1 / 20

Building Security In: Workshop – August 2009

Building Security In: Workshop – August 2009. Anne Arundel Community Bowie State University Community College of Baltimore County Harford Community College Towson University. Today's Goals. Project: Overview & Status Implementation Details Plan , revise, brainstorm, etc. Agenda.

maggie-wiley
Download Presentation

Building Security In: Workshop – August 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building Security In:Workshop – August 2009 Anne Arundel Community Bowie State University Community College of Baltimore County Harford Community College Towson University

  2. Today's Goals • Project: Overview & Status • Implementation Details • Plan, revise, brainstorm, etc...

  3. Agenda • 10:00-11:00 Introductions Overview Progress from Year 1 Help with assessment? • 11:00-11:15 Plans for Year 2 Details Process • 11:15-12:00 Sample Module + Feedback? Scheduling • 12:00-1:00 Working lunch Sign up on wiki: securityinjections.wikispaces.com What does it take to get this model to be useful? What works? What doesn't? How do we make these materials more effective? Encourage others to use them? • 1-1:15 Wrap-up

  4. OverviewProject Goals and Motivations • Importance of Security • Security Tracks and classes • Too little too late • Insecure coding techniques • Security Injections • Early and often • Minimally invasive

  5. Overview Security Injection Modules • Secure coding “big three” • Integer overflow • Buffer overflow • Input validation • CIS0 • Phishing • Passwords • Confidentiality/Authentication/Integrity • Format of modules • Background – description, risk, examples • Lab Assignment • Checklist • Discussion Questions • Java/C++ versions • Wiki: Securityinjections.wikispaces.com

  6. OverviewSurvey • Sample questions: • What are the possible consequences of insufficient computer security? • Integer overflow occurs.. • demographic questions • Online • http://studentvoice.com/towson/securityawareness09 • Beginning and end of semester • Course names? • CS0, CS1, CS2, Computer Literacy

  7. OverviewKey Points • Collaborative model • TU & Bowie State develop & pilot • AACC, CCBC, Harford deploy • TU and BSU assess and revise • MAISA recreates • CS0, CS1, CS2, CIS0(Literacy), Dbase, Web, Networking

  8. Progress from Year 1 • 23 sections, 16 integrated. • CS 0 3 sections 3 integrated • CS 1 7 sections 5 integrated • CS 2 5 sections 3 integrated • CIS0 5 sections 1 integrated • COSC418 3 sections 0 integrated • 2 papers at CISSE 2009 - Colloquium for Information Systems Security Education, Seattle • Cross-site Security Integration: Preliminary Experiences across Curricula and Institutions • Cooperative Information Assurance Capacity Building

  9. Progress from Year 1:Survey - 534 Responses • Student Institutions • Bowie State 13.2% • CCBC 5.6% • Harford CC 11.4% • Towson 69.6 • Student Gender • Male 70% • Female 30% • Student Ethnicity • White 58% • Black 26% • Asian 7% • Hispanic 2% • Other 6% • Student Standing • Freshman 26% • Sophomore 29% • Junior 28% • Senior 12% • Other 5% • Student Major • Computer Science 25.3% • Computer Info Sys 29.4% • Math 6.3% • Undecided 3.4% • Other 35.0%

  10. Progress from Year 1Pretest->posttest data

  11. Progress from Year 1 Posttest scores for CS0-CS2 students significantly higher than COSC418 students

  12. Progress from Year 1Faculty Survey • 8 instructors • 6 TU + 1 Harford + 1 CCBC • 2 CS0 + 5 CS1 + 1 CS2 • Results (1-5) • Student Interest : 3 (.82 deviation) • Ease of Incorporation: 3.88 (.83) • Extent of distraction from other topics: 1.38(.74) • How helpful were the materials in improving confidence? 3.71 (.95) • Would you recommend? 5 Yes 2 Unsure 1 No answer

  13. Progress from Year 1 • What worked • With the detailed background information, the students were able to work mostly on their own without having to spend a lot of class time discussing the issues. • The idea that we can put them in the lab without much changes. I also liked that the injection was subtle without me talking to the class too much about it, they could link it to coursework implicitly. • After multiple exposure to the checklists, students seemed to get the hang of it. • What didn’t • timing was a problem. • Many students (esp. CIS students) had a difficult time connecting the programming issues to what is really happening • Students resisted reading the writeups, many skipped directly to the problems and googled unfamiliar words and concepts, despite my pointing out that the information was right there. • We need to better connect this information through questions or some other means

  14. Progress from Year 1How can we improve? • Assessment • More students + more institutions • Increase security awareness • Controlled environment – split section • Engaging faculty and students • Awareness and interest surveys • Faculty responses • Specific exercises on quizzes/exams for content

  15. Plans for Year 2 • CS0 • Deploy TU –Taylor, Dierbach ??, Bachman • Pilot/Deploy BSU ?? (we are behind) • Pilot partners • CS1 • Deploy TU – conover, zimand, raj, nadim, staff • Pilot/Deploy BSU • Pilot partners • CS2 • Pilot/Deploy TU – staff (20, hochheiser, zimand, conover • Pilot BSU • CIS0 • Pilot TU -Appiah-Kubi, Mezzanotte • Deploy BSU • Pilot AACC • CISDB • TU – pilot/deploy • Jan 2010 – workshop at CCBC?

  16. Details • materials for CS0, CS1, CS2, CIS0 available on www.securityinjections.wikispaces.com • Identify courses • Sections • Administer surveys

  17. Process • Start of semester • student survey:studentvoice.com/towson/securityawareness09 • Assign modules as appropriate/revise/improve • Use checklists • Retain 4-5 copies of assignments • Assessment • Extra credit questions in tests/exams/quizzes • End of semester • student survey • Faculty survey: http://studentvoice.com/towson/securityinjectionfaculty

  18. Security Injection Points for CS0-CS2

  19. CIS0 – where to inject? How? Security Topics Mapping Introduction to Computer Systems Hardware Data Communications and Networking Software Systems Analysis and Design Computer Systems and Organizations Ethical and Societal Issues Technological Trends Testing • Passwords • Phishing • General Security • Input validation • Risk analysis • Cryptography • Spyware/spam • Digital signature • Authorization/id/ authentication • Access control lists

  20. Questions • What will it take to make this work well? • How can we get colleagues to adopt? • What project support is needed? • What institutional support is needed? • Are there issues specific to your context that we should know about?

More Related