Teaching the security mindset to CS1 students

Authors:
Vahab Pournaghshband
Affiliations:
University of California, Los Angeles, Los Angeles, CA, USA
Venue:
Proceeding of the 44th ACM technical symposium on Computer science education
Year:
2013

Citing 9
Cited 0

An undergraduate track in computer security

Proceedings of the 8th annual conference on Innovation and technology in computer science education
Can Source Code Auditing Software Identify Common Vulnerabilities and Be Used to Evaluate Software Security?

HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 9 - Volume 9
Security Patch Management: Share the Burden or Share the Damage?

Management Science
Teach Them When They Aren't Looking: Introducing Security in CS1

IEEE Security and Privacy
IPsecLite: a tool for teaching security concepts

Proceedings of the 41st ACM technical symposium on Computer science education
Experiences with practice-focused undergraduate security education

CSET'10 Proceedings of the 3rd international conference on Cyber security experimentation and test
Security exercises for the online classroom with DETER

CSET'10 Proceedings of the 3rd international conference on Cyber security experimentation and test
Science fiction prototyping and security education: cultivating contextual and societal thinking in computer security education and beyond

Proceedings of the 42nd ACM technical symposium on Computer science education
Training students to steal: a practical assignment in computer security education

Proceedings of the 42nd ACM technical symposium on Computer science education

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this 21st century technological world, the inherent problems of computer security are becoming increasingly important, and it is critical that our students gain the necessary skills and knowledge, early in their academic programs, to handle these problems. Specifically, the lack of security mindset is responsible for many overlooked and exploitable security bugs in the computer programs that these students design. While learning the security concepts generally requires a more advanced knowledge of computer science, learning the security mindset can be, and should be, addressed as early as CS 1. Although the primary focus of any traditional CS 1 course is that of basic programming concepts, we believe that teaching the security mindset in this course is valuable and effective. In this paper we discuss the course that we have taught for four terms-an introductory course that teaches the security mindset to beginner programmers. We start out by using the term-long incremental development of a security-sensitive program-the login program. Students develop the security mindset by thinking as both hackers and defenders, in order to catch and fix the logical and run-time errors that may lead to security breaches in the program.