Using Visualization to Teach Security

Transcription

1 Using Visualization to Teach Security Dino Schweitzer, Wayne Brown Academy Center for Cyberspace Research, United States Air Force Academy, CO Abstract. Interactive visualization tools have been shown to be an effective means for engaging students in the learning process. Such tools are a form of active learning that have been successfully applied to a wide variety of disciplines in the sciences, engineering, and humanities. Information security is a complex topic that can benefit from judicious design and application of classroom visualizations. At our institution, we have developed a series of interactive visualizations to teach students security concepts in different courses at different levels of experience. This paper describes the approach used to design and implement the visualizations, their use in the classroom, and our experience with their effectiveness in increasing student understanding. Keywords: Security education, visualization, active learning 1 Introduction There has been a great deal of emphasis in recent years on the importance of information security in higher education. This emphasis is a result of an increased awareness of security issues and vulnerabilities, expanded resources for security research, an increasing number of highly publicized attacks on vulnerable systems, and an increasing awareness of computer-related privacy issues. Security issues and principles have been identified as core topic areas for computer science education by the ACM and IEEE recommended curricula [1]. The Colloquium for Information Systems Security Education (CISSE) was founded in 1997 to provide a forum for promoting information security in higher education ( Different schools have taken different approaches for the most effective means of teaching security in undergraduate education. One approach is to integrate topics across the CS curriculum by adding lessons on security concepts in existing courses at the appropriate place [2][3]. A different approach is to create separate security courses and/or set up complete programs and concentrations in security [4][5][6]. Many educators have identified a laboratory component as important element of security education, along with the associated logistical and ethical challenges of teaching hacking tools [7][8][9]. The ability for students to get hands-on experience with current tools and techniques is motivational to students and provides a welcomed break from lectures. A critical aspect in security education is the basic distinction between training and education. Recognition of security professionals in industry is often based on training certificates obtained through well-respected providers. The Center for Academic

2 2 Dino Schweitzer, Wayne Brown Excellence (CAE) program for information assurance education was established by NSA and DHS to identify academic programs that meet stringent requirements in security curriculum and practice [10]. The curricula requirements for the designation, however, are based on mapping topics taught to national training standards. For computing professionals to effectively deal with security issues in the long term, knowledge of current tools and attacks is not sufficient. It is critical to understand the underlying concepts and theory. Effective means for providing that understanding is a challenge. The application of active learning techniques is one means of motivating and engaging students in the learning process [11]. In its simplest form, active learning has been described as involving students in the classroom in activities other than listening that are meaningful and make them think about what they are doing [12]. Such activities can cover a wide variety of techniques from simple classroom dialoging to complex role-playing. A summary of simple techniques that can be applied in any setting can be found in [13]. Visualization can be used to create an active learning environment that effectively teaches security principles. 2. Visualization in the Classroom The use of visualizations to teach computer science concepts has been applied across many topics for several years. The earliest and most documented examples are in the area of algorithm animations [14]. The advent of flash animation and web applets accelerated the number of visualizations available to educators. Web searches can find examples for many computer science courses such as algorithms, data structures, graph theory, computer graphics, automata theory, programming languages, computer security, and hardware demonstrations. The effectiveness of visualizations as an educational tool has been debated in the literature with mixed results [15]. Looking specifically at algorithm visualizations, Saraiya, et. al., attempted to identify key features of successful visualizations [16]. The results of experiments demonstrated that careful design could measurably increase students' understanding of algorithms. In security, visualization has a more recent history as a tool of cyber-defense [17]. Security, and especially network security, is a data-rich environment that benefits from the abstraction and understanding of complex relationships that visualization provides. Several visualization tools have been developed and documented in the security literature to provide such capabilities as intrusion detection, real-time monitoring, data mining and analysis, network traffic analysis, security log investigation, and computer forensics. These tools can make effective classroom demonstrations; however, they are not designed as educational aides for teaching concepts. 2.1 Interactive Classroom Visualizations (ICV s) Interactive classroom visualization (ICV) is a term coined for a visualization tool specifically designed for use in the classroom as an active learning technique [18].

3 Using Visualization to Teach Security 3 The fundamental goal of ICV s is different than normal security visualizations. Typical visualizations are designed to explore and understand data, to identify patterns, to explore relationships, and to monitor activity. ICV s, on the other hand are specifically designed to illustrate concepts such as algorithms, formal models, or processes. As an example, Figure 1 is a sample screen shot from an ICV to teach students the concepts around security protocols. Fig. 1. Screen shot of security protocol ICV. Some of the key design considerations when developing ICV s are: High degree of interactivity for students, including the ability to back up a step to see what just happened and be able to replay it High level of control over environment to allow students to set up specific scenarios or experiment with what if a given situation occurs Visual abstractions that are easy to understand and can be grasped quickly in a classroom environment; also important to maintain consistent representation for similar tools Narrow focus to a single / limited number of concepts to keep the visualization relatively short and not confuse different ideas Selecting concepts to represent that are seen as relevant and benefit from interactive visualization avoid eye candy A robust user interface that can handle inexperienced users and gracefully deal with erroneous input limiting student frustration 2.2 Security ICV s

4 4 Dino Schweitzer, Wayne Brown At the Air Force Academy, we have developed a series of ICV s for teaching security concepts in our classes. These are used in introductory computer classes taken by all cadets, in computer science major s courses, and in security-specific courses such as Cryptography and Information Warfare. Tools are categorized as follows: High level security concepts: tools that demonstrate a general concept such as Public Key Infrastructure Formal models: tools that demonstrate a formal model in security such as access control models Algorithms: tools that demonstrate a specific process or algorithm in security such as a specific encryption approach Low level security concepts: details of specific security concepts such as types of attacks on different encryption methods These categories are somewhat arbitrary, and many tools fit into more than one. The complete list of tools and their brief descriptions are shown in Table 1. A complete description of all of the tools is not possible here, but have been presented in various publications [19][20][21][22]. Table 1. Security ICV s, categories, and descriptions Tool Category Brief Description PKIVis High Level Demonstrates concepts of public key infrastructure in a game-like environment GRASP High Level Illustrates the use of security protocols and various attacks and counters TakeGrant Formal Model Allows user to create a Take-Grant protection system and demonstrate safety HRUVis Formal Model Implements a sample Harrison, Ruzzo, and Ullman access control model and allows users to demonstrate safety issues BBCVis Algorithm Demonstrates jam resistant communication using concurrent codes and BBC algorithm Ciphers Algorithms/ Seven different cipher applets that demonstrate Low Level specific encryption algorithms, weaknesses, and attacks CodeBlue Low Level Demonstrates relocatable code in a game-like environment similar to Core War 3. Some Examples Some specific examples will be used to describe the overall design philosophy and general approach to security ICV s. In our Cryptography class, we teach several historical and modern cipher algorithms, explain weaknesses and attacks, and perform numerical analyses. To help students understand the various algorithms, we have

5 Using Visualization to Teach Security 5 developed a series of interactive applets that visually show the cipher operation, various characteristics of the cipher including weaknesses, and possible ways of breaking the cipher. All of the ciphers follow a similar visual format to provide continuity to the students as to function and abstraction. For example, Figure 2 shows screen shots from two of the applets. The left cipher is a simple substitution cipher that students are very familiar with. The right screen shows the Vigenere cipher, a historically significant cipher in the sense that it was thought secure for many years before being shown to be easily broken. The layout of the tools is very similar with information regarding plaintext, keys, and ciphertext in similar locations. Students have the ability to select the plaintext and the key so they can experiment with the effect of different values. Tabbed panes are used to isolate specific characteristics or attacks on the ciphers. These may be static displays, as the case of two-letter diagram frequencies shown for the substitution cipher, or interactive as the sliding letter frequency on the right. The classroom instructor can demonstrate very quickly how to break the Vigenere cipher by interactively sliding through different possible key letter values until a best fit in letter frequency occurs. To prove this to the students, the secret button creates an unknown plaintext, shows the ciphertext, and it is up to the student to break the code and discover the plaintext. Fig. 2. Screen shots from cipher applets. Figure 3 shows an example of an ICV for teaching a formal model in security, in this example the Take-Grant protection model. Students graphically create a protection scheme environment on the right and create commands in the model that demonstrate how protection rights can be transferred. Formal models are important for security students to understand as a means to evaluate proposed security schemes, their capabilities and limitations. In this example, students demonstrate that a given protection scheme is unsafe by creating a set of commands that, when executed, transfer a given right to a given subject. The ICV allows the student to single step through the commands, see the effects on the graphical display, and back up if they

6 6 Dino Schweitzer, Wayne Brown want to better understand what just happened. They also have complete control to set up the environment, edit the commands, and create a graphical layout that is easy to visualize what is happening. Fig. 3. Screen shot for Take-Grant formal protection model ICV. 4. Classroom Use The security ICV s are not designed as standalone educational demonstrations, although they could be embedded on a web page with explanatory text. They are primarily designed as a lecture enhancement to provide an interactive visual component to the classroom. Typically, the instructor explains a concept and demonstrates the concept with the ICV. To engage the students, the instructor can give the students the tools to experiment with along with a set of problems or questions to answer, either in class or as an outside exercise. Another effective approach is to play what if games in the class, where after demonstrating the tool s use, the instructor sets up a different environment and asks the students to predict what the effects will be. Or, the instructor challenges the students to use the tool in front of their peers to complete a task, such as breaking a cipher. The tools can be used by individual students, or as a collaborative exercise for student teams. 5. Our Experience / Future Plans We have used these ICV s in various classes over the past three years. Our program is small, so it is difficult to perform an objective study of their effectiveness in terms of a control group and measuring differences in performance on concept assessment. Student reaction has been very positive. They consistently rate the use of ICV s as enjoyable on course critiques and favorably interact with them in the classroom. We have given students problems to complete with the tools outside of class, and they have a high success rate. Based on the success of the formal model tools, we were able to reduce the number of lectures dedicated to teaching the models. The cipher

7 Using Visualization to Teach Security 7 applets are popular for teaching basic concepts and have been used in our summer orientation program for high school students as a fun activity. Thus, even without a formal evaluation of their educational effectiveness, the motivational aspects of using them as a form of active learning encourages us to continue their use. Our future plans are to continue using the existing tools, refining them and correcting any bugs. In addition, a number of additional tools are under investigation for possible development including worm propagation, buffer overflow (some tools currently exist online for this), and other formal models. We have put some of the tools on a web page for students to access, but do not have a distance learning element at our school, so have not investigated using them in an e-learning environment. The tools are available for public use upon request. Contact the author for further information. References 1. Computing Curricula 2005, education/cc2001/cc2005-march06final.pdf 2. Petrova, K., Philpott, A., Kaskenpalo, P., and Buchan, J Embedding information security curricula in existing programmes. In Proceedings of the 1st Annual Conference on information Security Curriculum Development (Kennesaw, Georgia, October 08-08, 2004). InfoSecCD '04. ACM Press, New York, NY, Vaughn, R. B., Dampier, D. A., and Warkentin, M. B Building an information security education program. In Proceedings of the 1st Annual Conference on information Security Curriculum Development (Kennesaw, Georgia, October 08-08, 2004). InfoSecCD '04. ACM Press, New York, NY, Azadegan, S., Lavine, M., O'Leary, M., Wijesinha, A., and Zimand, M An undergraduate track in computer security. In Proceedings of the 8th Annual Conference on innovation and Technology in Computer Science Education (Thessaloniki, Greece, June 30 - July 02, 2003). D. Finkel, Ed. ITiCSE '03. ACM Press, New York, NY, Bacon, T. and Tikekar, R Experiences with developing a computer security information assurance curriculum. J. Comput. Small Coll. 18, 4 (Apr. 2003), Crowley, E Information system security curricula development. In Proceeding of the 4th Conference on information Technology Curriculum (Lafayette, Indiana, USA, October 16-18, 2003). CITC4 '03. ACM Press, New York, NY, Mattord, H. J. and Whitman, M. E Planning, building and operating the information security and assurance laboratory. In Proceedings of the 1st Annual Conference on information Security Curriculum Development (Kennesaw, Georgia, October 08-08, 2004). InfoSecCD '04. ACM Press, New York, NY, Haynes, A. and Stratton, T. Cyber Defense 2003 & Information Assurance Education. In Proceedings IEEE 2003 International Conference on Systems, man & Cybernetics. Oct Schafer, J., Ragsdale, D. J., Surdu, J. R., and Carver, C. A The IWAR range: a laboratory for undergraduate information assurance education. In Proceedings of the Sixth Annual CCSC Northeastern Conference on the Journal of Computing in Small Colleges (Middlebury, Vermont, United States). Consortium for Computing Sciences in Colleges. Consortium for Computing Sciences in Colleges, Schweitzer, D., Humphries, J., and Baird, L., "Meeting the criteria for a center of academic excellence (CAE) in information assurance education," J. Comput. Small Coll. October 2006.

8 8 Dino Schweitzer, Wayne Brown 11. Chickering, A. and Gamson, Z. Seven principles of good practice in undergraduate education. AAHE Bulletin, 39, pp. 3-7, Bonwell, C., and Eison, J. Active Learning: Creating Excitement in the Classroom. ASHE- ERIC Higher Education Report 1, Paulson, D. and Faust, J. Active learning in the college classroom. Journal on Excellence in College Teaching, vol. 9 (2), pp. 3-24, Brown, M. Perspectives on algorithm animation. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Washington, D.C., United States, May 15-19, 1988). J. J. O'Hare, Ed. CHI '88. pp Hundhausen, C., Douglas, S., and Stasko, J. A meta-study of algorithm visualization effectiveness. Journal of Visual Languages and Computing 13, pp , Saraiya, P., Shaffer, C. A., McCrickard, D. S., and North, C. Effective features of algorithm visualizations. In Proceedings of the 35th SIGCSE Technical Symposium on Computer Science Education (Norfolk, Virginia, USA, March 03-07, 2004). SIGCSE '04, pp Ma, K Cyber security through visualization. In Proceedings of the 2006 Asia-Pacific Symposium on information Visualisation - Volume 60 (Tokyo, Japan). K. Misue, K. Sugiyama, and J. Tanaka, Eds. ACM International Conference Proceeding Series, vol Australian Computer Society, Darlinghurst, Australia, Schweitzer, D. and Brown, W., Interactive Visualization for the Active Learning Classroom, Proceedings of the 38th ACM Technical Symposium on Computer Science Education, SIGSCE 2007, March Ebeling, D. and Santos, R. Public Key Infrastructure Visualization, J. Comput. Small Coll. October Schweitzer D., Baird L., Collins M., Brown W., Sherman M., "GRASP: A visualization tool for teaching security protocols," Proceedings of the 10th Colloquium for Information Systems Security Education, June Schweitzer D. and Baird L., "The design and use of interactive visualization applets for teaching ciphers," Proceedings of the 7th IEEE Workshop on Information Assurance, June Schweitzer D., Collins M., Baird L., "A Visual Approach to Teaching Formal Access Models in Security," Proceedings of the 11th Colloquium for Information Systems Security Education, June 2007.