We have been teaching cybersecurity using hands-on, interactive exercises that have successfully engaged students. However, in order to meet the increasing demand for security professionals, we need to greatly expand ...
详细信息
ISBN:
(纸本)9781450346986
We have been teaching cybersecurity using hands-on, interactive exercises that have successfully engaged students. However, in order to meet the increasing demand for security professionals, we need to greatly expand the community of faculty teaching in this area. We would like to bring together new and experienced faculty to do this. Ambareen Siraj has set up a dedicated Facebook group to allow us to work together outside of SIGCSE events, but we need to develop a critical mass of users. During the BoF, we will encourage participants to sign up for the closed group, and we will have an exercise where they ask and answer questions about what they want from this learning community. One benefit of having a learning community is that it will be easier to provide support for new members to learn about resources and get help. These resources include exercises, webinars, and slides. We will share experiences, practices and ongoing efforts, including our own (e.g. Security Injections, the Security Knitting Kit project, and EDURange). The BoF also benefits experienced members, helping them to reach other faculty with similar interests. As a community we have begun to share exercises and discuss what works and what problems students and instructors have encountered. For the last five years, we have been doing that at SIGCSE. We will discuss ways to integrate security-related exercises into existing courses. The questions we will ask are, "What exercises have you tried? What are your experiences? What are you looking for from the community?"
Cybersecurity is a topic of growing interest for CS educators. The goal of this workshop is to empower faculty to add hands-on security exercises to their courses. We introduce EDURange, a framework for accessing, dev...
详细信息
ISBN:
(纸本)9781450346986
Cybersecurity is a topic of growing interest for CS educators. The goal of this workshop is to empower faculty to add hands-on security exercises to their courses. We introduce EDURange, a framework for accessing, developing and assessing interactive cybersecurity exercises. We want to reach and engage all students. The first step is to have interesting challenges that are easy to access. EDURange uses VMs in a public cloud, which also provides flexible resources. No software needs to be installed - students only need an ssh client. Another step is to give students feedback on how they are doing. This is an important role for faculty and is not something to automate. Instead, EDURange provides basic tools to visualize what students are doing as they work on the exercises. This allows instructors to more easily see when students are stuck or heading in the wrong direction. Since cybersecurity exercises are often easy to understand but hard to solve, guidance is especially important so that students don't become frustrated. In this workshop, participants will get to try EDURange and several exercises, including an introduction to ssh. Participants don't need to be security experts. We will provide sample syllabuses for an introductory security course as well as an interdisciplinary security course, and we will show how our exercises can be integrated into these courses. More information at http://***. Laptop required.
This work analyzes cryptography misuse by software developers, from their contributions to online forums on cryptography-based security and cryptographic programming. We studied three popular forums: Oracle Java Crypt...
详细信息
ISBN:
(纸本)9781509037131
This work analyzes cryptography misuse by software developers, from their contributions to online forums on cryptography-based security and cryptographic programming. We studied three popular forums: Oracle Java Cryptography, Google Android Developers, and Google Android Security Discussions. We applied a data mining technique, namely Apriori, to elicit association rules among cryptographic bad practices, platform-specific issues, cryptographic programming tasks, and cryptography-related use cases. We found that, with surprisingly high probabilities (90% for Java and 71% for Android), several types of cryptography misuse can be found in the posts, but unfortunately masked by technology-specific issues and programming concerns. We also found that cryptographic bad practices frequently occur in pairs or triples. We related triple associations to use cases and tasks, characterizing worst case scenarios of cryptography misuse. Finally, we observed that hard-to-use architectures confuse developers and contribute to perpetuate recurring errors in cryptographic programming.
We recently taught a Special Projects course aimed at introducing students into writing safe code - code that would be robust and reliable in embedded or real-time applications. This paper is a synopsis of the experie...
详细信息
We recently taught a Special Projects course aimed at introducing students into writing safe code - code that would be robust and reliable in embedded or real-time applications. This paper is a synopsis of the experiences learned developing and teaching this course.
作者:
E. Venkat ReddyK. Srinivasa RaoECE
BIET R.R Dist Hyderabad Telangana-India ECE
DRK Institute of Science & Technology R.R Dist Hyderabad Telangana-India
This paper presents an optimal and secure communication of real time data over a CDMA based IP RAN network. In the process of data transmission, a new coding approach for security enhancement and quality improvement b...
详细信息
ISBN:
(纸本)9781509046218
This paper presents an optimal and secure communication of real time data over a CDMA based IP RAN network. In the process of data transmission, a new coding approach for security enhancement and quality improvement based on spectrum utilization and antenna coding is suggested. The traffic model is developed for image and audio data transmission over a wireless channel, having an interference of AWGN noise with fading effects. An optimal spectrum sensing approach for proper resource allocation is developed, and communicated using the secure WeP protocol. This approach is evaluated for different communication parameters and these are compared with those obtained using conventional modeling of CDMA system. The results obtained using the developed model shows an improvement in the quality of audio and video signals compared to conventional modeling.
We see teaching cybersecurity through hands-on, interactive exercises as a way to engage students. However, we also want to assess how much students are learning from these exercises, and the exercises themselves coul...
详细信息
ISBN:
(纸本)9781450336857
We see teaching cybersecurity through hands-on, interactive exercises as a way to engage students. However, we also want to assess how much students are learning from these exercises, and the exercises themselves could be used to assess what students know. Creating new hands-on exercises requires significant preparation on the part of the instructor. As a community we have begun to share exercises and discuss what works and what problems students and instructors have encountered. The purpose of this BOF is two-fold: 1) to continue to bring together instructors who have developed hands-on exercises with those who would like to use them, and 2) extend the discussion to include assessment of student learning. We recognize that few CS programs can afford new required courses, so we will discuss ways to integrate security-related exercises into existing ones. This could include networking, OS, computer architecture, programming languages, software engineering, algorithms and programming (CS0, CS1, CS2). The questions we will ask are, "What exercises have you tried? What are your experiences? What are you looking for? What are the learning goals for your students? How do you assess them?"Recent hiring forecasts indicate that there is still a tremendous need for skilled information security experts. Security is one of the core areas in the ACM/IEEE COMPUTER SCIENCE 2013 Curricula. It is particularly important to share stories from the classroom (what worked and what didn't), discuss ethical hacking, discuss how to teach and evaluate analytical skills, and discuss how we know if we are making a difference. We plan to share experiences, practices and ongoing efforts, including our own (e.g., our teaching experiences, Security Injections, the Security Knitting Kit project, The EDURange project and our dissemination of other infosec interactive exercises such as SEED labs). Both Security Injections and EDURange have features that address assessment.
As software exchanges data in the internet environment, it is always susceptible to the malicious attacks of hackers. Google Search enables individuals to randomly search servers with their preferred vulnerabilities u...
详细信息
As software exchanges data in the internet environment, it is always susceptible to the malicious attacks of hackers. Google Search enables individuals to randomly search servers with their preferred vulnerabilities using several search words. Using a sample of university homepages in Korea and the US, this paper investigates the security weakness of homepages by using SiteDigger that automatically searches the Googling, which is the most convenient way of collecting data, and examines the security weakness of homepages in Korea and the US. Based on the analyzed weakness, the researcher attempts to conduct future study that develops security diagnosis tool for webpage
The purpose of this paper is to introduce software security for online games at two levels: first at the programming level and second at the web service level. Increasingly game developers are providing their games on...
详细信息
ISBN:
(纸本)9789810854805
The purpose of this paper is to introduce software security for online games at two levels: first at the programming level and second at the web service level. Increasingly game developers are providing their games online, employing web services;however, security threats evolve with the use of web services in such applications which is a great challenge for game developers. The roadblock to providing secure game applications is the lack of understanding of secure coding concepts by game programmers. In this paper we propose the 5W1H re-documentation technique and the use of the Scrum agile software development methodology in a reengineering process to educate game programmers concerning secure coding concepts. The authors first prove how insecure coding can affect the gaming industry by introducing an example of an insecure game login application. Then the same login application is re-documented and reengineered with secure coding concepts. The reengineered application is then tested for security threats.
We see teaching cybersecurity through hands-on, interactive exercises as a way to engage students. Some of the exercises that we have seen require significant preparation on the part of the instructor. Having a commun...
详细信息
ISBN:
(纸本)9781450329668
We see teaching cybersecurity through hands-on, interactive exercises as a way to engage students. Some of the exercises that we have seen require significant preparation on the part of the instructor. Having a community makes it easier to share exercises, knowing what works and what problems students and instructors have encountered. The purpose of this BOF is to bring together instructors who have developed hands-on exercises, those who have used them and those who would like to. We recognize that few CS programs can afford new required courses, so we will discuss ways to integrate security-related exercises into existing ones. This could include networking, OS, computer architecture, programming languages, software engineering, algorithms and programming. The questions we will ask are, "What exercises have you tried? What are your experiences? What are you looking for?"Recent hiring forecasts indicate that there is still a tremendous need for skilled information security experts. Security is one of the core areas in the ACM/IEEE COMPUTER SCIENCE 2013 Curricula. It is particularly important to share stories from the classroom (what worked and what didn't), discuss ethical hacking, and discuss how to teach analytical skills. We plan to share experiences, practices and ongoing efforts, including our own (e.g., our teaching experiences, the SISMAT program, Security Injections, the Seattle Platform, the Security Knitting Kit project, EDURange and the dissemination of infosec interactive exercises).
Content Security Policies (CSPs) provide powerful means to mitigate most XSS exploits. However, CSP's protection is incomplete. Insecure server-side JavaScript generation and attacker control over script-sources c...
详细信息
Content Security Policies (CSPs) provide powerful means to mitigate most XSS exploits. However, CSP's protection is incomplete. Insecure server-side JavaScript generation and attacker control over script-sources can lead to XSS conditions which cannot be mitigated by CSP. In this paper we propose PreparedJS, an extension to CSP which takes these weaknesses into account. Through the combination of a safe script templating mechanism with a light-weight script checksumming scheme, PreparedJS is able to fill the identified gaps in CSP's protection capabilities. (C) 2014 Elsevier Ltd. All rights reserved.
暂无评论