1 An Application-Oriented Approach for Computer Security Education Xiao Qin Department of Computer Science and Software Engineering Auburn University Email:

Slides:



Advertisements
Similar presentations
CS 501: Software Engineering Fall 2000 Lecture 2 The Software Process.
Advertisements

Slide 01-1COMP 7370, Auburn University COMP 7370 Advanced Computer and Network Security Dr. Xiao Qin Auburn University
Team Software Project - Ebnenasir - Spring CS 3141: Team Software Project - Introduction Ali Ebnenasir Department of Computer Science Michigan Technological.
3/10/07ACM SIGCSE'071 SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation Wenliang (Kevin) Du Zhouxuan Teng & Ronghua Wang Department.
1 CS 501 Spring 2003 CS 501: Software Engineering Lecture 2 Software Processes.
The Education of a Software Engineer Mehdi Jazayeri Presented by Matthias Hauswirth.
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
IS 421 Information Systems Management James Nowotarski 16 September 2002.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Programming Languages Structure
Concordia University Department of Computer Science and Software Engineering Click to edit Master title style ADVANCED PROGRAMING PRACTICES Introduction.
Secure Coding Faculty Workshop, April 14-15, Orlando, FL 1 SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation Wenliang (Kevin)
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 8 Slide 1 Tools of Software Development l 2 types of tools used by software engineers:
SYSTEMS ANALYSIS. Chapter Five Systems Analysis Define systems analysis Describe the preliminary investigation, problem analysis, requirements analysis,
Section 01Resources1 HSQ - DATABASES & SQL 01 Resources And Franchise Colleges Name :MANSHA NAWAZ room :G 0/32
Annual SERC Research Review - Student Presentation, October 5-6, Extending Model Based System Engineering to Utilize 3D Virtual Environments Peter.
CASE Tools And Their Effect On Software Quality Peter Geddis – pxg07u.
Issues in Teaching Software Engineering Virendra C. Bhavsar Professor and Director, Advanced Computational Research Laboratory Faculty of Computer Science.
Lecture 1: Welcome Computer Architecture Kai Bu
CS 21a: Intro to Computing I Department of Information Systems and Computer Science Ateneo de Manila University.
Systems Analysis – Analyzing Requirements.  Analyzing requirement stage identifies user information needs and new systems requirements  IS dev team.
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
Course Overview Sarah Diesburg  Bobby Roy COP 5641 / CIS 4930.
EECE 310 Software Engineering Lecture 0: Course Orientation.
SOME IMPORTANT FACTORS IN TEACHING SOFTWARE ENGINEERING COURSES Presenter: Jingzhou Li Depart of ECE, University of Calgary,
Introduction to Network Security J. H. Wang Feb. 24, 2011.
1 General Introduction CPRE 416-Software Evolution and Maintenance-Lecture 1.
Object Oriented Programming (OOP) Design Lecture 1 : Course Overview Bong-Soo Sohn Assistant Professor School of Computer Science and Engineering Chung-Ang.
Athena, a large scale programming lab support tool Anton Jansen, Ph.D. Student Software Engineering and ARCHitecture (SEARCH) University of Groningen The.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
COMP 3438 System Programming
Course Overview Ted Baker  Andy Wang COP 5641 / CIS 4930.
WXGE 6103 Digital Image Processing Semester 2, Session 2013/2014.
Teaching an Object-Oriented Software Development Lifecycle in Undergraduate Software Engineering Education February 27, 2002 Professor Brian Blake Georgetown.
Electrical and Computer Engineering Senior Design John Peeples, Ph. D., P.E. Professor and Department Head.
Introduction to Computer Administration Course Supervisor: Muhammad Saeed.
Copyright 2002 Prentice-Hall, Inc. Chapter 2 Object-Oriented Analysis and Design Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey.
SimArch: Work in Progress Multimedia Teaching Tool Faculty of Electronic Engineering University of Nis Serbia.
Object-Oriented Analysis and Design Fall 2009.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
Course Overview Ted Baker  Andy Wang COP 5641 / CIS 4930.
Object Oriented Programming (OOP) Design Lecture 1 : Course Overview Bong-Soo Sohn Associate Professor School of Computer Science and Engineering Chung-Ang.
Using lab based projects for teaching & learning problem solving skills in large first year classes Manjula Sharma, John O'Byrne, Ian Cooper School of.
KATHOLIEKE UNIVERSITEIT LEUVEN 1.NET Curriculum Workshop Teaching Software Security: Case Studies on the.NET Framework Frank Piessens and Wouter Joosen.
Design Through Curriculum on Embedded Systems Team:Aisha Grieme, Jeff Melvin, Dane Seaberg Advisors: Dr. Tyagi and Jason Boyd Client: Dept. of Electrical.
CSC 395 – Software Engineering Lecture 14: Object-Oriented Analysis –or– Ripping the Band-Aid Off Quickly.
 What are CASE Tools ?  Rational ROSE  Microsoft Project  Rational ROSE VS MS Project  Virtual Communication  The appropriate choice for ALL Projects.
1 CS 501 Spring 2004 CS 501: Software Engineering Lecture 2 Software Processes.
IST 210: Organization of Data
OSes: 0. Prelim 1 Operating Systems v Objectives –to give some background on this subject Certificate Program in Software Development CSE-TC and CSIM,
Susanne Hambrusch (CS) and colleagues in CS and Physics 1 RET experience in “Science Education in Computational Thinking”
 Course Overview Distributed Systems IT332. Course Description  The course introduces the main principles underlying distributed systems: processes,
CS-112 Object Oriented Concepts Course Syllabus. Outline  Instructor and Prerequisites  What this course is  Learning outcomes  Degree program outcomes.
Compiler Construction (CS-636)
Introduction to Information Security J. H. Wang Sep. 18, 2012.
Course Overview Mark Stanovich COP 5641 / CIS 4930.
 Programming - the process of creating computer programs.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 4 Slide 1 Software Processes.
Course Overview Ted Baker  Andy Wang COP 5641 / CIS 4930.
Object-Oriented and Classical Software Engineering Seventh Edition, WCB/McGraw-Hill, 2010 Stephen R. Schach
Spring 2008 Mark Fontenot CSE 1341 – Honors Principles of Computer Science I Note Set 1 1.
OBJECT ORIENTED VS STRUCTURED WHICH ONE IS YOUR CHOICE.
Advanced Software Engineering Dr. Cheng
Advanced Programing practices
Introduction to Eclipse
Unified Modeling Language
Xiaohong (Dorothy) Yuan North Carolina A&T State University 11/16/2017
EECE 310 Software Engineering
Advanced Programing practices
Presentation transcript:

1 An Application-Oriented Approach for Computer Security Education Xiao Qin Department of Computer Science and Software Engineering Auburn University URL:

2 Goal and Objectives Goal: New approaches for computer security education Objective 1: To prepare students to design, implement, and test secure software Objective 2: A holistic platform for constructing computer security course projects Student-centered learning Professor-centered platform

3 From CSSE Students to Software Engineers To produce reliable, robust, secure software. To work in interdisciplinary teams. To use appropriate design notations, such as UML. To work in multiple programming languages.

4 Teamwork Secure Software DesignProgramming What projects can help students to learn about teamwork? Must we teach students how to design secure software? How to provide engaging computer security projects? How to teach multiple programming languages? Challenges Student-Centered Learning

5 Flexibility Preparation Grading Teaching What projects can be tailored to students to learn about teamwork? What is a good way to grade computer security projects? How to quickly prepare engaging computer security projects? How to teach computer security projects? Challenges Professor-Centered Platform

6 Teaching Philosophy Computer security education should focus on: Fundamental security principles Security-practice skills.

7 Motivation Security principles: Fundamental A wide spectrum. PracticePrinciples Real-World Systems and Apps Laboratory exercises: Observing Evaluating Testing Course projects: Analyzing Designing Programming Real-world secure computing systems: Programming standards Large scale Work on existing products CollegeIndustry small-scale, fragmented, and isolated course projects

8 Our Solution: Application-Oriented Approach Security Sensitive Applications Security Module 1 User Interface OS (Windows, Linux, etc.) Non-Security Modules Security Module n Security Modules

9 Considerations Security modules: related to fundamental security principles. Applications: represent real world scenario(s) Each application: contains all possible security modules. Flexibility: difficulty levels are configurable. Programming environment: easy setup Hints for students: data structures and algorithms

10 A Unified Programming Environment Security Sensitive Applications Security Module 1 User Interface OS (Windows, Linux, etc.) Non-Security Modules Security Module n Virtual Machine (e.g. vmware, virtualBox )

11 Flexibility Levels of Difficulty –Beginner –Intermediate –Advanced Objective 1: To prepare students to design, implement, and test secure software Objective 2: A holistic platform for constructing computer security course projects Student-centered learning Professor-centered platform

12 Flexibility How Modules Are Packaged Beginner Easy Intermediate Moderate Advanced Hard Explorative Light Editing Basic Understand Of Concepts Normal Implementation Depth Understanding Of Concept Advanced Implementation

13 Types of Course Projects Explorative based projects. Partial Implementation projects. Full Implementations projects. Vulnerability testing, attacking, and fixing. Hybrid labs (Exploration & Implementation, etc.) Beginner Intermediate Advanced

14 Choose the First Application Real World Scenarios –Banking System: Implemented –P2P File-Sharing: future work Three RAs worked on this project –Strategy 1: each RA design and implement a security sensitive application –Strategy 2: three RAs collaborate on a single application.

15 Banking Application Toy Application –A Secure Teller Terminal System –ATM Documentations –Design –Test Cases –Makefile –Readme

16 Implementation Projects Students’ Tasks Existing Components Access Control List Integrity Checking Data Encryption Module Properties of these projects: Focused on targeted principles Focused on a single application Each project takes 2-6 weeks Difficulties can be adjusted IPSecInAttack Lab Banking Application Buffer overflow

17 Workflow A professor’s perspective Teach Concept Generate Project Description Design Survey Questions Choose Apps & Difficulty Work On Project Evaluation/Feedback Design Docs & Partial Code System Setup

18 Design Document Example: Data Flow – High Level

19 Put It All Together An example A Banking System Access Control User Interface OS (Windows, Linux, etc.) Non-Security Modules EncryptionIPSec Virtual Machine (e.g. vmware, virtualBox )

20 Class Diagram A secure teller terminal system Intermediate

21 Class Diagram A secure teller terminal system Advanced No security modules in the design document (e.g., class diagram)

22 An Encrypted Staff File Beginner Easy Explorative Light Editing

23 An Unencrypted Staff File Beginner Easy Explorative Light Editing

24 EncryptionModules Transposition - good, low-level encryption algorithm. Substitution - good, low-level encryption algorithm. Put both of them together – A transposition of a substitution.

25 Access Control Role-based system. Implemented in a separate module. Give students data flow diagram.

26 Access Control Students implement Access Control module. Allows them to insert in existing system. Better real world experience.

27 Choose a Course to Test Our Approach Introductory-level Programming experiences Small-scale projects work Introduction to Computer Security Advanced Computer Security Research projects Examples Memory attacks Parallel Antivirus Testing Security CoursesOther Courses No design experience New programming language Weak programming skill Teach/learn basic security concepts e.g., Software Construction

28 Comp 2710 Software Construction Two projects –A secure teller terminal system: access control –A cryptographic system: two algorithms 57 students (CSSE and ECE) –Computer Science –Software Engineering –Electrical Engineering –Wireless Engineering

29 Preliminary Studies Survey Questionnaires –The quality of project design –Students’ evaluation on projects: How interested they are Programming background Whether the labs spark their interests in security How many hours they spent on the projects Participants: –48 students for project 1 –53 students for project 2

30 Evaluation Results (1) (1) ≤ 5 hours(2) 6-10 hours(3) hours (4) hours (5) > 30 hours Survey: Approximately, how many hours did you spend on the project? Design 81% <10h Implementation 46% >21h Entire Project 40% >30h

31 Evaluation Results (2) (1) Strongly disagree (2) Disagree (3) Neutral (4) Agree (5) Strongly agree Survey: The project instructions were clear. Teller terminal system 69%: agree or strongly agree Cryptographic system 58%: agree or strongly agree

32 Evaluation Results (3) (1) Very easy (2) Somewhat easy (3) Average (4) Somewhat difficult (5) Very difficult Survey: What was the level of difficulty of this project? Teller terminal system 61%: somewhat difficult or very difficult Cryptographic system 53%: somewhat difficult or very difficult

33 Evaluation Results (4) Survey: What was the level of interest in this project? Teller terminal system 58%: Average, High, or very high Cryptographic system 85%: Average, High, or very high 1. (1) Very low (2) Low(3) Average (4) High (5) Very high

34 Evaluation Results (5) Survey: What was the most time consuming part of in the design portion of the project? Teller terminal system 44%: Use cases Cryptographic system 58%: Testing (1) Use Cases (2) Class Diagram (3) System Sequence Diagram (4) Testing

35 Evaluation Results (6) (1) Strongly disagree (2) Disagree (3) Neutral (4) Agree (5) Strongly agree Survey: As a result of the lab, I am more interested in computer security. Teller terminal system 17%: strongly disagree or disagree Cryptographic system 20%: strongly disagree or disagree

36 Evaluation Results (7) develop a non-trivial application using classes, constructors, vectors, and operator overloading; learn a security issue – authentication; perform object-oriented analysis, design, and testing; and develop a reasonably user-friendly application. learn two cryptographic algorithms; develop a simple cryptographic tool; perform separate compilation; and to develop a command- line application. Survey: Overall, I have attained the learning objectives of the project. Teller terminal system Cryptographic system

37 Evaluation Results (7 cont.) (1) Strongly disagree (2) Disagree (3) Neutral (4) Agree (5) Strongly agree Survey: Overall, I have attained the learning objectives of the project. Teller terminal system 52%: strongly agree or agree Cryptographic system 65%: strongly agree or agree

38 About the QoSec Project Funded by the NSF CCLI Program –Phase I ($150K) was funded in 2009 –1 PI and 4 Research Assistants –Alfred Nelson –Andrew Pitchford –John Barton Web pages of the project will be available soon: –

39 Plan and Collaborations Prepare for an NSF TUES Phase II Project –Four to six universities involved –10 Pis –More tool applications –More preliminary results –Evidence for collaborations Contact me if you are interested in –this NSF CCLI Phase I project or –our future NSF TUES Phase II project Xiao Qin:

40

41 Demo & Examples

42 Questions? If you are interested in information regarding this project, add your name to our newsletter list after this discussion. Slides are available at

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.