Software Security Knowledge Transferring and Learning with Concept Maps

Software security has been a subject of plethora studies for the past decades. A relatively large number of frameworks, coding standards and guidelines have been developed and published by security committees in publications or on the internet. We argue that the huge mass of information has resulted in a form of information overload to software developers who come from many disciplines and have different levels of programming knowledge. We consider that the knowledge contents of software security should be organized as scaffold learning by breaking down complex materials into component parts. In this paper, we present a concept map approach to model the knowledge of software security in a graphical and visualized format. The concept maps are constructed in accordance with the pre-developed software security domain model, which reduces the difficulties and complexity in developing concept maps. For operationalization, the proposed concept maps consider different learning preferences and form security metal models among developers.

[1]  Veda C. Storey,et al.  An ontological analysis of the relationship construct in conceptual modeling , 1999, TODS.

[2]  Tim Menzies,et al.  We Don't Need Another Hero?: The Impact of "Heroes" on Software Development , 2017, 2018 IEEE/ACM 40th International Conference on Software Engineering: Software Engineering in Practice Track (ICSE-SEIP).

[3]  Austin Henderson,et al.  INTERACT '93 and CHI '93 Conference Companion on Human Factors in Computing Systems , 1993 .

[4]  Kuo-Kuang Chu,et al.  Ontology technology to assist learners' navigation in the concept map learning system , 2011, Expert Syst. Appl..

[5]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[6]  Gwo-Jen Hwang,et al.  An interactive concept map approach to supporting mobile learning activities for natural science courses , 2011, Comput. Educ..

[7]  R. Felder,et al.  Learning and Teaching Styles in Engineering Education. , 1988 .

[8]  Angela M. O'Donnell,et al.  Knowledge Maps as Scaffolds for Cognitive Processing , 2002 .

[9]  Rafael A. Calvo,et al.  Concept Maps as Cognitive Visualizations of Writing Assignments , 2011, J. Educ. Technol. Soc..

[10]  Joseph D. Novak,et al.  Learning How to Learn , 1984 .

[11]  Xiaohong Yuan,et al.  Teaching secure coding for beginning programmers , 2014 .

[12]  Axelle Apvrille,et al.  Secure software development by example , 2005, IEEE Security & Privacy Magazine.

[13]  Philip N. Johnson-Laird,et al.  Mental Models in Cognitive Science , 1980, Cogn. Sci..

[14]  Robert R. Hoffman,et al.  Applied Concept Mapping: Capturing, Analyzing, and Organizing Knowledge , 2011 .

[15]  Mohammad Zulkernine,et al.  Quantifying Security in Secure Software Development Phases , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[16]  Judith S. Olson,et al.  A mental model can help with learning to operate a complex device , 1993, CHI '93.

[17]  Ken Frazer,et al.  Building secure software: how to avoid security problems the right way , 2002, SOEN.

[18]  Mike Shema Hacking Web Apps: Detecting and Preventing Web Application Security Problems , 2012 .

[19]  Chun-Yi Shen,et al.  Metacognitive Skills Development: A Web-Based Approach in Higher Education , 2011 .

[20]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[21]  Gloria Gomez,et al.  CmapTools: A Knowledge Modeling and Sharing Environment , 2004 .

[22]  Martin Wirsing,et al.  An Ontology for Secure Web Applications , 2015, Int. J. Softw. Informatics.

[23]  Joseph Krajcik,et al.  A Scaffolding Design Framework for Software to Support Science Inquiry , 2004, The Journal of the Learning Sciences.

[24]  Ian Kinchin,et al.  Using concept maps to optimize the composition of collaborative student groups: a pilot study. , 2005, Journal of advanced nursing.

[25]  Matt Bishop,et al.  A Clinic for "Secure" Programming , 2010, IEEE Security & Privacy.

[26]  Thomas R. Gruber,et al.  Toward principles for the design of ontologies used for knowledge sharing? , 1995, Int. J. Hum. Comput. Stud..

[27]  Lev Vygotsky Mind in society , 1978 .

[28]  Dennis A. Gioia,et al.  Mapping Strategic Thought. , 1992 .

[29]  Gwo-Jen Hwang,et al.  An Evaluation of the Learning Effectiveness of Concept Map- Based Science Book Reading via Mobile Devices , 2013, J. Educ. Technol. Soc..