Presentation is loading. Please wait.

Presentation is loading. Please wait.

Summit on Education in Secure Software: Summary Findings Matt Bishop, University of California, Davis Diana Burley, George Washington University Steve.

Published byAlice Simmons Modified over 9 years ago

Similar presentations

Presentation on theme: "Summit on Education in Secure Software: Summary Findings Matt Bishop, University of California, Davis Diana Burley, George Washington University Steve."— Presentation transcript:

1 Summit on Education in Secure Software: Summary Findings Matt Bishop, University of California, Davis Diana Burley, George Washington University Steve Cooper, Stanford University Ron Dodge, United States Military Academy Blair Taylor, Towson University This project is supported by the National Science Foundation under grant DUE-1039564. Any opinions, findings, conclusions, or recommendations expressed are those of the authors and do not necessarily reflect the views of the National Science Foundation.National Science Foundation SIGCSE 2012

2 SESS Motivation  Increasing reliance on software  Drives financial, medical, government, and critical infrastructure systems such as transportation, energy, networking, and telecommunications  Increased connectivity  Number and severity of attacks that exploit software vulnerabilities is increasing  Writing reliable, robust, and secure programs will substantially improve the ability of systems and infrastructure to resist such attacks  Education plays a critical role in addressing cybersecurity challenges of the future  Designing curricula that integrate principles and practices of secure programming into educational programs Supported through National Science Foundation Award #1039564

3 SESS Structure and Participants  Two-part conference  Teleconference September 2010  Meeting October 2010  Participants  60 invited participants representing stakeholder groups: academic, industry, government, certification and training. Supported through National Science Foundation Award #1039564

4 Importance of robust coding  The breadth of people who will affect, or be affected by, software, requires an understanding of robust software principles and practices  The most appropriate method for teaching this material, and more importantly what resources are necessary to teach it, has not been well explored  Multiple constituency groups have a role to play Supported through National Science Foundation Award #1039564

5 SESS Objectives  To engage cybersecurity stakeholders from academia, government, industry, and certification and training groups in a discussion about teaching secure programming  To use that discussion as the basis of a collaborative effort to improve existing approaches  To outline a comprehensive agenda for secure software education Supported through National Science Foundation Award #1039564

6 The Roadmaps (and potholes)  Roadmap structure  Educational goals  Teaching methods  Resource requirements  Challenges  The Groups  Computer science professionals  Non-computer science professionals  Computer science undergraduate students  Non-computer science undergraduate students  Community college students  K-12 students Supported through National Science Foundation Award #1039564

7 Summary Findings  Understanding security, especially during design, requires a holistic approach  Understanding and being able to identify common and emerging attach vectors is a critical component of security  Well-tested principles and frameworks of software development can inhibit attacks  All frameworks have weaknesses and subtleties  Part of secure programming is using strategic approaches to overcome these weaknesses  Users of tools that aid in secure programming must know how to use those tools and understand their limitations Supported through National Science Foundation Award #1039564

8 Recommendations 1. Increase the number of faculty who understand the importance of secure programming principles 2. Provide faculty support for the inclusion of security content 3. Establish professional development opportunities for faculty/educators 4. Integrate compute security content into existing technical and non-technical courses 5. Require at least one computer security course for all college students Supported through National Science Foundation Award #1039564

9 Recommendations 6. Encourage partnerships and collaborative curriculum development that leverages industry/government 7. Promote collaborative problem solving and solution sharing across organizational boundaries 8. Use innovative teaching methods to strengthen the foundation of computer security knowledge 9. Develop metrics to assess progress toward meeting the educational goals 10. Highlight the role that computer security professionals should play in key business decision making processes Supported through National Science Foundation Award #1039564

10 ITiCSE Working Group 2009  Stephen Cooper, Christine Nickell, Victor Piotrowski, Brenda Oldfield, Ali Abdallah, Matt Bishop, Bill Caelli, Melissa Dark, E. K. Hawthorne, Lance Hoffman, Lance C. Pérez, Charles Pfleeger, Richard Raines, Corey Schou, and Joel Brynielsson. 2010. An exploration of the current state of information assurance education. SIGCSE Bull. 41, 4 (January 2010), 109- 125. Supported through National Science Foundation Award #1039564

11 ITiCSE Working Group 2010  Stephen Cooper, Christine Nickell, Lance C. Pérez, Brenda Oldfield, Joel Brynielsson, Asım Gencer Gökce, Elizabeth K. Hawthorne, Karl J. Klee, Andrea Lawrence, and Susanne Wetzel. 2010. Towards information assurance (IA) curricular guidelines. In Proceedings of the 2010 ITiCSE working group reports (ITiCSE-WGR '10), Alison Clear and Lori Russell Dag (Eds.). ACM, New York, NY, USA, 49-64  Defining the space of Information Security education  Exploring what constitutes undergraduate secure coding education Supported through National Science Foundation Award #1039564

12 ITiCSE WG 2010 (continued)  Identifying student learning outcomes, and levels of mastery  Secure coding topics  Data protection  Input/Output vulnerabilities  Runtime vulnerabilities  Communication vulnerabilities  Reuse Supported through National Science Foundation Award #1039564

13 ITiCSE Working Group 2011  Lance C. Pérez, Stephen Cooper, Elizabeth K. Hawthorne, Susanne Wetzel, Joel Brynielsson, Asim Gencer Gökce, John Impagliazzo, Youry Khmelevsky, Karl Klee, Margaret Leary, Amelia Philips, Norbert Pohlmann, Blair Taylor, and Shambhu Upadhyaya. 2011. Information assurance education in two- and four-year institutions. In Proceedings of the 16th annual conference reports on Innovation and technology in computer science education - working group reports (ITiCSE-WGR '11), Liz Adams and Justin Joseph Jurgens (Eds.). ACM, New York, NY, USA, 39-53. Supported through National Science Foundation Award #1039564

14 One last slide  #1022557 Building a serious game to teach secure coding in introductory programming  http://www.nsf.gov/awardsearch/showAward.do?AwardNum ber=1022557 (NSF – 1022557) http://www.nsf.gov/awardsearch/showAward.do?AwardNum ber=1022557 Supported through National Science Foundation Award #1039564

15 Other  CS2013  http://ai.stanford.edu/users/sahami/CS2013/strawman- draft/cs2013-strawman.pdf http://ai.stanford.edu/users/sahami/CS2013/strawman- draft/cs2013-strawman.pdf Supported through National Science Foundation Award #1039564

16 Conclusion  Structural enablers  Cultural shift among industry stakeholders  Identification of measurable objectives and corresponding measurement methods  Development of national licensure programs  Cultural shift among faculty  Alignment of expectations for university education and realistic constraints in the system  Resources  Security Injections @ Towson www.towson.edu/securityinjections (DUE-0817267)www.towson.edu/securityinjections  SEED at Syracuse (http://www.cis.syr.edu/~wedu/seed/index.html) (DUE-0618680)http://www.cis.syr.edu/~wedu/seed/index.html  https://buildsecurityin.us-cert.gov/bsi/home.html https://buildsecurityin.us-cert.gov/bsi/home.html  http:/nob.cs.ucdavis.edu/secure-exer Supported through National Science Foundation Award #1039564

17 Questions/Contact Information  Questions?  For additional information or copies of the report:  Diana Burley – dburley@gwu.edudburley@gwu.edu  Matt Bishop – bishop@cs.ucdavis.edubishop@cs.ucdavis.edu “A paradigm shift that adjusts the current emphasis from “students as customers” to “society as customers” will support holistic and comprehensive curricular reform.” (Burley & Bishop, 2011) Supported through National Science Foundation Award #1039564

Download ppt "Summit on Education in Secure Software: Summary Findings Matt Bishop, University of California, Davis Diana Burley, George Washington University Steve."

Similar presentations

WV High Quality Standards for Schools

WV High Quality Standards for Schools
National Academy of Engineering of the National Academies 1 Phase II: Educating the 2020 Engineer Phase II: Adapting Engineering Education to the New Century...

National Academy of Engineering of the National Academies 1 Phase II: Educating the 2020 Engineer Phase II: Adapting Engineering Education to the New Century...
Transforming Teacher Education through Clinical Practice: A National Strategy to Prepare Effective Teachers - Dr. Dwight C. Watson - University of Northern.

Transforming Teacher Education through Clinical Practice: A National Strategy to Prepare Effective Teachers - Dr. Dwight C. Watson - University of Northern.
EHR STEM Workforce Development Core Future Directions for EHR’s Investments EHR STEM Workforce Development Subcommittee January 7, 2014.

EHR STEM Workforce Development Core Future Directions for EHR’s Investments EHR STEM Workforce Development Subcommittee January 7, 2014.
CSU-MTEP New Mathematics Standards for K-12 and College Learning Margaret L. Kidd CSU Fullerton October 2014.

CSU-MTEP New Mathematics Standards for K-12 and College Learning Margaret L. Kidd CSU Fullerton October 2014.
© 2008 Somerville Collaborative Design and Assessment: Learning ‘With and For’ Users 1 Collaborative Design and Assessment: Learning ‘With and For’ Users.

© 2008 Somerville Collaborative Design and Assessment: Learning ‘With and For’ Users 1 Collaborative Design and Assessment: Learning ‘With and For’ Users.
So Many Possibilities Dr. Vic MaconachyChris Inglis Capitol Technology University U. S. Naval Academy CAE Community Meeting, - Columbia, Maryland Accreditations.

So Many Possibilities Dr. Vic MaconachyChris Inglis Capitol Technology University U. S. Naval Academy CAE Community Meeting, - Columbia, Maryland Accreditations.
Educational Outcomes: The Role of Competencies and The Importance of Assessment.

Educational Outcomes: The Role of Competencies and The Importance of Assessment.
Successful Graduation Projects

Successful Graduation Projects
Be a Part of Something Great! Learning Communities at Wayne State.

Be a Part of Something Great! Learning Communities at Wayne State.
College Strategic Plan by Strategic Planning and Quality Assurance Committee.

College Strategic Plan by Strategic Planning and Quality Assurance Committee.
12 January 2004 Review of Governance and Systemic Reform in Education APEC SUMMIT ON EDUCATION REFORM STRIKING BALANCE:SHARING EFFECTIVE PRACTICE FROM.

12 January 2004 Review of Governance and Systemic Reform in Education APEC SUMMIT ON EDUCATION REFORM STRIKING BALANCE:SHARING EFFECTIVE PRACTICE FROM.
Guidelines for Best Practices in Educational Use of Virtual Instrumentation Presentation created by Adina Glava Babeş – Bolyai University of Cluj-Napoca,

Guidelines for Best Practices in Educational Use of Virtual Instrumentation Presentation created by Adina Glava Babeş – Bolyai University of Cluj-Napoca,
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
From the IT Assessment to the IT Roadmap ( )

From the IT Assessment to the IT Roadmap ( )
OPTIONS AND REQUIREMENTS FOR ENGAGEMENT OF CIVIL SOCIETY IN GEF PROJECTS AND PROGRAMMES presented by Faizal Parish Regional/Central Focal Point GEF NGO.

OPTIONS AND REQUIREMENTS FOR ENGAGEMENT OF CIVIL SOCIETY IN GEF PROJECTS AND PROGRAMMES presented by Faizal Parish Regional/Central Focal Point GEF NGO.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
15 April 2011. Fostering Entrepreneurship among young people through education: a EU perspective Simone Baldassarri Unit “Entrepreneurship” Forum “Delivering.

15 April Fostering Entrepreneurship among young people through education: a EU perspective Simone Baldassarri Unit “Entrepreneurship” Forum “Delivering.
2010 Labs & Tools for ITE 1 Gratitude Kudyachete, Manager - SSA CATC Running an Academy - Motivations & Challenges.

2010 Labs & Tools for ITE 1 Gratitude Kudyachete, Manager - SSA CATC Running an Academy - Motivations & Challenges.
C Kabonesa, April 20061 Emergent Women Leaders in Institutions of Higher Learning: Reflections on Integrating Information Communication Technologies (ICTs)

C Kabonesa, April Emergent Women Leaders in Institutions of Higher Learning: Reflections on Integrating Information Communication Technologies (ICTs)

Similar presentations

Ads by Google