three strands in security education n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Three Strands in Security Education PowerPoint Presentation
Download Presentation
Three Strands in Security Education

Loading in 2 Seconds...

play fullscreen
1 / 29

Three Strands in Security Education - PowerPoint PPT Presentation


  • 120 Views
  • Uploaded on

Three Strands in Security Education. Tadayoshi Kohno. Three Main Strands. Overall security awareness: Control-Alt-Hack (funded by Intel and NSF) Game development completed Evaluation: surveys and play sessions W/ Tamara Denning, Adam Lerner, and Adam Shostack

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Three Strands in Security Education' - billy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
three main strands
Three Main Strands
  • Overall security awareness: Control-Alt-Hack (funded by Intel and NSF)
    • Game development completed
    • Evaluation: surveys and play sessions
    • W/ Tamara Denning, Adam Lerner, and Adam Shostack
  • Overall security awareness, security thinking, and threat modeling: Security and Privacy Thread Discovery Cards (funded by NSF)
    • Cards largely completed
    • Preparing for distribution
    • W/ Tamara Denning, Batya Friedman, Daisy Fry, Nell Grey, and Daisy Yoo
  • Security throughout the curriculum: Book audit (funded by Intel)
    • Started
    • W/ Miles Sackler
security and games
Security and Games
  • [d0x3d!]
  • Exploit!
  • Elevation of Privilege
  • Protection Poker
  • CyberCIEGE
  • CyberProtect
  • Capture the flag competitions
key concepts covered
Key Concepts Covered
  • Computer security is important for all items with computers
  • Vulnerabilities can come in a variety of shapes and forms
  • Diversity of attack techniques, creativity of attackers, and attacker motivations
strategies for use
Strategies for Use
  • Just play (e.g., leave in student lounge, or play with friends)
  • Play in class (may not work with all classrooms, e.g., graduate students vs high school AP classes)
  • Non-play classroom activities
    • Cards + game mechanics used as “starting off points” (e.g., pick two mission cards and discuss risks; create new cards)
adversary s resources
Adversary’s Resources

Note: Old text and photos

adversary s methods
Adversary’s Methods

Note: Old text and photos

adversary s motivations
Adversary’s Motivations

Note: Old text and photos

human impact
Human Impact

Note: Old text and photos

usage scenarios
Usage Scenarios
  • Classroom activity examples
    • Audit specific technology
    • Use cards as “starting off” point
  • In industry
    • Does not replace threat modeling process
    • But our belief is that it can help creativity during a threat modeling process
book audit
Book Audit
  • Background:
    • Many students take lower-level computing courses
    • Fewer students take security courses, and even when they do they might be senior students (and have developed many habits along the way)
    • Introductory text books don’t necessarily address security
  • Goal:
    • Audit lower-level undergraduate textbooks from a security perspective
status
Status
  • In progress
  • Auditing books (two independent auditors per book)
  • Labeling security concerns with the “CWE/SANS Top 25 Most Dangerous Software Errors” codeshttp://cwe.mitre.org/top25/#Listing
three main strands1
Three Main Strands
  • Overall security awareness: Control-Alt-Hack (funded by Intel and NSF)
    • Game development completed
    • Evaluation: surveys and play sessions
    • W/ Tamara Denning, Adam Lerner, and Adam Shostack
  • Overall security awareness, security thinking, and threat modeling: Security and Privacy Thread Discovery Cards (funded by NSF)
    • Cards largely completed
    • Preparing for distribution
    • W/ Tamara Denning, Batya Friedman, Daisy Fry, Nell Grey, and Daisy Yoo
  • Security throughout the curriculum: Book audit (funded by Intel)
    • Started
    • W/ Miles Sackler
social engagement quotes
Social/Engagement Quotes
  • 56 undergraduates, Cyber-Security and Information Awareness: “It worked as a way to break the ice and get students from diverse majors get to know each other and get thinking about the topics of the course.”
  • 27 undergraduates, Computer and Network Security: “I just wanted to reiterate how great my students thought the game was! The students begged me to leave the game in the student lounge so they could continue to play, and from what I hear it’s made a trip or two out to our weekly majors night at the pub.”
awareness quotes
Awareness Quotes
  • 60 high school students, Computers and Information Technology: “The game did not necessarily teach security methods, but it did a great job of teaching vocabulary and literacy.”...“It increased awareness of my program, and it got more students interested in computer science.”
  • 27 undergraduates, Computer and Network Security: “They really got into it and there was a lot of strategizing”...“They were mainly focused on causing pain to their classmates, but as I wandered around the room I heard some great discussions about the tradeoffs of choosing various hackers’ skill sets, what various missions meant, etc.”
critiques
Critiques
  • Game does take time to play, and time to learn
  • Expectations not set correctly: Game does not teach technical skills
    • “The game could use more specificity around computer activity. My students were hoping for a higher level of rigor.”
    • “Since we approached the game expecting to be tested on our knowledge of vulnerabilities and penetration techniques, we were dissatisfied in that manner, but we enjoyed the overall concept.”
overall
Overall
  • 13 of 14 educators who used the game in their classrooms reported that they would suggest the game to others
  • 10 said they would use the game again
    • 2 more said they would use with different students or as out-of-class activities