Secure Software Systems to Forensics is higher enrollment
in the graduate program.
Develop publicized
Publicized activities to pursue include a seminar series with
activities for discussion of industry, faculty and student participation, industry panel
Computer Science related discussions, and research presentations from students and faculty.
topics
Develop laboratory space
needs and equipment
needs plan
Develop a plan of lab space needs along with equipment needs to
deliver the CS curriculum and support student and faculty
research. By the end of the year, understand the use of our
current equipment and the longevity of it use.
Explore the development
of a non-major CS course
to increase accessibility to
STEM education.
Developing this course will enable students who may be
interested in majoring in CS or related fields the opportunity to
explore the major. Considering this course for the science
requirement in the IDLS major will also be explored.
Incorporate the role of
computing environmental
stewardship and
sustainability in the CS
curriculum
Computing relies on energy resources and incorporating the
material of power consumption of different processing platforms
into the CS curriculum will enhance the curriculum as well as
inform students of the impact of computing on the environment.
Also, incorporating issues related to conserving resources and
recycling based on computing activities into the CS curriculum
will enhance the awareness of students.
Computer Science Graduate Programs Self-Study Report 2012
86
Investigate synergies
The potential for collaboration between the STEM disciplines
between STEM disciplines and CS is high. The department's first step is to investigate
and CS
possible connections in curriculum and research. Both faculty
and students could benefit once connections are formed. The
measurable outcome of this year will be identifying possible
synergies.
Appendix 14: University Undergraduate and Graduate Catalogs
The most current catalogs for the respective programs can be found online at
http://www.jmu.edu/catalog/. Catalog versions from previous years can be obtained online at
http://www.jmu.edu/catalog/previous-catalogs.html.
The current undergraduate and graduate catalogs are also provided in a separate
document
Computer Science Graduate Programs Self-Study Report 2012
87
Fly UP