论文信息 - Interactive support for secure programming education

Interactive support for secure programming education

Software flaws are a root cause of many of today's information security vulnerabilities. Current curricula emphasis on traditional information security issues does not address this root cause. We propose educating students on secure programming techniques through interactive tool support in the Integrated Development Environment (IDE). We believe this approach can complement other curricula efforts by teaching and providing continuous reinforcement of practices throughout programming tasks. In this paper, we evaluate our prototype tool, ASIDE, which provides instant security warnings, detailed explanations of vulnerabilities, and code generation. We report the results of an observational study on 20 students from an advanced Web programming course. The results provide early evidence that our tool could potentially help students learn about and practice secure programming in the context of their programming assignments.

[1] Robert C. Seacord. The CERT C Secure Coding Standard , 2008 .

[2] Xiannong Meng,et al. Approaches to Undergraduate Instruction in Computer Security , 2005 .

[3] Shiva Azadegan,et al. Threading secure coding principles and risk analysis into the undergraduate computer science and information systems curriculum , 2006, InfoSecCD '06.

[4] M. E. Kabay,et al. Writing Secure Code , 2015 .

[5] Kara L. Nance,et al. Teach Them When They Aren't Looking: Introducing Security in CS1 , 2009, IEEE Security & Privacy.

[6] Andrew Blyth,et al. Secure coding — principles and practices , 2004 .

[7] Deborah A. Frincke,et al. Integrating Security into the Curriculum , 1998, Computer.

[8] Steve Lipner,et al. Security development lifecycle , 2010, Datenschutz und Datensicherheit - DuD.

[9] Jing Xie,et al. Evaluating interactive support for secure programming , 2012, CHI.

[10] Shiva Azadegan,et al. Moving beyond security tracks: integrating security in cs0 and cs1 , 2008, SIGCSE '08.

[11] Gary McGraw,et al. Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[12] Jing Xie,et al. ASIDE: IDE support for web application security , 2011, ACSAC '11.

[13] Blair Taylor,et al. Using Security Checklists and Scorecards in CS Curriculum , 2007 .