Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building Security In January 2009 Workshop Harry Hochheiser, Building Security In: January 2009 Workshop Harry Hochheiser Towson.

Published byChester Hoover Modified over 8 years ago

Similar presentations

Presentation on theme: "Building Security In January 2009 Workshop Harry Hochheiser, Building Security In: January 2009 Workshop Harry Hochheiser Towson."— Presentation transcript:

1 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Building Security In: January 2009 Workshop Harry Hochheiser Towson University Department of Computer and Information Sciences 410 704 3090 http://triton.towson.edu/~hhochhei/

2 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Today's Goals Review Project Discuss specifics: CS0, CS1, CS2, CIS0 – How to use materials, how to assess, etc.. Plan, revise, brainstorm, etc...

3 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Project Goals and Motivations Students need better background in computer security – Or, any background? Can't just add required classes – “too little, too late” Security track and classes limited in impact – Too few students How to add security earlier without detracting from other material?

4 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Approach: Security Injections Self-contained modules Based on labs from traditional sciences “Drop-in” to existing classes Minmally-invasive: no class time necessary.

5 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Past and Future Work Past: successful deployment in CS 0 and CS1 at Towson – Taylor & Azadegan, SIGCSE 2008 Future: Expand Depth: add numerous new classes  CS2, CIS0, Web, DB, networks.  Others? Breadth: Deploy to  Anne Arundel, Baltimore County, Harford, Bowie State  Others?

6 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Process Towson, Bowie State develop materials, pilot and train Community colleges deploy and assist with assessment TU and BSU assess and revise MAISA recreates

7 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Current Status Draft materials for CS0, CS1, CS2 available on Wiki – Integer Overflow, Buffer Overflow, Input Validation – Modules – Learning objectives (with mappings to assignments) – Sample Assessment exercises CIS0 under development – phishing

8 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Timeline: Short term January 2009 Training Spring 2009 – CS0, CS1 deployed at TU, pilot at BSU, partners? – CS2 Pilot at TU – CIS0 Pilot @ BSU – Develop Materials for Database Summer 2009 – Train BSU and partners on CS2 – Train TU,BSU on CIS0 and DB – Analyze Data

9 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Assessment Success: – Lots of students learn more about security – Many institutions adopt our materials How do we document pedagogical success? – Awareness and interest surveys – Faculty responses – Specific exercises on quizzes/exams for content.

10 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Security Injections: Contents Background – Description – Risk – how can it happen? – Example of occurrence – Example in Code – How can I avoid? lab/homework assignment – security checklist – discussion questions security scorecard – use checklist to grade any code.

11 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Security Awareness Survey “ What are the possible consequences of insufficient computer security?” “Integer overflow occurs...” Which programming mistake is one of the major vulnerabilities in today's applications” “Which of the following should your well-designed program do before processing user input?” 7 demographic questions Nothing asking about previous exposure to security concerns in courses – should we add it? Online – through studentvoice.com

12 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu The Process Start of semester – give awareness survey – Online, via link to be provided Assign modules when appropriate – it's up to you – Use checklists as grading scorecards – Possibly retain some for our research Assess student learning – Example exercises for quizzes/exams given in assessment docs Repeat awareness survey at end of semester.

13 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Questions What will it take to make this work well? How can we get colleagues to adopt? What project support is needed? What institutional support is needed? Are there issues specific to your context that we should know about?

14 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu The wiki http://triton.towson.edu/~cssecinj/dokuwiki http://www.dokuwiki.org/manual Demonstration...

15 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu CS0, CS1, CS2 Integer Overflow Input Validation Buffer Overflow Other topics? – General introduction to vulnerabilities? C++ and Java versions

16 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Objectives CS0CS1CS2 Describe the vulnerabilityXX X Describe potential problems that may result from the vulnerability XXX Identify vulnerabilities in a simple program written in the language of instruction XX X Discuss general strategies for mitigating vulnerabilities X X Write code that uses appropriate techniques to mitigate or avoid the vulnerability XX Revise a program, eliminating vulnerabilities X Discuss the impact of the choice of programming language on susceptibility to the vulnerability X

17 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Example: Buffer Overflow for CS2 Example in Code public class BufferOverflow { public static void main(String[] args) { int[] vals = new int[10]; for (int i = 0; i <20; i++) { vals[i] = i; } Tips for avoiding: validate indices, don't allocate storage until needs are known, etc.. Assignment: Write a procedure that will copy an arbitrary subrange of one array of integers into an other array.

18 Building Security In January 2009 Workshop Harry Hochheiser, hhochheiser@towson.edu Thoughts, reactions? Breakout into groups by topic or class Discuss in details – What works, what doesn't Download from wiki, revise upload

Download ppt "Building Security In January 2009 Workshop Harry Hochheiser, Building Security In: January 2009 Workshop Harry Hochheiser Towson."

Similar presentations

Green IS in Teaching – Specialist or Generalist? C. Pattinson Leeds Metropolitan University N.A. Gordon University of Hull.

Green IS in Teaching – Specialist or Generalist? C. Pattinson Leeds Metropolitan University N.A. Gordon University of Hull.
JISC Electronic Detection of Plagiarism Pilot Impact of Electronic Plagiarism Detection Software The University of Aberdeen Experience.

JISC Electronic Detection of Plagiarism Pilot Impact of Electronic Plagiarism Detection Software The University of Aberdeen Experience.
Providing access to your data: Determining your audience Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International.

Providing access to your data: Determining your audience Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International.
Requested Faculty Input 4 Packages 1.Course catalog description, List of CLO (Achieved) 2.List of assessments, List of activities- Today 3.Course topics.

Requested Faculty Input 4 Packages 1.Course catalog description, List of CLO (Achieved) 2.List of assessments, List of activities- Today 3.Course topics.
The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,

The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,
Deconstructing Standard 2c Angie Gant, Ed.D. Truett-McConnell College 1.

Deconstructing Standard 2c Angie Gant, Ed.D. Truett-McConnell College 1.
1 Undergraduate Curriculum Revision Department of Computer Science February 10, 2010.

1 Undergraduate Curriculum Revision Department of Computer Science February 10, 2010.
Outreach, Education and Technical Assistance: What We Can Do Differently Jurij Homziak Lake Champlain Sea Grant.

Outreach, Education and Technical Assistance: What We Can Do Differently Jurij Homziak Lake Champlain Sea Grant.
Building Security In: Injecting Security throughout the Undergraduate Computing Security.

Building Security In: Injecting Security throughout the Undergraduate Computing Security.
Cyber Education Project Accreditation Committee November 2014.

Cyber Education Project Accreditation Committee November 2014.
Teaching Accessibility & Universal Design Concepts Through the Use of Public Policy Projects Dr. Jonathan Lazar Dept of Computer and Information Sciences.

Teaching Accessibility & Universal Design Concepts Through the Use of Public Policy Projects Dr. Jonathan Lazar Dept of Computer and Information Sciences.
© Copyright CSAB 2013 Future Directions for the Computing Accreditation Criteria Report from CAC and CSAB Joint Criteria Committee Gayle Yaverbaum Barbara.

© Copyright CSAB 2013 Future Directions for the Computing Accreditation Criteria Report from CAC and CSAB Joint Criteria Committee Gayle Yaverbaum Barbara.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
E-learning at the University of Qatar Experience and the Future By: Adil Yousif, Ph D. Department of Mathematics and Physics, College of Arts and Science,

E-learning at the University of Qatar Experience and the Future By: Adil Yousif, Ph D. Department of Mathematics and Physics, College of Arts and Science,
Scholarship of Teaching: An Introduction New Fellows Orientation April 17, 2008 SoTL Fellows 2008-2009.

Scholarship of Teaching: An Introduction New Fellows Orientation April 17, 2008 SoTL Fellows
Computer Science ABET Visit Update November 8, 2003.

Computer Science ABET Visit Update November 8, 2003.
Basics of Good Documentation Document Control Systems

Basics of Good Documentation Document Control Systems
ABET Accreditation Status CISE IAB MeeertingJanuary 24, 20121 CEN program fully ABET-accredited (in 2006) until 2012: no concerns, no weaknesses, no deficiencies.

ABET Accreditation Status CISE IAB MeeertingJanuary 24, CEN program fully ABET-accredited (in 2006) until 2012: no concerns, no weaknesses, no deficiencies.
CSE 131 Computer Science 1 Module 1: (basics of Java)

CSE 131 Computer Science 1 Module 1: (basics of Java)
Using Portfolio Assessment to Discover Student Learning Barbara J. D’Angelo, Ph.D. Arizona State University Association for Business Communication Annual.

Using Portfolio Assessment to Discover Student Learning Barbara J. D’Angelo, Ph.D. Arizona State University Association for Business Communication Annual.

Similar presentations

Ads by Google