Integration of computer security into the software engineering and computer science programs
Journal of Systems and Software - Special issue on software engineering education and training for the next millennium
Shared resource matrix methodology: an approach to identifying storage and timing channels
ACM Transactions on Computer Systems (TOCS)
A note on the confinement problem
Communications of the ACM
A laboratory-based course on internet security
SIGCSE '03 Proceedings of the 34th SIGCSE technical symposium on Computer science education
A comment on the confinement problem
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
SEED: a suite of instructional laboratories for computer SEcurity EDucation
Proceedings of the 38th SIGCSE technical symposium on Computer science education
Testing the technology: playing games with video conferencing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
What Hackers Learn that the Rest of Us Don't: Notes on Hacker Curriculum
IEEE Security and Privacy
Peeping tom in the neighborhood: keystroke eavesdropping on multi-user systems
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Predictive black-box mitigation of timing channels
Proceedings of the 17th ACM conference on Computer and communications security
Experiences with practice-focused undergraduate security education
CSET'10 Proceedings of the 3rd international conference on Cyber security experimentation and test
Idle port scanning and non-interference analysis of network protocol stacks using model checking
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Off-path TCP Sequence Number Inference Attack - How Firewall Middleboxes Reduce Security
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Memento: Learning Secrets from Process Footprints
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
Information flow is still relevant, from browser privacy to side-channel attacks on cryptography. However, many of the seminal ideas come from an era when multi-level secure systems were the main subject of study. Students have a hard time relating the material to today's familiar commodity systems. We describe our experiences developing and utilizing an online version of the game Werewolves of Miller's Hollow (a variant of Mafia). To avoid being eaten, students must exploit inference channels on a Linux system to discover "werewolves" among a population of "townspeople." Because the werewolves must secretly discuss and vote about who they want to eat at night, they are forced to have some amount of keystroke and network activity in their remote shells at this time. In each instance of the game the werewolves are chosen at random from among the townspeople, creating an interesting dynamic where students must think about information flow from both perspectives and keep adapting their techniques and strategies throughout the semester. This game has engendered a great deal of enthusiasm among our students, and we have witnessed many interesting attacks that we did not anticipate. We plan to release the game under an open source software license.