Developing an Applied, Security-oriented Computing Curriculum

Software and hardware security is a reality that all stakeholders must face, from hardware engineers to software developers to customers. As a direct result, the technology industry is facing a growing need for engineers who understand security principles at varying levels of abstraction. These engineers will need security-oriented perspectives stemming from both theoretical and practical disciplines, including software engineering, computer engineering, and computer science. Unfortunately, in traditional academic settings, secure software and hardware are typically taught independently despite being intertwined in practice. Consequently, the objective of this initiative is to prepare students to apply a security-oriented awareness to a broad range of hardware and software systems by developing a multi-disciplinary curriculum involving three departments. Our efforts at Rochester Institute of Technology focus on integrating security into software design and implementations, hardware design and implementations, and hardwaresoftware co-design. In the cluster of courses described in this paper, we use cryptographic applications as the motivating security focus. We describe changes made to an existing introductory cryptography course, report on a recently-developed course entitled Hardware and Software Design for Cryptographic Applications, and present our plans for a Secure Software Engineering course.

[1]  Robert C. Seacord,et al.  Secure Design Patterns , 2009 .

[2]  Deborah A. Frincke,et al.  A case study in rapid introduction of an information assurance track into a software engineering curriculum , 2004, 17th Conference on Software Engineering Education and Training, 2004. Proceedings..

[3]  Shihong Huang,et al.  A set of courses for teaching secure software development , 2006, 19th Conference on Software Engineering Education and Training Workshops (CSEETW'06).

[4]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[5]  A.J.A. Wang Security testing in software engineering courses , 2004, 34th Annual Frontiers in Education, 2004. FIE 2004..

[6]  A. Striegel,et al.  A Case for Instilling Security as a Core Programming Skill , 2006, Proceedings. Frontiers in Education. 36th Annual Conference.

[7]  Jerry Schumacher,et al.  Educating leaders in information assurance , 2002, IEEE Trans. Educ..

[8]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[9]  J. Leasure,et al.  Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3 , 2007 .

[10]  Patrick Schaumont A Senior-Level Course in Hardware–Software Codesign , 2008, IEEE Transactions on Education.