Moving beyond security tracks: integrating security in cs0 and cs1

In response to the national computer security crisis, colleges and universities have developed security tracks and specialized security courses. While security tracks are effective at producing security experts, they only reach a small subset of students and occur after students have established a foundation of coding techniques. Most undergraduate computing students learn programming and design with little regard to security issues. To complement our security track and reach all computing students at the beginning of their studies, we piloted security integration across sections of CS0 and CS1, using a series of security laboratory modules. Preliminary results show increased security knowledge in the security-targeted sections. This paper describes the details and results of this pilot, which serves as a model for further integration throughout the CS curriculum.

[1]  Melissa Dark,et al.  Teaching Students to Design Secure Systems , 2003, IEEE Secur. Priv..

[2]  Gary McGraw,et al.  Exploiting Software: How to Break Code , 2004 .

[3]  Shiva Azadegan,et al.  Teaching Security through Active Learning , 2007, FECS.

[4]  Kenneth R. van Wyk,et al.  Secure Coding: Principles and Practices , 2003 .

[5]  Shiva Azadegan,et al.  Threading secure coding principles and risk analysis into the undergraduate computer science and information systems curriculum , 2006, InfoSecCD '06.

[6]  Ilja Levin,et al.  Developing Analytical and Synthetic Thinking in Technology Education , 2000 .

[7]  Robert C. Seacord Secure coding in C and C++ of strings and integers , 2006, IEEE Security & Privacy Magazine.

[8]  Deborah A. Frincke,et al.  Teaching Secure Programming , 2005, IEEE Secur. Priv..

[9]  Marius Zimand,et al.  Undergraduate Computer Security Education : A Report on our Experiences & Learning , 2005 .

[10]  Rayford B. Vaughn,et al.  Application of security tot he computing science classroom , 2000, SIGCSE '00.

[11]  Deborah A. Frincke,et al.  Integrating Security into the Curriculum , 1998, Computer.

[12]  Georgory White,et al.  Security across the curriculum: using computer secu-rity to teach computer science principles , 1997 .

[13]  Alec Yasinsac,et al.  Foundations for Security Aware Software Development Education , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[14]  Blair Taylor,et al.  Using Security Checklists and Scorecards in CS Curriculum , 2007 .

[15]  Joseph S. Sherif,et al.  Software security checklist for the software life cycle , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[16]  Robert C. Seacord,et al.  Secure coding in C and C , 2005 .

[17]  Xiannong Meng,et al.  Approaches to Undergraduate Instruction in Computer Security , 2005 .

[18]  Gary McGraw,et al.  Building Secure Software : ソフトウェアセキュリティについて開発者が知っているべきこと , 2006 .

[19]  Marco Aiello,et al.  International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises , 2009 .