Addressing the crucial need for cybersecurity learning materials, the Security Injections @ Towson project (***/securityinjections) has developed modules for CS0, CS1, CS2 and Computer Literacy courses that target key...
详细信息
ISBN:
(纸本)9781450326056
Addressing the crucial need for cybersecurity learning materials, the Security Injections @ Towson project (***/securityinjections) has developed modules for CS0, CS1, CS2 and Computer Literacy courses that target key secure coding concepts including integer overflow, buffer overflow, and input validation. Assessment results indicate that these modules have led to an increase in students' security-awareness and their ability to apply secure coding principles. Each security injection module includes four sections - background, code responsibly (includes methods to avoid security issues), laboratory assignment with a security checklist, and discussion questions. In this study, we are proposing to enhance these modules by incorporating e-learning strategies including lesson segmentation, instant feedback, and self-paced lessons to increase student learning. In addition, we are designing a system with auto-grading functionality and dashboards to encourage adoption by instructors. Segmenting modules into smaller sections and including --gatekeeper questions will facilitate learning and reduce cognitive overload. Providing feedback on incorrect answers encourages students to revisit relevant sections. The goal of this feedback based approach is to improve student learning and content retention. The nature of the enhanced modules allows for self-paced learning which is applicable for online learning environments. We conducted a pilot study using a module in CS0 undergraduate computer science class that included 60 in-class and 9 online students. The results of the pilot study indicated increased attention towards the content and possible improvement in retention of concepts. This project is partially supported by NSF under grant DUE-1241738
Buffer overflow attacks have been the most common form in the network attacks and become a predominant problem in the system and network security area. With specific programs, this paper describes in detail the type o...
详细信息
ISBN:
(纸本)9780819495662
Buffer overflow attacks have been the most common form in the network attacks and become a predominant problem in the system and network security area. With specific programs, this paper describes in detail the type of buffer overflow attacks and technical principles, so we have a good understanding of them, and then gives several common preventive measures.
Basics of computer science and engineering are a part of every major curriculum taught in colleges and universities across India. Numerous Indian websites are compromised frequently mainly due to insecure coding pract...
详细信息
ISBN:
(纸本)9781457707261
Basics of computer science and engineering are a part of every major curriculum taught in colleges and universities across India. Numerous Indian websites are compromised frequently mainly due to insecure coding practices and lack of awareness of implications of security vulnerabilities. Yet, Cyber security education is not part of undergraduate curriculum in most educational institutions. This paper addresses the design of cyber security educational exercises that facilitate large scale participation and concentration in specific areas, applying a holistic approach to problem solving and teaching about cyber security. In this paper, we describe InCTF, India's first national level Capture the Flag style ethical hacking contest and how such a model can aid in effective security education, both theoretical and practical.
Developing and maintaining security software systems can be cost-prohibitive for all but the largest organizations. New requirements of hardware and software quickly outdate current security systems. Modern software a...
详细信息
ISBN:
(纸本)9780769549385;9781467354950
Developing and maintaining security software systems can be cost-prohibitive for all but the largest organizations. New requirements of hardware and software quickly outdate current security systems. Modern software architecture technology, such as Spring Framework, and the new deployment paradigm of cloud computing infrastructure services can help with the challenge of maintaining software security systems. Spring Framework allows for better reusability of our code to adapt to different input vulnerabilities and cloud computing helps to deploy quickly and easily. The application of software architectural patterns and cloud computing to the development of attack aware software improves reusability and scalability.
Developing and maintaining security software systems can be cost-prohibitive for all but the largest organizations. New requirements of hardware and software quickly outdate current security systems. Modern software a...
详细信息
ISBN:
(纸本)9781467354950
Developing and maintaining security software systems can be cost-prohibitive for all but the largest organizations. New requirements of hardware and software quickly outdate current security systems. Modern software architecture technology, such as Spring Framework, and the new deployment paradigm of cloud computing infrastructure services can help with the challenge of maintaining software security systems. Spring Framework allows for better reusability of our code to adapt to different input vulnerabilities and cloud computing helps to deploy quickly and easily. The application of software architectural patterns and cloud computing to the development of attack aware software improves reusability and scalability.
A visual programming course can be set up in a way that draws a general audience from different disciplines in addition to serving majors. Thereby embedding security into a visual programming course can be effective n...
详细信息
ISBN:
(纸本)9781450308120
A visual programming course can be set up in a way that draws a general audience from different disciplines in addition to serving majors. Thereby embedding security into a visual programming course can be effective not only in raising future security workforce, but also in promoting security awareness for non-majors. Moreover, an instructor can create a subsequent advanced course where students can reinforce and expand secure coding practices as well as learn security principles. However, most visual programming books that are suitable as textbooks usually do not deal with security issues. Even if they do, minimal discussion is usually included, even being without connection to security principles. Therefore, in order to imbed security into a visual programming course, instructors are required to spend enormous time in preparation. In this paper, we set out to provide a guideline for embedding security into a visual programming course. Specifically, we will discuss basic and advanced secure coding techniques along with related security principles.
The problem of developing secure code is well known to high-tech sector companies. Some, like Microsoft, have found it necessary to establish ongoing security training for their developers to make up for the absence o...
详细信息
ISBN:
(纸本)9781936338115
The problem of developing secure code is well known to high-tech sector companies. Some, like Microsoft, have found it necessary to establish ongoing security training for their developers to make up for the absence of college-level, secure coding curriculum. This research takes a unique, software reengineering-based, thread approach. Curriculum modules are built around a concept such as input data validation, encapsulation, errors, etc. A software engineering case study is developed for each module that will produce code the traditional way, without regard to security, then re-engineer the code to transform it to include security concepts. Going through the cases in this manner, will give attending faculty, not only specific labs they can implement in their own courses, but also an understanding of how to transform their own existing assignments to incorporate secure coding practices.
A secure coding concept for pairwise images is revealed and implemented by the use of the proposed fractal mating coding scheme, in which the domain pools consist of the domain blocks selected from the pairwise images...
详细信息
A secure coding concept for pairwise images is revealed and implemented by the use of the proposed fractal mating coding scheme, in which the domain pools consist of the domain blocks selected from the pairwise images to explore both the intra- and interimage similarities. In addition to the pairwise relation, the mating ratios denoting the percentages of the domain blocks selected from both images are utilized. Further encryption can be achieved by the use of block mean permutation and mating of the fractal codes. The security level is high because the jointly coded images cannot be correctly reconstructed without all the required information. The computer experiments show that the coding performance can be greatly improved from conventional fractal coding schemes, and the intersecured purpose for pairwise images is successfully achieved. (C) 2007 Society of Photo-Optical Instrumentation Engineers.
An efficient, secure color image coder incorporating Color-SPIHT (C-SPIHT) compression and partial encryption is presented. Confidentiality of the image data is achieved by encrypting only the significance bits of ind...
详细信息
An efficient, secure color image coder incorporating Color-SPIHT (C-SPIHT) compression and partial encryption is presented. Confidentiality of the image data is achieved by encrypting only the significance bits of individual wavelet coefficients for K iterations of the C-SPIHT algorithm. By varying K, the level of confidentiality vs. processing overhead can be controlled. For K = 2, adequate security is achieved and an average of only 0.40% of bits needed encrypting for test images coded at 0.8 bpp. (c) 2005 Pattern Recognition Society. Published by Elsevier Ltd. All rights reserved.
暂无评论