检索结果-内蒙古大学图书馆

Cybersecurity Challenges in Industry: Measuring the Challenge Solve Time to Inform Future Challenges

INFORMATION 2020年第11期11卷 533页

作者： Espinha Gasiba, Tiago Lechner, Ulrike Pinto-Albuquerque, Maria Siemens AG D-81379 Munich Germany Univ Bundeswehr Munchen Inst Angew Informat D-85579 Neubiberg Germany Inst Univ Lisboa ISCTE IUL ISTAR IUL Dept Ciencias & Tecnol Informacao P-1649026 Lisbon Portugal

Cybersecurity vulnerabilities in industrial control systems have been steadily increasing over the last few years. One possible way to address this issue is through raising the awareness (through education) of software developers, with the intent to increase software quality and reduce the number of vulnerabilities. CyberSecurity Challenges (CSCs) are a novel serious game genre that aims to raise industrial software developers' awareness of secure coding, secure coding guidelines, and secure coding best practices. An important industry-specific requirement to consider in designing these kinds of games is related to the whole event's duration and how much time it takes to solve each challenge individually-the challenge solve time. In this work, we present two different methods to compute the challenge solve time: one method based on data collected from the CSC dashboard and another method based on a challenge heartbeat. The results obtained by both methods are presented;both methods are compared to each other, and the advantages and limitations of each method are discussed. Furthermore, we introduce the notion of a player profile, which is derived from dashboard data. Our results and contributions aim to establish a method to measure the challenge solve time, inform the design of future challenges, and improve coaching during CSC gameplay.

关键词： education training secure coding industry cybersecurity capture-the-flag game analysis cybersecurity challenge challenge solve time

来源：评论

学校读者我要写书评

暂无评论

An Approach for Reduce Vulnerabilities in Web Information Systems 2nd

An Approach for Reduce Vulnerabilities in Web Information Sy...

引用

2nd Conference on Computational Methods in Systems and Software (CoMeSySo)

作者： Leite, Gleidson Sobreira Albuquerque, Adriano Bessa Univ Fortaleza Fortaleza Ceara Brazil

ISBN: (纸本)9783030001841;9783030001834

The evolution of the Internet has brought a significant change in the evolution of software, resulting in an increasing presence of Information Systems in Web environments and, consequently, an increase in security vulnerabilities and threats. In this context, secure application development has become a crucial component for information systems in the market. Exploring the main vulnerabilities in the coding of software for Web environments and the need for awareness and guidance for developers of information systems, this paper offers a approach for the treatment of vulnerabilities in Web applications composed by the selection and mapping of categories of major vulnerabilities, risks and existing proactive controls to prevent or treat occurrences of exploitation of vulnerabilities by malicious agents.

关键词： secure coding Information security Information systems Web applications vulnerabilities

来源：评论

学校读者我要写书评

暂无评论

OpenOSC: Open Source Object Size Checking Library With Built-in Metrics

OpenOSC: Open Source Object Size Checking Library With Built...

引用

IEEE secure Development Conference (IEEE SecDev)

作者： Han, Yongkui Shah, Pankil Van Nguyen Ma, Ling Livingston, Richard Cisco Syst Boxboro MA 01719 USA Cisco Syst Knoxville TN USA

ISBN: (纸本)9781538672891

OpenOSC provides value to software development in detecting destination buffer overruns and source buffer over-reads. OpenOSC is presented as open, extensible, object size checking (OSC) library written in C that integrates into most Linux distribution components through hardening flags. It is quite similar to FORTIFY-SOURCE [1] [2] and can complement or replace it in most cases. Like FORTIFY-SOURCE, OpenOSC uses compiler built-in functions [3] in its implementation. The facility also offers some advantages over FORTIFY-SOURCE for compiler and security researchers. Additionally it can be extended to cover more data movement functions such as SafeC library functions. OpenOSC has built-in OSC metrics support, which provides detailed information on OSC coverage. We present a few open source components compiled with OpenOSC as a means to demonstrate the utility of OpenOSC. The effectiveness of three compilers (GCC, CLANG, and ICC) is evaluated and compared. Our results summarize coverage capabilities of these compilers and provide the details on exactly where a compiler might be able to improve its effectiveness. This OpenOSC metric report can be used by product owners to understand where risk remains in the application, where the owners could focus secure code reviews or even targeted SafeC [4] [5] recoding for these calls.

关键词： object size checking fortify source secure coding buffer overflow buffer overread metrics

来源：评论

学校读者我要写书评

暂无评论

Introducing secure coding in CS0 and CS1 (abstract only) 13

Introducing secure coding in CS0 and CS1 (abstract only)

引用

Proceeding of the 44th ACM technical symposium on Computer science education

作者： Matt Bishop Blair Taylor Elizabeth K. Hawthorne Diana Burley Siddharth Kaza University of California at Davis Davis California USA Towson University Towson Maryland USA Union County College Cranford New Jersey USA The George Washington University Washington D.C. USA

ISBN: (纸本)9781450318686

The CS 2013 curriculum draft includes Information Assurance and Security as a pervasive knowledge area. However, introducing security in CS0 and CS1 is challenging because of lack of appropriate teaching resources and training. This workshop will provide a well-tested strategy for introducing secure coding concepts in CS0 and CS1. We will introduce attendees to secure coding through hands-on exercises, and provide self-contained, lab-based modules designed to be injected into CS0/CS1 with minimal impact on the course (***/securityinjections). Participants will be encouraged to bring in their own syllabus and labs to modify to include secure coding concepts. The first 15 participants will be reimbursed for the workshop cost on attendance. Laptop recommended.

关键词： secure coding cs1 cs0 security injections

来源：评论

学校读者我要写书评

暂无评论

Teaching secure coding: the myths and the realities 13

Teaching secure coding: the myths and the realities

引用

Proceeding of the 44th ACM technical symposium on Computer science education

作者： Blair Taylor Matt Bishop Elizabeth Hawthorne Kara Nance Towson University Towson MD USA University of California at Davis Davis CA USA Union County College Cranford NJ USA University of Alaska Fairbanks Fairbanks AK USA

ISBN: (纸本)9781450318686

Teaching secure coding has never been more important. The CS2013 Ironman draft includes Information Assurance and Security as a new Knowledge Area and recommends that security be cross-cutting across all undergraduate computer science curricula. The Summit on Education in secure Software recommended: 1) increasing the number of faculty who understand the importance of secure programming principles, and will require students to practice them; 2) integrating computer security content into existing technical and non-technical courses; and 3) using innovative teaching methods to strengthen the foundation of computer security knowledge. In this panel, we will speak to these recommendations and the new curricular guidelines and discuss the importance and challenges of teaching secure coding.

关键词： secure coding

来源：评论

学校读者我要写书评

暂无评论

The Importance of Safe coding Practices and Possible Impacts on the Lack of Their Application 8th

The Importance of Safe Coding Practices and Possible Impacts...

引用

8th Computer Science On-Line Conference (CSOC)

作者： Leite, Gleidson Sobreira Albuquerque, Adriano Bessa Univ Fortaleza Fortaleza CE Brazil

ISBN: (纸本)9783030198138;9783030198121

A significant change in the way organizations and companies use software has been brought by the evolution of the Internet over the time, resulting in an increasing presence of Information Systems in Web environments and, consequently, an increase in security vulnerabilities and threats. In this context, secure application development has become a crucial component for information systems in the market. This paper aims to contribute to a greater awareness of the importance of secure software coding by exposing possible impacts examples resulting from the lack of safe coding practices, as well as to present some existing recommendations from specialized agencies to avoid or treat occurrences of exploitation of vulnerabilities by malicious agents.

关键词： secure coding Information security Information systems Web applications vulnerabilities

来源：评论

学校读者我要写书评

暂无评论

Sifu-a cybersecurity awareness platform with challenge assessment and intelligent coach

引用

Cybersecurity 2018年第1期1卷 945-967页

作者： Tiago Espinha Gasiba Ulrike Lechner Maria Pinto-Albuquerque Siemens AG Corporate Technology Otto-Hahn-Rin 681379 MunichBavariaGermany Universitat der Bundeswehr München MunichGermany Instituto Universitario de Lisboa(ISCTE-IUL) ISTAR-IULLisbonPortugal

Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic *** handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical ***,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure *** Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the *** cybersecurity awareness events have been used with success in industrial ***,until now,these coached events took place *** the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place *** introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding ***,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social *** CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC *** report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.

关键词： Cybersecurity Awareness Training Artificial intelligence Serious games secure coding Static application security testing Capture-the-flag Software development in industry

来源：评论

学校读者我要写书评

暂无评论

Locating SQL Injection Vulnerabilities in Java Byte Code using Natural Language Techniques

Locating SQL Injection Vulnerabilities in Java Byte Code usi...

引用

IEEE SoutheastCon Conference

作者： Jackson, Kevin A. Bennett, Brian T. East Tennessee State Univ Dept Comp Johnson City TN 37614 USA

ISBN: (纸本)9781538661338

With so much our daily lives relying on digital devices like personal computers and cell phones, there is a growing demand for code that not only functions properly, but is secure and keeps user data safe. However, ensuring this is not such an easy task, and many developers do not have the required skills or resources to ensure their code is secure. Many code analysis tools have been written to find vulnerabilities in newly developed code, but this technology tends to produce many false positives, and is still not able to identify all of the problems. Other methods of finding software vulnerabilities automatically are required. This proof-of-concept study applied natural language processing on Java byte code to locate SQL injection vulnerabilities in a Java program. Preliminary findings show that, due to the high number of terms in the dataset, using singular decision trees will not produce a suitable model for locating SQL injection vulnerabilities, while random forest structures proved more promising. Still, further work is needed to determine the best classification tool.

关键词： Code analysis Natural Language Processing Security secure coding Java Python

来源：评论

学校读者我要写书评

暂无评论

secure Modules for Undergraduate Software Engineering Courses 48

Secure Modules for Undergraduate Software Engineering Course...

引用

48th IEEE Frontiers in Education Conference (FIE)

作者： Yang, Jeong Lodgher, Akhtar Lee, Young Texas A&M Univ Comp & Cyber Secur San Antonio TX 78224 USA

ISBN: (纸本)9781538611746

Security affects every software component in different types of computing systems. Many vulnerabilities and attacks on software systems are due to security weaknesses in the software itself. During the process of software specification, development, or testing, security issues are either taken into consideration insufficiently or not at all. Such software, due to internal weaknesses is prone to new attacks. By teaching secure software engineering techniques for designing and developing software modules, students would learn systematic secure software development techniques, such as defect detecting and security testing. This paper presents a series of modules that are designed to be integrated into undergraduate software engineering courses from a security perspective. The goal of the modules is to teach the building of robust software security requirements, secure software design and development, and secure software verification through a secure software development lifecycle.

关键词： secure software engineering secure design secure coding security testing security assessment

来源：评论

学校读者我要写书评

暂无评论

Discussion of Integrating Hands-on Cybersecurity Exercises into the Curriculum in 2019 19

Discussion of Integrating Hands-on Cybersecurity Exercises i...

引用

Proceedings of the 50th ACM Technical Symposium on Computer Science Education

作者： Richard Weiss Jens Mache Blair Taylor Siddharth Kaza Ankur Chattopadhyay Evergreen State College Olympia WA USA Lewis and Clark College Portland OR USA Towson University Towson MD USA University of Wisconsin at Green Bay Green Bay WI USA

ISBN: (纸本)9781450358903

The critical shortage of cyber security professionals remains an unsolved problem. We need to greatly expand the community in order to meet the increasing demand. The number of security-focused competitions and exercises has increased in recent years. As faculty we need to choose those that we can best integrate into our courses. As a community, we can think about how to create a more unified environment to contribute to each other's projects. We would like to bring together new and experienced faculty to build community and engage in this work. We have set up a dedicated Facebook to allow us to work together outside of SIGCSE events. During the BoF, we will encourage participants to sign up for the closed group, and we will ask the questions, 'What do you want from this learning community? What exercises have you heard about or tried?" One benefit of having a learning community is that it will be easier to provide support for new members to learn about resources and get help. These resources include exercises, webinars, and slides. We will share experiences, practices and ongoing efforts (NSA's National Cybersecurity Curriculum Program), including our own (e.g. Security Injections, Security Knitting Kit, EDURange and UWGB GenCyber). The BoF also benefits experienced members, helping them to disseminate their work and reach other faculty with similar interests. We will discuss what works and what problems students and instructors have encountered. We will discuss ways to integrate security-related exercises into existing courses.

关键词： secure coding cybersecurity laboratory exercises security hacker curriculum

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：