research-article

Moving beyond security tracks: integrating security in cs0 and cs1

Authors:

Shiva AzadeganAuthors Info & Claims

SIGCSE '08: Proceedings of the 39th SIGCSE technical symposium on Computer science education

Pages 320 - 324

https://doi.org/10.1145/1352135.1352246

Published: 12 March 2008 Publication History

Abstract

In response to the national computer security crisis, colleges and universities have developed security tracks and specialized security courses. While security tracks are effective at producing security experts, they only reach a small subset of students and occur after students have established a foundation of coding techniques. Most undergraduate computing students learn programming and design with little regard to security issues.

To complement our security track and reach all computing students at the beginning of their studies, we piloted security integration across sections of CS0 and CS1, using a series of security laboratory modules. Preliminary results show increased security knowledge in the security-targeted sections. This paper describes the details and results of this pilot, which serves as a model for further integration throughout the CS curriculum.

References

[1]

Azadegan, S., Lavine, M., O'Leary, M., Wijesinha, A. and M. Zimand. 2006. Undergraduate Computer Security Education: A Report on our Experiences & Learning. Proceedings of Seventh Workshop on Education in Computer Security, Monterey, CA.

[2]

Bishop, M. and Frincke, D. 2005. Teaching Secure Programming, IEEE Security and Privacy 3(5) pp. 54--56, Sep. 2005.

Digital Library

[3]

Bishop, M. 2006. Teaching Assurance Using Checklists, Seventh Workshop on Education in Computer Security, Monterey, CA.

[4]

CERT Coordination Center, 2007. http://www.cert.org/stats.

[5]

Davis, J. and Dark, M, 2003. Teaching Students to Design Secure Systems, IEE Security and Privacy, Vol. 1, Num. 2, March 2003.

Digital Library

[6]

Gilliam, D., Wolfe, T., Sherif, J., and Bishop, M. 2003. Software Security Checklist for the Software Life Cycle, Proceedings of the Twelfth IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises.

Digital Library

[7]

Graff, M. and van Wyck, K. 2003. Secure Coding: Principles and Practices, O'Reilly, Sebastopol, CA.

Digital Library

[8]

Hoglund, G. and McGraw, G., 2004. Exploiting Software: How to Break Code, Addison-Wesley, Boston

Digital Library

[9]

Howard, M. and LeBlanc, D. 2003. Writing Secure Code, Microsoft Press, Redmund, WA.

Digital Library

[10]

Irvine, C.E., Chin, S. and Frincke, D. 1998, Integrating Security into the Curriculum, IEEE Computer, pp. 25--30., Dec. 1998

Digital Library

[11]

Levin, I. and Lieberman, E., 2000. Developing Analytical and Synthetic Thinking in Technology Education, Proceedings of International Conference on Technology Education, Braunshweig, Germany.

[12]

Perrone, L.F, Aburdene, M. and Meng, X.2005. Approaches to undergraduate instruction in computer security, Proceedings of the American Society for Engineering Education Annual Conference and Exhibition, ASEE 2005.

[13]

SANS Institiute, New Report Identifies the Three Programming Errors Most Frequently Responsible For Critical Security Vulnerabilities and Security Incidents in 2006, 2007. http://www.sans-ssi.org/top_three.pdf

[14]

Seacord, R., 2006, Secure Coding in C and C++ Of Strings, and Integers, IEEE Security and Privacy, 2006.

Digital Library

[15]

Taylor, B. and Azadegan, S., 2006, Threading Secure Coding Principles and Risk Analysis into the Undergraduate Computer Science and Information Systems Curriculum, Proceedings of Information Security Curriculum Development Conference. Kennesaw, GA.

Digital Library

[16]

Taylor, B. and Azadegan, S., 2007, Using Security Checklists and Scorecards in CS Curriculum, Proceedings of the National Colloquium for Information Systems Security Education, Boston, MA.

[17]

Taylor, B. and Azadegan, S., 2007. Teaching Security through Active Learning, Frontiers in Education: Computer Science and Engineering, 2007, Los Vegas, NV.

[18]

Vaughn, Jr., R. 2000. Application of security to the computing science classroom, Proceedings of the thirty-first SIGCSE technical symposium on Computer science education, p.90--94, Austin, TX.

Digital Library

[19]

Viega, J. and McGraw, G. 2002. Building Secure Software, Addison-Wesley, Boston.

[20]

White, G. and Nordstrom, G. 1996. Security across the curriculum: using computer security to teach computer science principles. Proc. 19th Nat'l Information Systems Security Conf., Baltimore, MD, 1996.

[21]

Yasinac, A. and J.T. McDonald, J.T., Foundations for Security Awareness Curriculum, Proceedings of the 39th Hawaii International Conference in System Sciences, 2006.

Digital Library

Cited By

Resch C(2023)Creating Defensive Programmers : Evaluating the Impact of Adding Cybesecurity Topics to Core Computer Science CoursesProceedings of the 2023 ACM Conference on International Computing Education Research - Volume 210.1145/3568812.3603465(87-91)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.1145/3568812.3603465
Ramaprasad HBahamón JJones RWatson SZhang JSherriff MHeckman SCutter PMonge A(2020)Incorporating Embedded Systems Security Awareness into a Computer Science Course via Minimal InterventionsProceedings of the 51st ACM Technical Symposium on Computer Science Education10.1145/3328778.3372666(1365-1365)Online publication date: 26-Feb-2020
https://dl.acm.org/doi/10.1145/3328778.3372666
Trono J(2018)CS1 programming assignments that can help to increase awareness of cybersecurity issuesJournal of Computing Sciences in Colleges10.5555/3282588.328260034:2(80-86)Online publication date: 1-Dec-2018
https://dl.acm.org/doi/10.5555/3282588.3282600
Show More Cited By

Index Terms

Moving beyond security tracks: integrating security in cs0 and cs1

Recommendations

Moving beyond security tracks: integrating security in cs0 and cs1
SIGCSE 08

In response to the national computer security crisis, colleges and universities have developed security tracks and specialized security courses. While security tracks are effective at producing security experts, they only reach a small subset of ...
Security in computer literacy: a model for design, dissemination, and assessment
SIGCSE '11: Proceedings of the 42nd ACM technical symposium on Computer science education

While many colleges offer specialized security courses and tracks for students in computing majors, there are few offerings in information security for the non-computing majors. Information security is becoming increasingly critical in many fields, yet ...
Security injections: modules to help students remember, understand, and apply secure coding techniques
ITiCSE '11: Proceedings of the 16th annual joint conference on Innovation and technology in computer science education

With our global reliance on software, secure and robust programming has never been more important. Yet academic institutions have been slow to add secure coding to the curriculum. We present a model using checklist-based security injection modules to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGCSE '08: Proceedings of the 39th SIGCSE technical symposium on Computer science education

March 2008

606 pages

ISBN:9781595937995

DOI:10.1145/1352135

General Chairs:
J. D. Dougherty
Haverford College
,
Susan Rodger
Duke University
,
Program Chairs:
Sue Fitzgerald
Metropolitan State University
,
Mark Guzdial
Georgia Institute of Technology

ACM SIGCSE Bulletin Volume 40, Issue 1
SIGCSE 08
March 2008
549 pages
ISSN:0097-8418
DOI:10.1145/1352322
Issue’s Table of Contents

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 March 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGCSE '08

Sponsor:

SIGCSE '08: The 39th ACM Technical Symposium on Computer Science Education

March 12 - 15, 2008

OR, Portland, USA

Acceptance Rates

Overall Acceptance Rate 1,595 of 4,542 submissions, 35%

Upcoming Conference

SIGCSE Virtual 2024

Sponsor:
sigcse

1st ACM Virtual Global Computing Education Conference

December 5 - 8, 2024

Virtual Event , NC , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
543
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)2

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Resch C(2023)Creating Defensive Programmers : Evaluating the Impact of Adding Cybesecurity Topics to Core Computer Science CoursesProceedings of the 2023 ACM Conference on International Computing Education Research - Volume 210.1145/3568812.3603465(87-91)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.1145/3568812.3603465
Ramaprasad HBahamón JJones RWatson SZhang JSherriff MHeckman SCutter PMonge A(2020)Incorporating Embedded Systems Security Awareness into a Computer Science Course via Minimal InterventionsProceedings of the 51st ACM Technical Symposium on Computer Science Education10.1145/3328778.3372666(1365-1365)Online publication date: 26-Feb-2020
https://dl.acm.org/doi/10.1145/3328778.3372666
Trono J(2018)CS1 programming assignments that can help to increase awareness of cybersecurity issuesJournal of Computing Sciences in Colleges10.5555/3282588.328260034:2(80-86)Online publication date: 1-Dec-2018
https://dl.acm.org/doi/10.5555/3282588.3282600
Voorhees DDas AChoi C(2017)Injecting and assessing cybersecurity topics within a computer science programJournal of Computing Sciences in Colleges10.5555/3069658.306967032:6(54-66)Online publication date: 1-Jun-2017
https://dl.acm.org/doi/10.5555/3069658.3069670
Chung SWu YEscrig TEndicott-Popovsky B(2014)Toward software assuranceJournal of Computing Sciences in Colleges10.5555/2591468.259149229:4(134-144)Online publication date: 1-Apr-2014
https://dl.acm.org/doi/10.5555/2591468.2591492
Dangler JBarrett M(2013)Security teaching modules for computer science coursesJournal of Computing Sciences in Colleges10.5555/2535418.253544629:2(178-183)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.5555/2535418.2535446
Zhu JLipford HChu BCamp TTymann PDougherty JNagel K(2013)Interactive support for secure programming educationProceeding of the 44th ACM technical symposium on Computer science education10.1145/2445196.2445396(687-692)Online publication date: 6-Mar-2013
https://dl.acm.org/doi/10.1145/2445196.2445396
Xie JChu BLipford HMelton JZakon RMcDermott JLocasto M(2011)ASIDEProceedings of the 27th Annual Computer Security Applications Conference10.1145/2076732.2076770(267-276)Online publication date: 5-Dec-2011
https://dl.acm.org/doi/10.1145/2076732.2076770
Hakimzadeh HAdaikkalavan RBatzinger RWagnon EBucher JWolff T(2011)Successful implementation of an active learning laboratory in computer scienceProceedings of the 39th annual ACM SIGUCCS conference on User services10.1145/2070364.2070386(83-86)Online publication date: 12-Nov-2011
https://dl.acm.org/doi/10.1145/2070364.2070386
Park MWhitman MZafar H(2011)Embedding security into visual programming coursesProceedings of the 2011 Information Security Curriculum Development Conference10.1145/2047456.2047469(84-93)Online publication date: 30-Sep-2011
https://dl.acm.org/doi/10.1145/2047456.2047469
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents