CYSE 587/SYST 687 & CYSE 787 is a course led by George Mason University’s (GMU) Cyber Security Engineering faculty. The course focuses on designing and engineering secure cyber-physical systems, with projects involving vulnerability assessments, security threat analysis, and defense strategies for complex systems like Supervisory Control and Data Acquisition (SCADA) or industrial control systems (ICS).

Students will also develop technical and professional skills through their project work.

CYSE 587 and SYST 687 students work in Teams.  CYSE 787 students design and develop their projects on their own.

Alexandre Barreto is an Associate Professor, Department of Cyber Security Engineering at George Mason University.

He has applied his significant experience as an air traffic and air defense infrastructure manager to a career specializing in the field of cybersecurity and networking, which in conjunction with his research on cyber impact assessment, has led to applications in cyber and transportation security, and decision support systems in defense and critical infrastructure areas. These topics are at the core of his classroom activities at both graduate and undergraduate levels, as well as his research path.

Barreto is a researcher in impact assessment and secure air transportation protocols and developed innovative applications and extensions that aid in the fight against cyber-warfare. He received his MS and PhD from Instituto Tecnológico de Aeronáutica in Brazil.

TrustPulse is a standalone, externally deployable governance and oversight engine designed to address the critical gap in operationalizing audit logs for small-to-medium healthcare organizations utilizing OpenEMR. While HIPAA mandates the recording and analysis of system activity, resource-constrained clinics often lack the structured workflows needed to translate raw telemetry into actionable security intelligence.

Integrating exclusively through approved read-only interfaces to ensure zero disruption to clinical workflows, TrustPulse utilizes a multi-layered analytical approach, combining  STRIDE-based threat modeling, DREAD risk scoring, and probabilistic Bayesian and Fuzzy Logic models to prioritize anomalous access patterns and detect potential insider threats.

By providing a “human-in-the-loop”; review interface and generating exportable, documented evidence of compliance, the system empowers privacy officials to maintain rigorous oversight and defensible governance without requiring extensive cybersecurity expertise or modification of the underlying electronic health record architecture.

The Emergency Access Trust and Assurance Layer (EATAL) is an external, read- only governance framework designed to oversee “break-glass” emergency overrides within OpenEMR-based Hospital Information Systems. While emergency overrides are essential for uninterrupted patient care in clinical settings, they shift the security burdenfrom preventive access controls to post hoc auditability, often leaving Protected Health Information (PHI) vulnerable to insider misuse.

EATAL addresses this accountability gap by ingesting raw audit telemetry and applying risk-informed scoring to the specific context of  each override, effectively differentiating legitimate emergency care from unauthorized data access. By utilizing threat propagation modeling and quantifiable success criteria, such as a 50% reduction in manual audit review volume, the system provides clinical and compliance officers with actionable intelligence and structured evidence packages.

Ultimately, EATAL enhances the trust boundary in healthcare environments by providing rigorous, non-blocking oversight that ensures regulatory compliance with HIPAA and NIST standards without disrupting critical medical workflows.

PatchEMR is an automated vulnerability management and decision-support pipeline designed to secure OpenEMR deployments without disrupting the 24/7 uptime requirements of clinical environments. Recognizing that unpatched systems remain a primary vector for healthcare data breaches and potential patient harm, PatchEMR operates as an external orchestration layer that continuously monitors security weaknesses.

The system automatically retrieves OpenEMR container images, performs deep component scanning with industry-standard tools like Trivy, and uses an AI threat broker to synthesize complex CVE data into actionable executive summaries for IT administrators. By integrating a Role-Based Access Control (RBAC) enforcer to manage deployments within Kubernetes clusters, PatchEMR facilitates a "no-downtime" patching strategy that upholds the integrity of the core Electronic Health Record (EHR) code.

Ultimately, the system bridges the gap between technical vulnerability disclosure and clinical operational safety, aiming for an 80% surface rate of known CVEs within 24 hours to ensure continuous protection of medical infrastructure and patient data.

EverWatch is a standalone, external cybersecurity governance tool designed to provide proactive oversight of OpenEMR-based Hospital Information Systems. While healthcare environments generate vast amounts of audit telemetry, compliance and security teams often struggle to transform these logs into actionable intelligence, leading to delayed detection of privacy violations and insider threats.

Operating strictly through approved read-only interfaces to ensure zero disruption to mission-critical clinical workflows,
EverWatch automatically correlates system activity to identify unusual access patterns, such as bulk record viewing or off-hours data access. By applying a risk-informed prioritization logic and a STRIDE-based threat analysis, the system produces executive- level dashboards and plain-language evidence summaries that support human-in-the- loop decision-making.

Ultimately, EverWatch strengthens the hospital's trust boundary and regulatory compliance posture by reducing manual audit-review time and providing
early-warning indicators of potential misuse without modifying the underlying EMR architecture.