Summit on Education in Secure Software: Summary Findings Matt Bishop, University of California, Davis Diana Burley, George Washington University Steve.

Slides:

Advertisements

Similar presentations

WV High Quality Standards for Schools

Advertisements

National Academy of Engineering of the National Academies 1 Phase II: Educating the 2020 Engineer Phase II: Adapting Engineering Education to the New Century...

Transforming Teacher Education through Clinical Practice: A National Strategy to Prepare Effective Teachers - Dr. Dwight C. Watson - University of Northern.

EHR STEM Workforce Development Core Future Directions for EHR’s Investments EHR STEM Workforce Development Subcommittee January 7, 2014.

CSU-MTEP New Mathematics Standards for K-12 and College Learning Margaret L. Kidd CSU Fullerton October 2014.

© 2008 Somerville Collaborative Design and Assessment: Learning ‘With and For’ Users 1 Collaborative Design and Assessment: Learning ‘With and For’ Users.

So Many Possibilities Dr. Vic MaconachyChris Inglis Capitol Technology University U. S. Naval Academy CAE Community Meeting, - Columbia, Maryland Accreditations.

Educational Outcomes: The Role of Competencies and The Importance of Assessment.

Successful Graduation Projects

Be a Part of Something Great! Learning Communities at Wayne State.

College Strategic Plan by Strategic Planning and Quality Assurance Committee.

12 January 2004 Review of Governance and Systemic Reform in Education APEC SUMMIT ON EDUCATION REFORM STRIKING BALANCE:SHARING EFFECTIVE PRACTICE FROM.

Guidelines for Best Practices in Educational Use of Virtual Instrumentation Presentation created by Adina Glava Babeş – Bolyai University of Cluj-Napoca,

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

From the IT Assessment to the IT Roadmap ( )

OPTIONS AND REQUIREMENTS FOR ENGAGEMENT OF CIVIL SOCIETY IN GEF PROJECTS AND PROGRAMMES presented by Faizal Parish Regional/Central Focal Point GEF NGO.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

15 April Fostering Entrepreneurship among young people through education: a EU perspective Simone Baldassarri Unit “Entrepreneurship” Forum “Delivering.

2010 Labs & Tools for ITE 1 Gratitude Kudyachete, Manager - SSA CATC Running an Academy - Motivations & Challenges.

C Kabonesa, April Emergent Women Leaders in Institutions of Higher Learning: Reflections on Integrating Information Communication Technologies (ICTs)

 A set of objectives or student learning outcomes for a course or a set of courses.  Specifies the set of concepts and skills that the student must.

Meeting SB 290 District Evaluation Requirements

5. How to Amass Evidence (Evaluation) of Change and its Effects? How does assessment drive transformative change in the classroom, at the department level,

Company LOGO Broader Impacts Sherita Moses-Whitlow 07/09/09.

QS 702 Phase II: Encouraging the Integration of Technology Into Higher Education.

Critical Role of ICT in Parliament Fulfill legislative, oversight, and representative responsibilities Achieve the goals of transparency, openness, accessibility,

National Secondary School Computer Fund (NSSCF)

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Learner-Ready Teachers  More specifically, learner-ready teachers have deep knowledge of their content and how to teach it;  they understand the differing.

Faculty as Agents of Change – Group 2 Professional development workshops centers for teaching and learning PFF and GTA programs Creating curricula interdisciplinary.

A little history… CCCS Consortium Grants Colorado Lumina Initiative, Lumina Foundation A forerunner for the developmental education redesign.

PROJECT OBJECTIVES Identify, procure, and implement software that provided a common system for students, faculty, and staff to enter and measure.

Focus on Learning: Student Outcomes Assessment and the Learning College.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Assistant Principal Meeting August 28, :00am to 12:00pm.

Mission The faculty and staff of Pittman Elementary School are committed to providing every student with adequate time, effective teaching, and a positive.

AIAA’s Publications Business Publications New Initiatives Subcommittee Wednesday, 9 January 2008 Rodger Williams.

Session Chair: Peter Doorn Director, Data Archiving and Networked Services (DANS), The Netherlands.

Leading Change. THE ROLE OF POLICY IN CHANGE Leading Change – The Role of Policy Drift to Quantitative Compliance- Behavior will focus on whatever is.

Incorporating Cybersecurity Education into the CS curriculum Stephen Cooper, Stanford University.

Toolkit for Mainstreaming HIV and AIDS in the Education Sector Guidelines for Development Cooperation Agencies.

Engaging Visitors in Nanotechnology & Society

Promoting Education for Entrepreneurship in Europe Maud Skäringer European Commission Enterprise and Industry Directorate-General Entrepreneurship Unit.

Susan Albertine and Rebecca Dolinsky Adrianna Kezar and Daniel Maxey Association of American Colleges and Universities The Delphi Project on the Changing.

2012 NASPA Annual Conference  Phoenix, Arizona  March 10–14, 2012 Overcome the Obstacle: Developing a Curricular Leadership Program Dr. Susan Komives,

Cross Cutting Initiatives - Education William E. Kelly Professor of Civil Engineering The Catholic University of America.

Page 1 Strategic Foresight Initiative Summary Briefing Emergency Management Higher Education Conference June 6, :30 – 11:30 am.

Global e-Schools and Communities Initiatives transforming education, empowering communities, promoting development MoHEST Venue: Kenya Institute of Education.

Building Security In: Injecting Security throughout the Undergraduate Computing Curriculum PROBLEM STATEMENT  Secure coding is more important than ever.

Learning-Centered Leadership Joseph Murphy Peabody College, Vanderbilt University.

Andrew McGettrick ACM Education Council, San Francisco November, 2013 Report on Cyber Security Meeting.

March 12, SIGCSE Report FOCE Summit Panel 1 Getting to a Future of Computing Education Summit Joseph Urban Texas Tech University.

Health Information Technology Summit John Tooker, MD, MBA, FACP Executive Vice President/CEO American College of Physicians Washington, DC October 21,

Presented at the OSPA Summit 2012 January 9, 2012.

Andrew McGettrick ACM Education Council, Denver CO March, 2013 Report on Cyber Security Meeting.

1 25 STRONG WORKFORCE RECOMMENDATIONS IMPLEMENTATION OVERVIEW #strongworkforce DoingWhatMATTERS.cccco.edu.

Literacy Design Collaborative (LDC) – A Teacher Tool for Implementing the CCSS AGENDA October 4 th and 5 th 2012 Outcomes: Self- reflections on how the.

TÜBİTAK – BİLGEM – SGE Cyber Security Institute Asım Gençer Gökce TÜBİTAK BİLGEM Cyber Security Institute (SGE) Role: Cyber.

Science & Technology for National Progress in African Region: Highlights of Regional Strategy and Action Professor Gabriel B. Ogunmola, FAS President,

참 잘 오셨소, 어서 오십시오 The National Center for Information and Communications Technologies A National Science Foundation.

Funded by a grant from the National Science Foundation. Any opinions, findings, conclusions or recommendations expressed are those of the authors and do.

National Academy of Engineering of the National Academies 1 National Academy of Engineering Engineer of 2020 Project Wm. A. Wulf.

UTPA 2012: A STRATEGIC PLAN FOR THE UNIVERSITY OF TEXAS-PAN AMERICAN Approved by President Cárdenas November 21, 2005 Goals reordered January 31, 2006.

“Cool” Cybersecurity Modules: No Grading Required!

OpenPath – Improving Student Pathways to Computing Professions

Comprehensive Planning

CSEC2017 Update: Joint Task Force on Cybersecurity Education Diana Burley, Matt Bishop, and the members of the Joint Task Force.

ACM/IEEE-CS Computer Science Curriculum

Diversity & Inclusion at UCONN

Minnesota State University, Mankato

Presentation transcript:

Summit on Education in Secure Software: Summary Findings Matt Bishop, University of California, Davis Diana Burley, George Washington University Steve Cooper, Stanford University Ron Dodge, United States Military Academy Blair Taylor, Towson University This project is supported by the National Science Foundation under grant DUE Any opinions, findings, conclusions, or recommendations expressed are those of the authors and do not necessarily reflect the views of the National Science Foundation.National Science Foundation SIGCSE 2012

SESS Motivation  Increasing reliance on software  Drives financial, medical, government, and critical infrastructure systems such as transportation, energy, networking, and telecommunications  Increased connectivity  Number and severity of attacks that exploit software vulnerabilities is increasing  Writing reliable, robust, and secure programs will substantially improve the ability of systems and infrastructure to resist such attacks  Education plays a critical role in addressing cybersecurity challenges of the future  Designing curricula that integrate principles and practices of secure programming into educational programs Supported through National Science Foundation Award #

SESS Structure and Participants  Two-part conference  Teleconference September 2010  Meeting October 2010  Participants  60 invited participants representing stakeholder groups: academic, industry, government, certification and training. Supported through National Science Foundation Award #

Importance of robust coding  The breadth of people who will affect, or be affected by, software, requires an understanding of robust software principles and practices  The most appropriate method for teaching this material, and more importantly what resources are necessary to teach it, has not been well explored  Multiple constituency groups have a role to play Supported through National Science Foundation Award #

SESS Objectives  To engage cybersecurity stakeholders from academia, government, industry, and certification and training groups in a discussion about teaching secure programming  To use that discussion as the basis of a collaborative effort to improve existing approaches  To outline a comprehensive agenda for secure software education Supported through National Science Foundation Award #

The Roadmaps (and potholes)  Roadmap structure  Educational goals  Teaching methods  Resource requirements  Challenges  The Groups  Computer science professionals  Non-computer science professionals  Computer science undergraduate students  Non-computer science undergraduate students  Community college students  K-12 students Supported through National Science Foundation Award #

Summary Findings  Understanding security, especially during design, requires a holistic approach  Understanding and being able to identify common and emerging attach vectors is a critical component of security  Well-tested principles and frameworks of software development can inhibit attacks  All frameworks have weaknesses and subtleties  Part of secure programming is using strategic approaches to overcome these weaknesses  Users of tools that aid in secure programming must know how to use those tools and understand their limitations Supported through National Science Foundation Award #

Recommendations 1. Increase the number of faculty who understand the importance of secure programming principles 2. Provide faculty support for the inclusion of security content 3. Establish professional development opportunities for faculty/educators 4. Integrate compute security content into existing technical and non-technical courses 5. Require at least one computer security course for all college students Supported through National Science Foundation Award #

Recommendations 6. Encourage partnerships and collaborative curriculum development that leverages industry/government 7. Promote collaborative problem solving and solution sharing across organizational boundaries 8. Use innovative teaching methods to strengthen the foundation of computer security knowledge 9. Develop metrics to assess progress toward meeting the educational goals 10. Highlight the role that computer security professionals should play in key business decision making processes Supported through National Science Foundation Award #

ITiCSE Working Group 2009  Stephen Cooper, Christine Nickell, Victor Piotrowski, Brenda Oldfield, Ali Abdallah, Matt Bishop, Bill Caelli, Melissa Dark, E. K. Hawthorne, Lance Hoffman, Lance C. Pérez, Charles Pfleeger, Richard Raines, Corey Schou, and Joel Brynielsson An exploration of the current state of information assurance education. SIGCSE Bull. 41, 4 (January 2010), Supported through National Science Foundation Award #

ITiCSE Working Group 2010  Stephen Cooper, Christine Nickell, Lance C. Pérez, Brenda Oldfield, Joel Brynielsson, Asım Gencer Gökce, Elizabeth K. Hawthorne, Karl J. Klee, Andrea Lawrence, and Susanne Wetzel Towards information assurance (IA) curricular guidelines. In Proceedings of the 2010 ITiCSE working group reports (ITiCSE-WGR '10), Alison Clear and Lori Russell Dag (Eds.). ACM, New York, NY, USA,  Defining the space of Information Security education  Exploring what constitutes undergraduate secure coding education Supported through National Science Foundation Award #

ITiCSE WG 2010 (continued)  Identifying student learning outcomes, and levels of mastery  Secure coding topics  Data protection  Input/Output vulnerabilities  Runtime vulnerabilities  Communication vulnerabilities  Reuse Supported through National Science Foundation Award #

ITiCSE Working Group 2011  Lance C. Pérez, Stephen Cooper, Elizabeth K. Hawthorne, Susanne Wetzel, Joel Brynielsson, Asim Gencer Gökce, John Impagliazzo, Youry Khmelevsky, Karl Klee, Margaret Leary, Amelia Philips, Norbert Pohlmann, Blair Taylor, and Shambhu Upadhyaya Information assurance education in two- and four-year institutions. In Proceedings of the 16th annual conference reports on Innovation and technology in computer science education - working group reports (ITiCSE-WGR '11), Liz Adams and Justin Joseph Jurgens (Eds.). ACM, New York, NY, USA, Supported through National Science Foundation Award #

One last slide  # Building a serious game to teach secure coding in introductory programming  ber= (NSF – ) ber= Supported through National Science Foundation Award #

Other  CS2013  draft/cs2013-strawman.pdf draft/cs2013-strawman.pdf Supported through National Science Foundation Award #

Conclusion  Structural enablers  Cultural shift among industry stakeholders  Identification of measurable objectives and corresponding measurement methods  Development of national licensure programs  Cultural shift among faculty  Alignment of expectations for university education and realistic constraints in the system  Resources  Security Towson (DUE )  SEED at Syracuse ( (DUE )   Supported through National Science Foundation Award #

Questions/Contact Information  Questions?  For additional information or copies of the report:  Diana Burley –  Matt Bishop – “A paradigm shift that adjusts the current emphasis from “students as customers” to “society as customers” will support holistic and comprehensive curricular reform.” (Burley & Bishop, 2011) Supported through National Science Foundation Award #