Computer Networking: A Top-Down Approach Featuring the Internet
Computer Networking: A Top-Down Approach Featuring the Internet
SEED: A Suite of Instructional Laboratories for Computer Security Education
Journal on Educational Resources in Computing (JERIC)
Seattle: a platform for educational cloud computing
Proceedings of the 40th ACM technical symposium on Computer science education
Retaining sandbox containment despite bugs in privileged memory-safe code
Proceedings of the 17th ACM conference on Computer and communications security
Proceedings of the 16th annual joint conference on Innovation and technology in computer science education
Active learning with the CyberCIEGE video game
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Control-Alt-Hack™: a card game for computer security outreach and education (abstract only)
Proceeding of the 44th ACM technical symposium on Computer science education
Experience with Seattle: A Community Platform for Research and Education
GREE '13 Proceedings of the 2013 Second GENI Research and Educational Experiment Workshop
| Hi-index | 0.00 |
One of the central skills in computer security is reasoning about how programs fail. As a result, computer security necessarily involves thinking about the corner cases that arise when software executes. An unfortunate side effect of this is that computer security assignments typically necessitate deep understanding of a topic, such as how the stack is laid out in memory or how web applications interact with databases. This work presents a series of assignments that require very little background knowledge from students, yet provide them with the ability to reason about failures in programs. In this set of assignments, students implement two very simple programs in a high-level language (Python). Students first implement a reference monitor that tries to uphold a security property within a sandbox. For the second portion, the students are provided each others' reference monitors and then write attack code to try to bypass the reference monitors. By leveraging a Python-based sandbox, student code is isolated cleanly, which simplifies development and grading. These assignments have been used in about a dozen classes in a range of environments, including a research university, online classes, and a four year liberal arts school. Student and instructor feedback has been overwhelmingly positive. Furthermore, survey results demonstrate that after a 2-3 week module, 76% of the students who did not understand reference monitors and access control learned these key security concepts.