论文信息 - Learning and Grading Cryptology via Automated Test Driven Software Development

Learning and Grading Cryptology via Automated Test Driven Software Development

Understanding common cryptological concepts like encryption, hashing, signatures, and certificates is a prerequisite when working as an IT security professional but it is also a major challenge in security education. Often students struggle with cryptology as sound previous mathematical knowledge is required and study time is limited. Teachers face the problem to fairly assess the students’ knowledge and understanding of cryptology. The paper presents an approach to face these challenges by utilizing test driven software development techniques for students who have taken courses in programming and theoretical cryptology. The paper describes the practical experience gained in courses with ~30 students utilizing a specialized client-server system to automate the tests. We propose that this setup is beneficial for learning as it gives immediate feedback and allows students to focus on the erroneous parts of their software. The test cases can also be used to grade students’ code by weighting the test cases e.g. in an exam setting.

Konstantin Knorr

[1] David S. Janzen,et al. A survey of evidence for test-driven development in academia , 2008, SGCS.

[2] Andreas Seitz,et al. ArTEMiS: An Automatic Assessment Management System for Interactive Learning , 2018, SIGCSE.

[3] David Schuster,et al. Automatische Bewertung von JavaFX-Anwendungen(Automatic Evaluation of JavaFX Applications) , 2017, ABP.

[4] Jonathan Knudsen. Java cryptography , 1998, Java series.

[5] Stephen H. Edwards,et al. Experiences using test-driven development with an automated grader , 2007 .

[6] Robert C. Seacord,et al. The Cert Oracle Secure Coding Standard for Java , 2011 .

[7] David Hook. Beginning Cryptography with Java , 2005 .

[8] Jared D. DeMott,et al. Fuzzing for Software Security Testing and Quality Assurance , 2008 .

[9] Xi Wang,et al. Why does cryptographic software fail?: a case study and open problems , 2014, APSys.

[10] D. Kahn. The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet , 1967 .

[11] Kent L. Beck,et al. Test-driven Development - by example , 2002, The Addison-Wesley signature series.

[12] Alexander Dallmann,et al. PABS - a Programming Assignment Feedback System , 2015, ABP.

[13] Julia Isong,et al. Developing an automated program checkers , 2001 .