Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Low Cost, Portable Platform for Information Assurance and Security Education Dan C. Lo, Kai Qian Department of Computer Science and Software Engineering.

Published byHoward Gilbert Modified over 7 years ago

Similar presentations

Presentation on theme: "A Low Cost, Portable Platform for Information Assurance and Security Education Dan C. Lo, Kai Qian Department of Computer Science and Software Engineering."— Presentation transcript:

1 A Low Cost, Portable Platform for Information Assurance and Security Education
Dan C. Lo, Kai Qian Department of Computer Science and Software Engineering Kennesaw State University, Marietta, GA {clo, Wei Chen Department of Computer Science Tennessee State University

2 Motivations Massive growth in mobile devices
Security raised to national concerns Lack of mobile application development workforce Hard to maintain a network lab Lack of educational materials, especially hands-on teaching modules High demands in online delivery

3 Some Figures in Year 2014 A survey in University of Florida shows 98% of students with mobile devices. (1/2014) Worldwide shipments of smart phones will reach 1.9 billion in 2015. Worldwide shipments of tables (300 million) will exceed PCs after 2014. Android 1.9 billion vs. IOS (iPhone OS) 682 million (2014). App downloads will reach 269 billion in 2017. Mobile APP development jobs are best through 2020. Mobile payment transactions to $1 trillion by 2015. SPSU ranked top 7 for the 2015 best colleges for online CS degrees (ComputerScienceOnline.org)

4 PLab Learning Platform

5 Rationales in our Learning Model
Communicate young generations using their language and approach Hands-on learning materials engage students in subjects such as networking and security The best defense is attack. Curriculum with real world applications will better prepare students for the workforce. Portable isolated networking platform

6 Isolated Network A network that does not connect to Internet.
it must keep the isolated information inaccessible to users on the Internet, it must ensure that authorized users can access only the type of information they are authorized to access

7 Reasons Why Isolated users are prevented from inadvertently releasing sensitive data or vulnerability information to the Internet. users are prohibited to bring in malicious software, such as “programs with Trojan horses or other malicious logic.” users within the isolated network are prevented from intentionally passing information to the Internet, and prevented from running an attack against an Internet host. training systems can be created in an isolated network that should not be used elsewhere. administrative limitations can be placed on the systems that may not be feasible on departmental machines. isolation of the lab denies external attackers a launch platform from within the department.

8 How about online courses?
High demand in online delivery that requires a low cost learning platform. Also the need to learn anytime anywhere – portable.

9 PLab Setups Reverse Tethering on Rooted Devices (sharing PC internet connection) via a USB Cable Connecting Android Devices to a Laptop Computer Using a Virtual Router PLab Configuration Using USB Tethering PLab Configuration Using WiFi Hotspot

10 Reverse Tethering on Rooted Devices via a USB Cable

11 PLab Configuration Using USB Tethering

12 A Comparison Among Different PLab Configurations
Power Consumption Rooted Devices Needed Software USB Reverse Tethering Low Yes Reverse tethering tool Virtual Router Medium No Virtual router software USB Tethering No if there is one in the device WiFi Hostspot High

13 Labware Design We host labware in a Google site: Each contains the following: 1 Overview 2 Learning Objectives 3 Ethics 4 Suggested Targeting Courses 5 Activities 5.1 Pre-Lab Activities 5.2 Lab Activities 5.3 Post-Lab Activities 6 Review questions and answers 7 Assignments 8 Projects 9 References

14 Proposed Learning Modules
Network Security Database Security Defensive Programming Web Security Systems Fundamentals

15 Network Security Internet protocol (IP)
IP Spoofing and countermeasures TCP 3-way handshaking protocol, TCP SYN flood attack, Man-in-the-middle attacks and countermeasures Sniffing and traffic redirection (routing) attack with their countermeasures Network intrusion detection and prevention Cryptography (secure/unsecure channels, attackers and their capabilities, encryption, decryption, keys, signatures, cipher types, public key infrastructure, etc.)

16 Database Security Security challenges for databases
Access Control (authentication, verify who you are, and authorization, verify that you have access to something) Data protection with encryption SQL Injection Attack examples Preventing attacks

17 Web Security Web App security Cross-site scripting
Custom Application Scripting HTTP/HTTPS Authentication Cookie Manipulation Frames busting Browser security

18 Defensive Programming
Secure input validation and output handling Buffer overflow attack and prevention Access Control and Confidential Information Injection and Inclusion Accessibility and Extensibility Mutability Serialization and Deserialization

19 Systems Fundamentals Root of Trusts
Secure Application Programming Interfaces Policy Enforcement Engine Memory protection hardware (DEP) Instruction set architecture: privileged instruction and dual mode operation Encryption/decryption hardware Assembly programming

20 Acknowledgment This material is based in part upon work supported by the National Science Foundation under Grant Numbers , , , and Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

Download ppt "A Low Cost, Portable Platform for Information Assurance and Security Education Dan C. Lo, Kai Qian Department of Computer Science and Software Engineering."

Similar presentations

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : 97077200 7 August 1999 The Chinese University.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
Installing Samba Vicki Insixiengmay Jonathan Krieger.

Installing Samba Vicki Insixiengmay Jonathan Krieger.
Securing Information Systems

Securing Information Systems
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.

 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Information Security and Computer Systems: An Integrated Approach Mark A. Holliday and Bill Kreahling, Dept of Mathematics and Computer Science Western.

Information Security and Computer Systems: An Integrated Approach Mark A. Holliday and Bill Kreahling, Dept of Mathematics and Computer Science Western.
Software Security Testing Vinay Srinivasan cell: +91 9823104620.

Software Security Testing Vinay Srinivasan cell:
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.

COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.

Similar presentations

Ads by Google