TY - JOUR
T1 - Software Engineering and Security
T2 - 129th ASEE Annual Conference and Exposition: Excellence Through Diversity, ASEE 2022
AU - Gary, Kevin A.
N1 - Funding Information:
There is a fair amount of open courseware available on the Internet to repurpose for security-related courses, much of it funded from federal agencies such as the National Science Foundation and the Department of Defense (NSA). Two such projects we relied on heavily were the NSF-supported SEED Security labs project (https://seedsecuritylabs.org ) from Wenliang Du at Syracuse University, and the Cybersecurity Labs and Resource Knowledge-base (CLARK, https://clark.center/home) community-building platform supported by the Department of Defense. The SEED project is an impressive 20-year project that is still being actively maintained and expanded by Dr. Du. Software Security is one of six areas of open labs supported by the project, mostly focusing on runtime vulnerabilities associated with operating system level calls. Included here are classic attacks like Buffer Overflow, Shellcode, Set-UID (elevated privileges) and Return-to-LibC. These labs come with excellent documentation, are well-maintained, and have associated instructional content if desired. However, the presentation of the labs focuses on low-level system issues and defenses, and is not presented from a software engineering perspective. The CLARK project provides a repository of 864 learning modules ranging from small units or nanomodules up through full courses, and intended audiences from Elementary school up through Graduate-level education. 22 topic areas are presently tagged in the platform ranging from Cyber Law and Policy to various deep technical areas such as Quantum Computing. There are several topic areas of interesting for software engineering educators, such as Risk Management, Reverse Engineering, Principles of Security, Human Factors, and Software Security and Secure Programming. Multiple modules within this last topic area address security from a software engineering perspective. While an extremely deep and useful collection of educational materials, it still requires a significant time investment to identify the right kinds of materials (readings, lecture materials, labs) as modules do not have a uniform convention for what may be included in them. Also, a repository of this size with a significant number of contributors will inevitably encounter maintenance issues, even though this project started relatively recently (2017).
Publisher Copyright:
© American Society for Engineering Education, 2022.
PY - 2022/8/23
Y1 - 2022/8/23
N2 - Security is a rising concern for organizations hiring undergraduates out of college in computing disciplines. This is reflected in the emerging prominence of cybersecurity related courses, certificates, and degree programs, and reflected in the most recent curricular standards guidelines. Perspectives on security recognize it as both a system discipline, meaning the inclusion of hardware, software, and networking components, and a cross-cutting skill across the major phases on the software engineering lifecycle (requirements, design, verification & validation, construction, and evolution and maintenance). Our conjecture is that there are many open and available resources for the first perspective (system) but few for the second perspective (software engineering). In this paper we share experiences creating a new junior-level security course in secure software engineering as a required course in an undergraduate accredited software engineering degree program. Specifically, and aligned with the latter perspective, we share the challenges we faced when seeking curricular resources, including open courseware repositories and textbooks, to jumpstart the development. We reflect on these experiences by providing a map of curricular resources to cross-cutting software engineering lifecycle phases, examining popular open (and usually federally funded) courseware repositories including the SEED project from Syracuse University and the Cybersecurity Labs and Resource Knowledge-base (CLARK) initiative, as well as ad hoc resources.
AB - Security is a rising concern for organizations hiring undergraduates out of college in computing disciplines. This is reflected in the emerging prominence of cybersecurity related courses, certificates, and degree programs, and reflected in the most recent curricular standards guidelines. Perspectives on security recognize it as both a system discipline, meaning the inclusion of hardware, software, and networking components, and a cross-cutting skill across the major phases on the software engineering lifecycle (requirements, design, verification & validation, construction, and evolution and maintenance). Our conjecture is that there are many open and available resources for the first perspective (system) but few for the second perspective (software engineering). In this paper we share experiences creating a new junior-level security course in secure software engineering as a required course in an undergraduate accredited software engineering degree program. Specifically, and aligned with the latter perspective, we share the challenges we faced when seeking curricular resources, including open courseware repositories and textbooks, to jumpstart the development. We reflect on these experiences by providing a map of curricular resources to cross-cutting software engineering lifecycle phases, examining popular open (and usually federally funded) courseware repositories including the SEED project from Syracuse University and the Cybersecurity Labs and Resource Knowledge-base (CLARK) initiative, as well as ad hoc resources.
UR - http://www.scopus.com/inward/record.url?scp=85138244694&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85138244694&partnerID=8YFLogxK
M3 - Conference article
AN - SCOPUS:85138244694
SN - 2153-5965
JO - ASEE Annual Conference and Exposition, Conference Proceedings
JF - ASEE Annual Conference and Exposition, Conference Proceedings
Y2 - 26 June 2022 through 29 June 2022
ER -