Design and Use of a Visualization for Teaching Integer Coercion
Authors: 
Steven Carr, 
Yu Chin Cheng, Yu-Hsiang Hu, Jean Mayo, Ahmed Radwan, Ching-Kuang Shene, James WalkerAuthors Info & Claims
Steven Carr, Yu Chin Cheng, Yu-Hsiang Hu, Jean Mayo, Ahmed Radwan, Ching-Kuang Shene, James WalkerAuthors Info & ClaimsPages 794 - 800
Abstract
The C language is used to develop software that implements fundamental mechanisms used by higher level software to protect data. Yet C continues to be difficult for students to understand and use securely, and integer errors continue to create vulnerabilities. In fact, \em Integer Overflow or Wraparound is listed at position 11 in the 2020 CWE Top 25 Most Dangerous Software Weaknesses. This paper presents the Expression Evaluation (EE) visualization tool that helps students understand the type conversions that take place implicitly within a C program. This tool depicts step-wise the coercions that take place within the compilation of an expression with mixed integer type operands. This enables students to create unlimited examples to test their understanding. We present the results of our evaluation of EE in both a lower-level class and an upper-level class. We also present the results of an expanded evaluation of a complementary integer security education tool Integer Representation (IR) in these same classes. This represents evaluation of IR across a wider student audience; prior evaluations of the IR tool were within classes focused on low-level programming and security. Our evaluation results showed that students in an upper-level course improved their understanding in both IR and EE more significantly than students in a lower-level course. As shown by the data collected from both classes, our tools were easy to use and very effective.
References
[1]
James W. Benham. 1992. A Geometric Approach to Presenting Computer Representations of Integers. SIGCSE Bull. 24, 4 (Dec. 1992), 27--28.
[2]
Derek Ebeling and Rob Santos. 2007. Public Key Infrastructure Visualization. J. Comput. Sci. Coll. 23, 1 (Oct. 2007), 247--254.
[3]
Yi Gu, Nilufer Onder, Ching-Kuang Shene, and Chaoli Wang. 2014. FPAvisual: A Tool for Visualizing the Effects of Floating-Point Finite-Precision Arithmetic. In Proceedings of American Society for Engineering Education Annual Conference. Indianapolis, IN.
[4]
Niakam Kazemi and Shiva Azadegan. 2010. IPsecLite: A Tool for Teaching Security Concepts. In Proceedings of the 41st ACM Technical Symposium on Computer Science Education (Milwaukee, Wisconsin, USA) (SIGCSE '10). ACM, New York, NY, USA, 138--142.
[5]
Yifei Li, Steve Carr, Jean Mayo, Ching-Kuang Shene, and Chaoli Wang. 2012. DTEvisual: A Visualization System for Teaching Access Control Using Domain Type Enforcement. Journal of Computing Science in College 28, 1 (October 2012), 125--132.
[6]
Jun Ma, Jun Tao, Melissa Keranen, Jean Mayo, Ching-Kuang Shene, and Chaoli Wang. 2014. SHAvisual: A Secure Hash Algorithm Visualization Tool. In Proceedings of the 2014 conference on Innovation & technology in computer science education. ACM, 338--338.
[7]
Joerg Herter Robert C. Seacord. 2020. INT02-C. Understand integer conversion rules. https://wiki.sei.cmu.edu/confluence/display/c/INT02-C.+Understand+ integer+conversion+rules. Last accessed 08-Jan-2021.
[8]
Dino Schweitzer and Leemon C. Baird III. 2006. The design and use of interactive visualization applets for teaching ciphers. In Proceedings of the 7th Annual IEEE Information Assurance Workshop. 69--75.
[9]
Dino Schweitzer, Mike Collins, and Leemon C Baird III. 2007. A visual approach to teaching formal models in security. In Proceedings of the 11th Colloquium for Information Systems Security Education (CISSE). 69--75.
[10]
Dino L. Schweitzer, Leemon C. Baird III, Mike D. Collins, Wayne C. Brown, and Mike Sherman. 2006. GRASP: A visualization tool for teaching security protocols. In Proceedings of the 10th Colloquium for Information Systems Security Education. 75--81.
[11]
Jun Tao, Jun Ma, Melissa Keranan, Jean Mayo, and Ching-Kuang Shene. 2012. ECvisual: A Visualization Tool for Elliptic Curve Based Ciphers. In roceedings of the 43rd ACM technical symposium on Computer Science Education. ACM, 571--576.
[12]
Jun Tao, Jun Ma, Melissa Keranen, Jean Mayo, and Ching-Kuang Shene. 2011. DESvisual: A Visualization Tool for the DES Cipher. Journal of Computing Science in College 27, 1 (October 2011), 81--89.
[13]
Jun Tao, Jun Ma, Melissa Keranen, Jean Mayo, Ching-Kuang Shene, and Chaoli Wang. 2014. RSAvisual: A Visualization Tool for the RSA Cipher. In Proceedings of the 45th ACM technical symposium on Computer science education. ACM, 635--640.
[14]
Kenneth Vollmar and Pete Sanderson. 2006. MARS: An Education-oriented MIPS Assembly Language Simulator. In Proceedings of the 37th SIGCSE Technical Symposium on Computer Science Education (Houston, Texas, USA) (SIGCSE '06). ACM, 239--243.
[15]
James Walker, Man Wang, Steven Carr, Jean Mayo, and Ching-Kuang Shene. 2019. Teaching Integer Security Using Simple Visualizations. In Proceedings of the 2019 ACM Conference on Innovation and Technology in Computer Science Education (Aberdeen, Scotland Uk) (ITiCSE '19). ACM, 513--519.
[16]
James Walker, Man Wang, Steve Carr, Jean Mayo, and Ching-Kuang Shene. 2020. A System for Visualizing the Process Address Space in the Context of Teaching Secure Coding in C (SIGCSE '20). ACM, 1033--1039.
[17]
Man Wang, Steve Carr, Jean Mayo, Ching-Kuang Shene, and Chaoli Wang. 2014. MLSvisual: A Visualization Tool for Teaching Access Control Using Multi-Level Security. In Proceedings of the 2014 conference on Innovation & technology in computer science education. ACM, 93--98.
[18]
Justin Warner, David Musielewicz, G. Parks Masters, Taylor Verett, Robert Winchester, and Steven Fulton. 2010. Network Firewall Visualization in the Classroom. J. Comput. Sci. Coll. 26, 2 (Dec. 2010), 88--96.
[19]
Cecile Yehezkel, Mordechai Ben-Ari, and Tommy Dreyfus. 2005. Computer Architecture and Mental Models. In Proceedings of the 36th SIGCSE Technical Symposium on Computer Science Education (St. Louis, Missouri, USA) (SIGCSE '05). ACM, 101--105.
[20]
Xiaohong Yuan, Percy Vega, Yaseen Qadah, Ricky Archer, Huiming Yu, and Jinsheng Xu. 2010. Visualization Tools for Teaching Computer Security. Trans. Comput. Educ. 9, 4 (Jan. 2010), 20:1--20:28.
Index Terms
- Design and Use of a Visualization for Teaching Integer Coercion
Recommendations
A Visualization for Teaching Integer Coercion
ITiCSE '21: Proceedings of the 26th ACM Conference on Innovation and Technology in Computer Science Education V. 2Integer errors continue to create vulnerabilities. In fact, Integer Overflow or Wraparound is listed at position 11 in the 2020 CWE Top 25 Most Dangerous Software Weaknesses. This poster describes the Expression Evaluation (EE) visualization tool that ...
Teaching Integer Security Using Simple Visualizations
ITiCSE '19: Proceedings of the 2019 ACM Conference on Innovation and Technology in Computer Science EducationInteger errors can introduce significant vulnerabilities into C programs. We have developed a program analysis and visualization tool to help students understand integer representation and type conversions with the goal to help students avoid ...
A Capstone Design Project for Teaching Cybersecurity to Non-technical Users
SIGITE '16: Proceedings of the 17th Annual Conference on Information Technology EducationThis paper presents a multi-year undergraduate computing capstone project that holistically contributes to the development of cybersecurity knowledge and skills in non-computing high school and college students. We describe the student-built Vulnerable ...
Comments
Information & Contributors
Information
Published In
February 2022
1049 pages
ISBN:9781450390705
DOI:10.1145/3478431
- General Chairs:
- Larry Merkle,
- Maureen Doyle,
- Program Chairs:
- Judithe Sheard,
- Leen-Kiat Soh,
- Brian Dorn
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 February 2022
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- National Science Foundation
- National Scence Foundation
Conference
SIGCSE 2022
Sponsor:
SIGCSE 2022: The 53rd ACM Technical Symposium on Computer Science Education
March 3 - 5, 2022
RI, Providence, USA
Acceptance Rates
Overall Acceptance Rate 1,787 of 5,146 submissions, 35%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 166Total Downloads
- Downloads (Last 12 months)63
- Downloads (Last 6 weeks)8
Reflects downloads up to 25 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in