security across the computer science curriculum
play

Security Across the Computer Science Curriculum L. Felipe Perrone - PowerPoint PPT Presentation

May 25, 2023 •92 likes •289 views

Security Across the Computer Science Curriculum L. Felipe Perrone perrone@bucknell.edu Dept. of Computer Science Bucknell University 1 SwA CBK Monterey, CA August 18, 2006 Security and Software Assurance in Computer Science Programs

  1. Security Across the Computer Science Curriculum L. Felipe Perrone perrone@bucknell.edu Dept. of Computer Science Bucknell University 1 SwA CBK Monterey, CA August 18, 2006

  2. Security and Software Assurance in Computer Science Programs  Many graduate programs seem to offer wide coverage of the subjects with a variety of course offerings.  Undergraduate programs are not quite there yet. The question is: “Why not?” 2 August 18, 2006 SwA CBK Monterey, CA

  3. Undergraduate Programs We envision three models of instruction for teaching Sec/SwA to undergraduates:  Single-Course: A junior or senior elective.  Track: A course sequence starting from 1st or 2nd year that adds to the core CS curriculum.  Thread: Principles of software assurance and security serve as a unifying theme across the core curriculum. 3 August 18, 2006 SwA CBK Monterey, CA

  4. Justifying the Single-Course  Curricula are already packed. This is in part due to the need to cover a variety of principles. Certification requirements add even more pressure.  Resources required are minimal. One or two faculty knowledgeable in the subject are enough. 4 August 18, 2006 SwA CBK Monterey, CA

  5. Single-Course A quick, informal Internet survey in 2005 revealed: Institution Department Course Prerequisites Bucknell University Computer Science CSCI 379 Topics in Computer CSCI 315 Operating Systems Science or permission Dartmouth College Computer Science CS38 Security and Privacy CS23 Software Design and Implementation CS37 Computer Architecture Denison University Math and Computer CS 402 Advanced Topics in CS-272 Data Structures and Science Computer Science Algorithm Analysis II Oberlin Computer Science CSCI 343 Secure Computing An introductory programming Systems course or permission Old Dominion University Computer Science CS 472 Network and Systems CS 361 Advanced Data Security Structures and Algorithms Richmond University CMSC 395 Special Topics Math and Computer CMSC 301 Computer Science Architecture CSSE 442 Computer Security Rose-Hulman Institute of Computer Science and CSSE 332 Operating Systems Technology Software Engineering MA 275 Discrete and Combinatorial Algebra I 5 August 18, 2006 SwA CBK Monterey, CA

  6. The Single-Course at Bucknell Introduction to the C Programming Language. User Authentication. Hands-on (1): Writing code for elementary ciphers. Access Control (MAC, DAC, RBAC, ACL, ACM) Elementary Cryptology. Security Models & Trusted OS design. More on Elementary Cryptology. Trusted OS design. Hands-on (2): Analyzing and breaking elementary Assurance in Operating Systems. ciphers. Introduction to Computer Networks. Hands-on (3): Programming a stream cipher. Network Threats. Block Ciphers. Network Threats. DES. Hands-on (9): Experiments with assessment tools. Public Key Encryption. Firewalls. Honeypots. (HW5 due) Crypto Hashes. Intrusion Detection Systems. Hands-on (4): Experimenting with OpenSSL. Administering security. Hands-on (5): Programming with OpenSSL Hashes. Policies and physical security. Hands-on (6): Using Public Key Encryption. Hands-on (7): Using Public Key Encryption II. Public-Key Infrastructures. Authentication protocols. Canonical Authentication Protocols. Buffer Overflows. Secure Programming Practices I. Hands-on (8): Secure Programming Practices II. Writing Secure Code. Malware: Viruses & Worms. Malware: Trojans, Rootkits, Spyware, Adware. Protection in Operating Systems. 6 August 18, 2006 SwA CBK Monterey, CA

  7. Limitations of the Single-Course  It cannot possibly cover all the fundamentals that the student needs to learn. It’s a pretty loaded course...  It happens too late in the sequence to create a real awareness to the problems in Sec/SwA.  It doesn’t demonstrate that principles of Sec/ SwA underlie many topics in Computer Science and can’t be separated from them.  It is likely to be only minimally effective. 7 August 18, 2006 SwA CBK Monterey, CA

  8. Track  Provides excellent breadth and depth of topics in Sec/SwA for those students who opt in.  Its value is recognized by the NSA’s certification of Center of Academic Excellence in Information Assurance Education (CAEIAE). This seal of approval “could” attract more students and more “really interested” students. 8 August 18, 2006 SwA CBK Monterey, CA

  9. CAEIAE Criteria 1 Partnerships in IA Education 2 IA Treated as a Multidisciplinary Science 3 University Encourages the Practice of IA 4 Academic Program Encourages Research in IA 5 IA Curriculum Reaches Beyond Geographic Borders Faculty Active in IA Practice and Research and 6 Contribute to IA Literature 7 State-of-the-Art IA Resources 8 Declared Concentrations 9 Declared Center for IA Education or Research 10 Full-time IA Faculty 9 August 18, 2006 SwA CBK Monterey, CA

  10. Limitations of the Track  Since not all students opt in, a large number of students will still graduate without the knowledge that the current reality requires. The change in the status quo is not what is needed.  Not all schools have the resources to implement a track in Sec/SwA (small colleges and universities in particular). 10 August 18, 2006 SwA CBK Monterey, CA

  11. Are the principles of Sec/SwA fundamental to modern CS? OS1 Overview of Operating Systems (2): The identification of potential threats to operating  systems and potential threats and the security features design to guard against them. OS4 Operating Systems Principles (2): Mutual exclusion as a mechanism for the  implementation of access control in trusted operating systems. OS5 Memory Management (5): Memory protection as a fundamental mechanism in the design  of a trusted operating system. NC3 Network Security (3): Fundamentals of cryptography, public-key and secret-key  algorithms, authentication protocols, and digital signatures. PL2 Virtual Machines (1): Security issues arising from the execution of mobile code.  PL4 Declarations and Types (3): Type checking as a tool to enhance the safety and the  security of a computer program. IS2 Search and Constraint Satisfaction (5): Search heuristics as essential components in  intelligent intrusion detection systems. IM1 Information Models and Systems (3): Information privacy, integrity, security, and  preservation. SP4 Professional and Ethical Responsibilities (3): Computer usage policies and enforcement  mechanisms. SP5 Risks and Liabilities of Computer Based Systems (2): Implications of software  complexity, and risk assessment and management. SP7 Privacy and Civil Liberties: Study of computer based threats to privacy.  SE6 Software Validation (3): Validation and testing of software systems.  SE8 Software Project Management (3): Risk analysis and software quality assurance.  11 August 18, 2006 SwA CBK Monterey, CA

  12. Thread  Approach: Address the principles of Sec/SwA as you teach each topic in Computer Science, across different courses, across the entire curriculum (core and electives).  It’s not quite like chopping up Sec/SwA to serve in bite-sized morsels. It’s more like using the opportunities that already exist in the CS curricula to teach the fundamental concepts in Sec/SwA. 12 August 18, 2006 SwA CBK Monterey, CA

  13. Thread  Is this a matter of calling attention to what is already in the curriculum?  To some extent it may be, but it invites a careful review of the curriculum to ensure that all the important principles receive the attention they need to receive.  Is this a way to market the program so as to attract more students?  Uh, sure, why not? Higher enrollment is good. Parents and alumni often ask what we’re doing about Sec/SwA.  What is more important, though, is that all students in the regular degree program will be educated in principles that are of key importance . 13 August 18, 2006 SwA CBK Monterey, CA

  14. The Thread at Bucknell Intro Progr. I Intro Progr. II Comp. Org. Prog. Lang. Operating Sys. CSCI 203 CSCI 204 CSCI 206 CSCI 208 CSCI 315 Comp. Arch. Discr. Math. Data Structures Comp. & Society CSCI 320 MATH 241 CSCI 311 CSCI 240 Databases OO Lang. CSCI 305 CSCI 330 Algorithms Networks Web Retrieval CSCI 350 CSCI 363 CSCI 335 CSCI 379 Fundamentals of Security 14 August 18, 2006 SwA CBK Monterey, CA

  15. A few more details  Intro Prog. I: input validation, error handling, testing, proper documentation, interface design.  Intro Prog. II: testing, proper documentation, interface design.  Comp. Org.: buffer overflows, input validation, memory leaks, error handling, hardware mechanisms for protection.  Prog. Lang.: type safety, virtual machines.  Op. Sys.: virtualization, protection, access control, reference monitor, policies, resource allocation.  Comp. Soc.: ethics, privacy, hacktivism, risk assessment, computer crime. 15 August 18, 2006 SwA CBK Monterey, CA

  16. Implementing the Thread  The extensive coverage requires approval from the entire department.  Each course needs to be revised to identify the essential opportunities in Sec/ SwA to be addressed in its context.  Modules, lectures, labs, homework need to be created.  Faculty need to be trained. 16 August 18, 2006 SwA CBK Monterey, CA

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 30-1 Outline Policy Access Files, devices Processes Electronic communications Computer Security: Art and Science , 2 nd Edition

945 views • 62 slides
System Security Chapter 29 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

System Security Chapter 29 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

System Security Chapter 29 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 29-1 Outline Introduction Policy Networks Users Authentication Processes Files Retrospective Computer Security: Art

951 views • 59 slides
Computer Science 161: Computer Security Computer Science 161 Fall 2016 Popa and Weaver

Computer Science 161: Computer Security Computer Science 161 Fall 2016 Popa and Weaver

Computer Science 161: Computer Security Computer Science 161 Fall 2016 Popa and Weaver Prof. Raluca Ada Popa Nicholas Weaver http://inst.eecs.berkeley.edu/~cs161/ 1 And a team of talented TAs Computer Science 161 Fall 2016 Popa and

866 views • 42 slides
Curriculum Briefing Primary 3 Science 17 Jan 2015 Primary Science Framework The Science

Curriculum Briefing Primary 3 Science 17 Jan 2015 Primary Science Framework The Science

Curriculum Briefing Primary 3 Science 17 Jan 2015 Primary Science Framework The Science Curriculum Framework aims to inculcate the spirit of scientific inquiry in our pupils The curriculum design seeks to enable students to view the pursuit of

408 views • 25 slides
The Computer Graphics Course in the Computational Science Curriculum Steve Cunningham

The Computer Graphics Course in the Computational Science Curriculum Steve Cunningham

The Computer Graphics Course in the Computational Science Curriculum Steve Cunningham California State University Stanislaus Angela Shiflet Wofford College Supercomputing 2002 November 18, 2002 Goals of This Workshop To discuss the role

659 views • 46 slides
Science Department Vision & Mission Science Curriculum Curriculum Innovation

Science Department Vision & Mission Science Curriculum Curriculum Innovation

Science Department Vision & Mission Science Curriculum Curriculum Innovation OurPurpose Vision Trailblazers In Science Mission To develop in Edgefielders a deep understanding of the physical worlds and to be trend-setters

573 views • 28 slides
The Security Theme: an introduction School of Computer Science The University of Manchester 1

The Security Theme: an introduction School of Computer Science The University of Manchester 1

Advanced Computer Science Security Theme The Security Theme: an introduction School of Computer Science The University of Manchester 1 Advanced Computer Science Security Theme Outline Ratio of hackers to security professionals Why

784 views • 22 slides
Parallelism Across the Curriculum John E. Howland Department of Computer Science Trinity

Parallelism Across the Curriculum John E. Howland Department of Computer Science Trinity

Parallelism Across the Curriculum John E. Howland Department of Computer Science Trinity University 715 Stadium Drive San Antonio, Texas 78212-7200 Voice: (210) 999-7364 Fax: (210) 999-7477 E-mail: jhowland@Ariel.CS.Trinity.Edu Web:

701 views • 23 slides
Cryptographic Protocols and Network Security G. Sivakumar Computer Science and Engineering IIT

Cryptographic Protocols and Network Security G. Sivakumar Computer Science and Engineering IIT

Some Puzzles Security Connection Cryptography Need For Formal Methods Cryptographic Protocols and Network Security G. Sivakumar Computer Science and Engineering IIT Bombay siva@iitb.ac.in Oct 14, 2004 G. Sivakumar Computer Science and

671 views • 43 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Integrated Security Curriculum Conceptions of SECURITY RISK THREATS TECH VALUES The Big

Integrated Security Curriculum Conceptions of SECURITY RISK THREATS TECH VALUES The Big

5/18/2017 Integrated Security Curriculum Conceptions of SECURITY RISK THREATS TECH VALUES The Big Picture: Integrated Security Pathways Cyber Security ISERC Student portal National Security Studies CAPSTONE: Gateway course Peace Studies

298 views • 3 slides
CS-527 Software Security OS Security Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security OS Security Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security OS Security Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Unix security model Table of Contents Unix

463 views • 28 slides
Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL injection Web security, part 1 Announcements intermission Stephen McCamant University of Minnesota, Computer Science & Engineering Web

522 views • 5 slides
Iterative Design of a Robot- Centered Curriculum for the Introduction to Computer Science Course

Iterative Design of a Robot- Centered Curriculum for the Introduction to Computer Science Course

Iterative Design of a Robot- Centered Curriculum for the Introduction to Computer Science Course Tom Lauwers and Illah Nourbakhsh Focus on Process Outline Goals Robots in CS1 Our Approach Results, Design, and more Results!

536 views • 21 slides
Curriculorum : A Computer Science Approach to Curriculum Management Bob Lewis School of EECS

Curriculorum : A Computer Science Approach to Curriculum Management Bob Lewis School of EECS

Introduction Requirements Design Implementation Conclusions and Future Work Curriculorum : A Computer Science Approach to Curriculum Management Bob Lewis School of EECS Washington State University October 10, 2008 Bob Lewis Curriculorum

252 views • 22 slides
From Penetrate and Patch to Building Security In Michael Hicks Professor of Computer Science

From Penetrate and Patch to Building Security In Michael Hicks Professor of Computer Science

From Penetrate and Patch to Building Security In Michael Hicks Professor of Computer Science and the UofM Institute for Advanced Computer Studies (UMIACS) Distinguished Scholar-Teacher talk September 28, 2015 Security breaches Just a few:

898 views • 74 slides
INF5110 Compiler Construction Semantic analysis Spring 2016 1 / 60 Outline 1. Semantic

INF5110 Compiler Construction Semantic analysis Spring 2016 1 / 60 Outline 1. Semantic

INF5110 Compiler Construction Semantic analysis Spring 2016 1 / 60 Outline 1. Semantic analysis Intro Attribute grammars Rest 2 / 60 Outline 1. Semantic analysis Intro Attribute grammars Rest 3 / 60 Overview over the chapter a a

933 views • 56 slides
A EU Horizon2020 proposal around 21cm/Tianlai ? 15 Jan 2019 Very preliminary : most issues and

A EU Horizon2020 proposal around 21cm/Tianlai ? 15 Jan 2019 Very preliminary : most issues and

A EU Horizon2020 proposal around 21cm/Tianlai ? 15 Jan 2019 Very preliminary : most issues and political and administrative possibility to submit such a proposal with international cooperation (outside EU) needs to be checked EU Horizon2020

615 views • 6 slides
Adequacy inaugural workshop Risks missing in the existing methodology ADDRESSED RISKS SO&AF

Adequacy inaugural workshop Risks missing in the existing methodology ADDRESSED RISKS SO&AF

Adequacy inaugural workshop Risks missing in the existing methodology ADDRESSED RISKS SO&AF Assesses the ability of the generation to match the consumption in some predefined snapshots (upward margin at peak load). Seasonal Outlooks

614 views • 12 slides
Out line Decision Net works Aka I nf luence diagr ams Lect ure 11 Value of inf

Out line Decision Net works Aka I nf luence diagr ams Lect ure 11 Value of inf

Out line Decision Net works Aka I nf luence diagr ams Lect ure 11 Value of inf ormat ion Russell and Norvig: Sect 16.5-16.6 J une 7, 2005 CS 486/ 686 2 CS486/686 Lecture Slides (c) 2005 C. Boutilier, P. Poupart & K.

351 views • 5 slides
Object & Polymorphism Check out Polymorphism from SVN Inheritance, Associations, and

Object & Polymorphism Check out Polymorphism from SVN Inheritance, Associations, and

Object & Polymorphism Check out Polymorphism from SVN Inheritance, Associations, and Dependencies Solid Solid lin line, op open arrow owhead = = has-a a Dependency lines are dashed Field association lines are solid Use Use

544 views • 23 slides
CSE443 Compilers Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall Phases of a compiler

CSE443 Compilers Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall Phases of a compiler

CSE443 Compilers Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall Phases of a compiler Intermediate Representation (IR): specification and generation Figure 1.6, page 5 of text Intermediate Representations Directed Acyclic

501 views • 37 slides
Non-In trusiv e Ob jet In trosp etion in C++: Ar hiteture and Appliation T

Non-In trusiv e Ob jet In trosp etion in C++: Ar hiteture and Appliation T

Non-In trusiv e Ob jet In trosp etion in C++: Ar hiteture and Appliation T yng-Ruey Ch uang Institute of Information Siene Aademia Sinia Nank ang, T aip ei 115, T aiw an Join t w ork with Chin-Ch uan

457 views • 24 slides
HELLO WORLD ON ANDROID Create a new Android Project Open File->New->Android

HELLO WORLD ON ANDROID Create a new Android Project Open File->New->Android

HELLO WORLD ON ANDROID Create a new Android Project Open File->New->Android project Application name Company domain Project location Hello World Project Target Android Devices Hello World Project Add an

213 views • 18 slides

More recommend