Integrating Software Assurance and Secure Programming Concepts and Mindsets into an Undergraduate Computer Science Program



Similar documents
Cybersecurity Major. College of Arts and Letters Interdisciplinary Studies. Program Guide. Version 3 August 2015.

DESIGNING WEB LABS FOR TEACHING SECURITY CONCEPTS ABSTRACT

A Systems Engineering Approach to Developing Cyber Security Professionals

The USNA Cyber Program

Information Assurance Program at West Point

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Assessment for Master s Degree Program Fall Spring 2011 Computer Science Dept. Texas A&M University - Commerce

COMPUTER SCIENCE, BACHELOR OF SCIENCE (B.S.)

MS In Forensic Computing (MSFC) Saint Joseph s College. (33 Credits, including a Practicum/Internship)

UNO COLLEGE OF INFORMATION SCIENCE & TECHNOLOGY

UNO COLLEGE OF INFORMATION SCIENCE & TECHNOLOGY

Introduction to Cyber Security / Information Security

CDS and Clearing Limited Thapathali, Kathmandu 7 th Level (Technical) Syllabus

Assessment Plan for CS and CIS Degree Programs Computer Science Dept. Texas A&M University - Commerce

School of Management and Information Systems

COURSE TITLE COURSE DESCRIPTION

Computer Science and Information Systems

Secure Code Development

Eastern Washington University Department of Computer Science. Questionnaire for Prospective Masters in Computer Science Students

Department of Computer Science and Engineering. BA in Information Technology

Department of Computer Science

The Importance of Using Hacker Contests and Mindset in Teaching Networks and Information Assurance

One LAR Course Credits: 3. Page 4

MICHIGAN TEST FOR TEACHER CERTIFICATION (MTTC) TEST OBJECTIVES FIELD 050: COMPUTER SCIENCE

Protect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance

Other Required Courses (14-18 hours)

Department of Computer Science

M.Tech. Software Systems

INFORMATION SCIENCE. INFSCI 0010 INTRODUCTION TO INFORMATION SCIENCE 3 cr. INFSCI 0015 DATA STRUCTURES AND PROGRAMMING TECHNIQUES 3 cr.

ACADEMIC YEAR SCHOOL OF INFORMATION TECHNOLOGY. AS in INFORMATION TECHNOLOGY COMPUTER INFORMATION SYSTEMS. BS in INFORMATION TECHNOLOGY

Collective Views of the NSA/CSS Cyber Defense Exercise on Curricula and Learning Objectives

College of Science Department of Mathematics and Computer Science. Assessment Plan Computer Science and Computer Networks

BUSINESS TECHNOLOGY (BTE)

Department of Computer Science

Contents The College of Information Science and Technology Undergraduate Course Descriptions

WJEC GCSE in Computer Science Computer Science Microsoft IT Academy Mapping

Center of Academic Excellence Cyber Operations Program 2013 Application

Course Bachelor of Information Technology majoring in Network Security or Data Infrastructure Engineering

INFORMATION SYSTEMS AND TECHNOLOGY MANAGEMENT

University of Northern Iowa College of Business Administration Master of Business Administration Learning Assurance Program Last updated April 2009

Bellevue University Cybersecurity Programs & Courses

Electrical and Computer Engineering Undergraduate Advising Manual

AC : AN INTERDISCIPLINARY APPROACH TO INFORMATION SYSTEMS SECURITY EDUCATION: A CASE STUDY

M.S. in Business and Information Systems

Testing for Security

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Undergraduate Catalog

How To Get A Computer Science Degree

BS Computer Science ( )

Department of Computer Science

Centers of Academic Excellence in Cyber Security (CAE-C) Knowledge Units Review

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

Session T1A Building an Undergraduate Computer Science Research Experience

TEACHING COMPUTER SECURITY TO UNDERGRADUATES A Hands-On Approach

Core Curriculum to the Course:

Eastern Washington University Department of Computer Science. Questionnaire for Prospective Masters in Computer Science Students

Preface to the Fourth Edition

What Every (Software) Engineer Needs To Know About Security. -- and -- Where To Learn It

Bachelor of Science: Computer Information Systems (CIS) SCHOOL OF MEDIA AND DESIGN

Draft Cyber Sciences Knowledge Areas Cyber Education Project Learning Outcomes Committee David Gibson and Beth Hawthorne, Co-chairs October 2015

Computer Science Department United States Naval Academy. With Knowledge we Serve our Friends... With Knowledge we Defeat our Enemies

Cyber Education: A Multi-Level, Multi-Discipline Approach

Cyber Exercises, Small and Large

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

THE SYSTEMS ENGINEERING MAJOR AT A GLANCE

Providing an Undergraduate Research Experience in a Senior Level Security Course

Subject knowledge requirements for entry into computer science teacher training. Expert group s recommendations

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

USF Graduate Catalog SECTION 18.

EECS 588: Computer and Network Security. Introduction

Educational Requirement Analysis for Information Security Professionals in Korea

[CEH]: Ethical Hacking and Countermeasures

Certified Cyber Security Analyst VS-1160

COMPUTER SECURITY AND IMPACT ON COMPUTER SCIENCE EDUCATION

Cyber DTU. Lars Ramkilde Knudsen

EECS 588: Computer and Network Security. Introduction January 14, 2014

Eastern Washington University Department of Computer Science. Questionnaire for Prospective Masters in Computer Science Students

Bachelor of Science in Information Technology. Course Descriptions

Texas A&M University -- College of Engineering -- Department of Computer Science & Engineering Undergraduate Degree Plan in Computer Science (CPSC)

167 th Air Wing Fast Track Cyber Program Blue Ridge Community and Technical College

EC Council Certified Ethical Hacker V8

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Accelerated Bachelor of Science/Master of Science in Computer Science. Dual Degree Program

Computer Science/Software Engineering

MASTER OF SCIENCE IN COMPUTER AND INFORMATION SYSTEMS

Cyber threats are growing.

Degrees Major in Computer Science Minor in Computer Science Major in Software Engineering

Computer Security & Information Assurance MS Program

Introduction to Information Technology

OKLAHOMA SUBJECT AREA TESTS (OSAT )

MANAGEMENT INFORMATION SYSTEMS PROGRAM

Masters in Human Computer Interaction

Masters in Advanced Computer Science

The Open Cyber Challenge Platform *

A B.S. Degree in Informatics: Computer Science in Context

An Information Assurance and Security Curriculum Implementation

Masters in Artificial Intelligence

HANDBOOK FOR THE APPLIED AND COMPUTATIONAL MATHEMATICS OPTION. Department of Mathematics Virginia Polytechnic Institute & State University

k. p MIS program section is replaced with following content.

Multi-core Curriculum Development at Georgia Tech: Experience and Future Steps

Transcription:

Integrating Software Assurance and Secure Programming Concepts and Mindsets into an Undergraduate Computer Science Program Striving to Achieve the Goals of the SEI/CERT Software Assurance Curriculum Project (Undergraduate ) Steve Hadfield U.S. Air Force Academy, Department of Computer Science

Realization In an outcome-based curriculum, some outcomes need to be purposefully developed across courses and years. Result A retrospective, outcome-based look at an existing curriculum (Felder & Brent)

Key Cross Curricular Initiative Software Engineering Discipline Ethical, Legal, Social Issues Research Skills Communications Skills Needs Analysis, Requirements Elaboration, Design Testing Rigor, Quality Assurance Moral Frameworks & Decision Making Ethical Codes (IEEE, ACM, Software Engineering) Literature Review, Framing/Scoping Topics, Hypotheses Investigation, Support of Conclusion, Reporting Oral Presentations Written Communications Team Work Security & Software Assurance Team Building, Team Maintenance Pair Programming, Four-Five Member Team Dynamics Secure Programming Cyber Security

Security & Software Assurance SEI/CERT SwA Curriculum USAFA Computer Science Computer Science I Computer Science I Computer Science II Computer Science II Intro to Computer Security Computer Security & Information Warfare Software Security Engineering Software Quality Assurance Software Assurance Analytics Software Engineering I Software Assurance Capstone Software Engineering II

Security & Software Assurance Initiative Sophomore Year Computer Science I - Intro to Programming Input interpretation validation, array bounds checking Integer overflow, error/exception handling, file I/O issues Computer Science II Data Abstraction Pre- and post-conditions, more advanced debugging Testing & debugging techniques, reinforce CS I topics Computer Organization & Architecture Data type overflow, divide-by-zero, round-off error Stack overflows

Security & Software Assurance Initiative Junior Year Programming Paradigms Memory allocation/deallocation, termination conditions Stack/buffer overflows and protections, type safety Operating Systems Deadlock issues, race conditions, system calls Signals, file system security Databases & Web Programming Defense against SQL injection attacks Cross site scripting attacks Networks Secure protocols, wireless encryption, Man-in-the-Middle attacks Adversarial view of protocols, network access control

Security & Software Assurance Initiative Senior Year Languages & Machines (compilers & language theory) Type checking mechanisms, array bounds checking mechanisms Translation to machine language Computer Security & Information Warfare Security & threat models Range of security strategies and techniques Software Engineering I Security requirements, security analysis of system design, risk management Formal test plans/procedures/reports Integration/system/regression/smoke/stress/security testing Software Engineering II Introduction to Formal Methods Reengineering & forward engineering

Software Assurance & Security for ALL Algorithmic Reasoning Cyber Security Input Validation Information Security Exception Prevention Cryptography Requirements Analysis Cyber Warfare & Crime Incremental Build/Test Offensive Cyber Ops Defensive Cyber Ops

Public Key Infrastructure

Enrichment Activities Interdisciplinary Courses Cyber Law Cyber Security Policy & Politics Information & Cyberspace Operations

Enrichment Activities Defensive Competitions Cyber Patriot www.uscyberpatriot.org www.nationalccdc.org/ Collegiate Cyber Defense Competition Cyber Defense Exercise

Vectors Professionals Comp Sci, Info Sys, Info Tech, MIS Curricular & pedagogical resources General Awareness Personal awareness & defense Bigger issues enterprise, national, global Specialization Defense is the hard job Funding for developing experts

Steve Hadfield Steven.Hadfield@usafa.edu

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information