Threading secure coding principles and risk analysis into the undergraduate computer science and information systems curriculum

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Threading secure coding principles and risk analysis into the undergraduate computer science and information systems curriculum

Full text

Pdf (74 KB)

Source

Information security curriculum development archive
Proceedings of the 3rd annual conference on Information security curriculum development table of contents

Kennesaw, Georgia

SESSION: Pedagogy table of contents

Pages: 24 - 29

Year of Publication: 2006

ISBN:1-59593-437-5

Authors

Blair Taylor	Towson University
Shiva Azadegan	Towson University

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 17, Downloads (12 Months): 96, Citation Count: 2

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1231047.1231053 What is a DOI?

ABSTRACT

Most computer security issues can be attributed to software vulnerabilities. The number of software vulnerabilities continues to increase. Building secure systems requires incorporating security principles early and throughout the software development life cycle. Education of current and future software developers must include secure coding and design principles. Towson University, as a designated National Center of Academic Excellence in Information Security and Assurance Education, presents the ideal platform for a "security across the curriculum" effort. To supplement our undergraduate security track for computer science majors, we propose threading security touchpoints and risk analysis into the core courses and a subset of follow-up courses. This plan includes sample labs to enforce secure coding mantras, a black hat/white hat approach for identifying and mitigating risks, and evaluation and assessment using checklists and scorecards.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Axelle Apvrille , Makan Pourzandi, Secure Software Development by Example, IEEE Security and Privacy, v.3 n.4, p.10-17, July 2005 [doi>10.1109/MSP.2005.103]
	2	S. Azadegan , M. Lavine , M. O'Leary , A. Wijesinha , M. Zimand, A dedicated undergraduate track in computer security education, Security education and critical infrastructures, Kluwer Academic Publishers, Norwell, MA, 2003
	3	S. Azadegan , M. Lavine , M. O'Leary , A. Wijesinha , M. Zimand, An undergraduate track in computer security, Proceedings of the 8th annual conference on Innovation and technology in computer science education, June 30-July 02, 2003, Thessaloniki, Greece
	4	S. Azadegan, M. Lavine, M. O'Leary, A. Wijesinha, and M. Zimand. Undergraduate Computer Security Education: A Report on our Experiences & Learning. Proceedings of Seventh Workshop on Education in Computer Security (WECS 7), January 2006, Monterey, California.
	5	Matt Bishop , Deborah A. Frincke, Teaching Secure Programming, IEEE Security and Privacy, v.3 n.5, p.54-56, September 2005 [doi>10.1109/MSP.2005.133]
	6	M. Bishop, D. Frincke. Teaching Robust Programming, IEEE Security & Privacy, 2004, 54--57.
	7	CERT/CC. CERT/CC Statistics 1988--2006. http://www.cert.org/stats/certstats.html {May 2006}.
	8	Mark G. Graff , Kenneth R. Van Wyk, Secure Coding: Principles and Practices, O'Reilly & Associates, Inc., Sebastopol, CA, 2003
	9	Greg Hoglund , Gary McGraw, Exploiting Software: How to Break Code, Pearson Higher Education, 2004
	10	Michael Howard , David E. Leblanc, Writing Secure Code, Microsoft Press, Redmond, WA, 2002
	11	Cynthia E. Irvine , Shiu-Kai Chin , Deborah Frincke, Integrating Security into the Curriculum, Computer, v.31 n.12, p.25-30, December 1998 [doi>10.1109/2.735847]
	12	Gary McGraw, Software Security: Building Security In, Addison-Wesley Professional, 2006
	13	Microsoft Corporation. Trustworthy Computing Curriculum 2004 RFP Awards, http://research.microsoft.com/ur/us/fundingopps/TWC_CurriculumRFPAwards.aspx#Cornell_University
	14	L. F. Perrone, M. Aburdene, and X. Meng. Approaches to undergraduate instruction in computer security, Proceedings of the American Society for Engineering Education Annual Conference and Exhibition, ASEE 2005.
	15	President's Information Technology Advisory Committee (PITAC), Cyber Security: A Crisis of Prioritization, National Coordination Office for Information Technology Research and Development, Arlington, VA, http://www.nitrd.gov/pitac/reports/20050301 cybersecurity/cybersecurity.pdf (2005
	16	J. Ryan and D. Ryan. "Institutional and Professional Liability in Information Assurance Education," 2002, www.danjryan.com/Institutional%20and%20Professional%20Liability%20in%20Information%20Assurance%20Education.doc
	17	J. Saltzer and M. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9), September 1975.
	18	Frank Swiderski , Window Snyder, Threat Modeling, Microsoft Press, Redmond, WA, 2004
	19	J. Viega and G. McGraw. Building Secure Software, Addison-Wesley, Boston, 2002.

CITED BY 2

	Blair Taylor , Shiva Azadegan, Moving beyond security tracks: integrating security in cs0 and cs1, ACM SIGCSE Bulletin, v.40 n.1, March 2008
	A. Agrawal , R. A. Khan, Impact of inheritance on vulnerability propagation at design phase, ACM SIGSOFT Software Engineering Notes, v.34 n.4, July 2009