Creating Defensive Programmers : Evaluating the Impact of Adding Cybesecurity Topics to Core Computer Science Courses
Pages 87 - 91
Abstract
The research described in this summary explores whether adding defensive programming topics to the Computer Science (CS) curriculum produces graduates who understand and appreciate the risks associated with software vulnerabilities, and who create software free of common vulnerabilities. Defensive programming lectures and assignments have been developed and added to core CS courses. The assignments teach how common vulnerabilities are exploited and how the vulnerabilities can be mitigated. To explore whether these assignments enhance the students’ knowledge and practice, several forms of data collection are done. Students will be required to static test code for class projects for vulnerabilities. Data on the number and type of vulnerabilities will be collected. The trends in the number and types of vulnerabilities over three semesters will give insight into whether the addition of defensive programming topics results in students creating software with fewer vulnerabilities. A survey with multiple choice questions on cybersecurity topics, and free response questions on interest and relevance of cybersecurity will also be given to students in four different core CS courses over three semesters. A multiple linear regression analysis will be performed to determine how survey scores are affected by a student’s progress in the curriculum. The change in regression coefficients will give insight into whether adding defensive programming topics throughout the curriculum is having the desired effect and producing graduates who with a greater understanding of defensive programming. NLP analysis of responses to reflection prompts and free response survey question will give insight into students’ attitude toward defensive programming, and whether they appreciate the need to incorporate defensive programming habits.
References
[1]
[n.d.]. MITRE 2021 CWE Top 25 Most Dangerous Software Errors. https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html. Accessed: 2022-12-16.
[2]
ACM. [n.d.]. Curriculum Guidelines for Undergraduate Degree Programs in Computer Science 2013.
[3]
Debarati Basu, Harinni K. Kumar, Vinod K. Lohani, N. Dwight Barnette, Godmar Back, Dave McPherson, Calvin J. Ribbens, and Paul E. Plassmann. 2020. Integration and evaluation of spiral theory based cybersecurity modules into core computer science and engineering courses. Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE (2020), 9–15. https://doi.org/10.1145/3328778.3366798 ISBN: 9781450367936.
[4]
Matt Bishop and Deborah A. Frincke. 2005. Teaching secure programming. IEEE Security and Privacy 3, 5 (2005), 54–56. https://doi.org/10.1109/MSP.2005.133
[5]
Sam Chung, Leo Hansel, Yan Bai, Elizabeth Moore, Carol Taylor, Martha Crosby, Rachelle Heller, Viatcheslav Popovsky, and Barbara Endicott-Popovsky. 2014. What approaches work best for teaching secure coding practices?2014 HUIC Education & STEM Conference (2014).
[6]
Stephen Cooper, Christine Nickell, Victor Piotrowski, Brenda Oldfield, Ali Abdallah, Matt Bishop, Bill Caelli, Melissa Dark, E. K. Hawthorne, Lance Hoffman, Lance C. Pérez, Charles Pfleeger, Richard Raines, Corey Schou, and Joel Brynielsson. 2010. An exploration of the current state of information assurance education. ACM SIGCSE Bulletin 41, 4 (2010), 109–125. https://doi.org/10.1145/1709424.1709457 ISBN: 9781605588865.
[7]
Jeremiah Y Dangler and Martin L Barrett. 2013. SECURITY TEACHING MODULES FOR COMPUTER SCIENCE COURSES *. Technical Report. www.cs.etsu.edu/academics/downloads.
[8]
John Dewey. 1933. How we think: A restatement of the relation of reflective thinking to the educative process. DC Health.
[9]
A Frazier and X Yuan. 2008. Course modules for software security. Proceedings of the 12th Colloquium for Information Systems Security Education (2008), 47–52.
[10]
A. Gueye and P. Mell. 2021. A Historical and Statistical Study of the Software Vulnerability Landscape. In The Seventh International Conference on Advances and Trends in Software Engineering (SOFTENG 2021).
[11]
C.E. Irvine and Shiu-Kai Chin. 1998. Integrating security into the curriculum. Computer 31, 12 (Dec. 1998), 25–30. https://doi.org/10.1109/2.735847 Conference Name: Computer.
[12]
Hyunju Kim, Natarajan Meghanathan, and Loretta A. Moore. 2013. Enhancement of an undergraduate software engineering course by infusing security lecture modules. IMSCI 2013 - 7th International Multi-Conference on Society, Cybernetics and Informatics, Proceedings (2013), 265–269. ISBN: 9781936338832.
[13]
Cynthia Y. Lester, Hira Narang, and Chung Han Chen. 2008. Infusing information assurance into an undergraduate CS curriculum. Proceedings - 2nd Int. Conf. Emerging Security Inf., Systems and Technologies, SECURWARE 2008, Includes DEPEND 2008: 1st Int. Workshop on Dependability and Security in Complex and Critical Inf. Sys. (2008), 300–305. https://doi.org/10.1109/SECURWARE.2008.63 ISBN: 9780769533292.
[14]
Donald Marks and Michael Stinson. 2007. Security trumps efficiency: putting it into the curriculum. Journal of Computing Sciences in Colleges 22, 4 (2007), 162–169.
[15]
Jenny Moon. 2001. PDP Working Paper 4 Reflection in Higher Education Learning Jenny Moon, University of Exeter. LTSN Generic CentreJuly (2001), 1–25. ISBN: 0202200485.
[16]
Linda Null. 2004. Integrating security in the computer science curriculum. ACM Inroads 6, 2 (2004), 77–81. https://doi.org/10.1145/2766457
[17]
Luiz Felipe Perrone, Maurice Aburdene, and Xiannong Meng. 2005. Approaches to undergraduate instruction in computer security. ASEE Annual Conference and Exposition, Conference Proceedings (2005), 651–663. https://doi.org/10.18260/1-2–14575
[18]
L. Ray and J. Yang. 2011. Beyond the Security Track: Embed Security Education across Undergraduate Computing Curricula Using M-Thread Approach. Ijcsns 11, 8 (2011), 131.
[19]
Mary Ryan. 2013. The pedagogical balancing act: Teaching reflection in higher education. Teaching in Higher Education 18, 2 (2013), 144–155. https://doi.org/10.1080/13562517.2012.694104
[20]
Blair Taylor and Shiva Azadegan. 2008. Moving beyond security tracks: Integrating security in cs0 and cs1. SIGCSE’08 - Proceedings of the 39th ACM Technical Symposium on Computer Science Education (2008), 320–324. https://doi.org/10.1145/1352135.1352246 ISBN: 9781595937995.
[21]
B Taylor, H Hochheiser, S Azadegan, and M. O’Leary. 2009. Cross-site Security Integration: Preliminary Experiences across Curricula. 13th Colloquium for Information Systems Security Education (CISSE) (2009), 158–165.
[22]
Blair Taylor and Siddharth Kaza. 2011. Security injections. (2011), 3. https://doi.org/10.1145/1999747.1999752 ISBN: 9781450306973.
[23]
Blair Taylor and Siddharth Kaza. 2016. Security Injections@Towson. ACM Transactions on Computing Education 16, 4 (2016), 1–20. https://doi.org/10.1145/2897441
[24]
John A Trono. 2018. CS1 Programming Assignments That Can Help to Increase Awareness of Cybersecurity Issues. J. Comput. Sci. Coll. 34, 2 (2018), 80–86.
[25]
David Voorhees, Aparna Das, Cynthia Choi, David Vorhees, and Aparna Das. 2017. Injecting and Assessing Cybersecurity Topics Within a Computer Science Program. J. Comput. Sci. Coll. 32, 6 (2017), 54–66. http://dl.acm.org/citation.cfm?id=3069658.3069670
[26]
Major Gregory White, Captain Gregory Nordstrom, Fairchild Dr, and Hq Usafa. [n.d.]. SECURITY ACROSS THE CURRICULUM: USING COMPUTER SECURITY TO TEACH COMPUTER SCIENCE PRINCIPLES. ([n. d.]), 6.
[27]
Jeong Yang, Akhtar Lodgher, and Young Lee. 2019. Secure modules for undergraduate software engineering courses. Proceedings - Frontiers in Education Conference, FIE 2018-Octob (2019), 8–12. https://doi.org/10.1109/FIE.2018.8658433 Publisher: IEEE ISBN: 9781538611739.
[28]
Xiaohong Yuan, Li Yang, Bilan Jones, Huiming Yu, and Bei-Tseng Chu. 2016. Secure Software Engineering Education: Knowledge Area, Curriculum and Resources. Journal of Cybersecurity Education, Research and Practice 2016, 1 (2016), 3.
Index Terms
- Creating Defensive Programmers : Evaluating the Impact of Adding Cybesecurity Topics to Core Computer Science Courses
Recommendations
Broadening the Path to Cybersecurity Profession in Predominantly Undergraduate and Liberal Arts Institutions (Abstract Only)
SIGCSE '16: Proceedings of the 47th ACM Technical Symposium on Computing Science EducationCybersecurity is a broad, dynamic, and ever changing field that is difficult to be integrated into undergraduate Computer Science (CS) curriculum. In this poster, we will report our plan and progress on an ongoing NSF-funded three-year project. First, ...
ACM Undergraduate Curricular Guidance in Computer Science: The First Two Years
ITiCSE '16: Proceedings of the 2016 ACM Conference on Innovation and Technology in Computer Science EducationUnder the auspices of the ACM Education Board, the Committee for Computing Education in Community Colleges (CCECC) is updating the 2009 ACM associate-degree curricular guidance in computer science with inclusion of contemporary cybersecurity concepts. ...
Introducing Secure Coding in Undergraduate (CS0, CS1, and CS2) and High School (AP Computer Science A) Programming Courses: (Abstract Only)
SIGCSE '18: Proceedings of the 49th ACM Technical Symposium on Computer Science EducationThe ACM CS 2013 curriculum includes Information Assurance and Security as a pervasive knowledge area, the ACM Community College curricular guidelines, CSTransfer2017, places great emphasis on cybersecurity as well. However, introducing security in ...
Comments
Information & Contributors
Information
Published In
August 2023
140 pages
ISBN:9781450399753
DOI:10.1145/3568812
Copyright © 2023 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 13 September 2023
Check for updates
Author Tags
Qualifiers
- Abstract
- Research
- Refereed limited
Conference
ICER 2023
Sponsor:
ICER 2023: ACM Conference on International Computing Education Research
August 7 - 11, 2023
IL, Chicago, USA
Acceptance Rates
Overall Acceptance Rate 189 of 803 submissions, 24%
Upcoming Conference
ICER 2025
- Sponsor:
- sigcse
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 47Total Downloads
- Downloads (Last 12 months)26
- Downloads (Last 6 weeks)1
Reflects downloads up to 24 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format