Mainstreaming Cybersecurity Research and Practice into Undergraduate Education

将网络安全研究和实践纳入本科教育主流

• 批准号: 0306105
• 负责人: Shivakant Mishra
• 金额: --
• 依托单位: University of Colorado at Boulder
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2003
• 资助国家: 美国
• 起止时间: 2003-09-01 至 2008-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0306105&HistoricalAwards=false
• 关键词: Mainstreaming; Cybersecurity; Research; Practice; into

0306105Shivakant MishraUniversity of Colorado BoulderMainstreaming Cybersecurity Research and Practice into Undergraduate Education$539,999This is a very timely project that addresses the education of undergraduates about the field of cyber-security. Included in the project activities are the creation of a "cyber-security house", an applied cyber-security course, and a cyber-security repository for broad dissemination of the materials and results from the project. While national security is critically dependent on a continuous and correct functioning of modern computing systems, current, state-of-the-art computing systems typically do not meet the stringent requirements of security, availability, fault-tolerance, and high performance. The 2001 Computer Crime and Security Survey from CSI/FBI describes two disturbing characteristics:(1) The number of computer crimes and security breaches are increasing, and (2) The total financial loss due to computer crimes and security breaches is increasing. One possible reason for this weakness of modern computing systems is that there is a severe shortage of skilled security professionals, resulting in a large number of computing systems being constructed by people who do not have adequate understanding of basic security principles. A fundamental reason for the shortage of security practitioners is that the principles and practices of security are typically not well covered in undergraduate education and only a handful of undergraduate programs in the USA even offer a course on computer security. The PI hypothesizes that fundamentally new mechanisms, which go beyond traditional classroom settings, are needed to address the current weaknesses associated with cyber-security technology and education. The overall goal of the project is to prepare a work force that is aware of system vulnerabilities, as well as a cadre of professionals that are knowledgeable about the recognized, best, and latest principles and practices available in security and information assurance. This project focuses on six activities: 1. Development of a "cyber-security house" to permit undergraduate students to learn and experiment with security principles and practices throughout their undergraduate career. This is intended to provide students an opportunity to learn and experiment with the latest cyber-security technology, keep up with the fast pace of change in cyber-security technology, and interact with other undergraduate students at different stages in their undergraduate careers. 2. Development of a new undergraduate course on applied cyber-security. This course provides hands-on experience with using the latest security tools, and designing and implementing secure systems. 3. Development of a repository of cyber-security education-related materials, making them available via the Web. The goal is to provide useful materials that are beyond course syllabi and lecture notes. 4. Dissemination of the results from this project to the CISE community. The methods for dissemination includes collaborating with faculties and students from other institutions via workshops, a TA training program, making course materials available on the Web, and publication and participation in CISE education-related conferences. 5. Increasing participation in the project activities of underrepresented groups by involving faculty and student from historically black colleges and universities, and other minority institutions. 6. Evaluation of the project results at regular intervals, and making modifications or extensions a needed. This evaluation will be based on the inputs from the students who take the new course and participate in the cyber-security house, industry who employ these students, and the instructors who teach the new course or supervise student in the cyber-security house. An important aspect of this project is the inclusion of survivability as an integral aspect of the educational topics proposed. Rather than focusing on the more traditional attack/detection paradigm, students are taught how to design software systems that are less vulnerable to attack and that are designed to survive such attack and provide some level of continuing service.

0306105 Shivakant Mishra科罗拉多大学博尔德将网络安全研究和实践纳入本科教育主流$539，999这是一个非常及时的项目，旨在解决本科生对网络安全领域的教育。项目活动包括创建一个“网络安全之家”，一个应用网络安全课程，以及一个网络安全存放处，以广泛传播项目的材料和成果。虽然国家安全严重依赖于现代计算系统的连续和正确的功能，但是当前的最先进的计算系统通常不满足安全性、可用性、容错性和高性能的严格要求。CSI/FBI的2001年计算机犯罪和安全调查描述了两个令人不安的特征：（1）计算机犯罪和安全漏洞的数量正在增加，以及（2）由于计算机犯罪和安全漏洞造成的总经济损失正在增加。现代计算系统的这种弱点的一个可能原因是，熟练的安全专业人员严重短缺，导致大量计算系统由对基本安全原则没有足够理解的人构建。安全从业人员短缺的一个根本原因是，安全的原则和实践通常没有很好地涵盖在本科教育和只有少数本科课程在美国甚至提供计算机安全课程。PI假设，需要超越传统课堂环境的全新机制来解决当前与网络安全技术和教育相关的弱点。该项目的总体目标是培养一支了解系统漏洞的工作队伍，以及一支了解安全和信息保证领域公认的最佳和最新原则和做法的专业人员队伍。该项目侧重于六项活动：1。开发一个“网络安全之家”，让本科生在整个本科生涯中学习和实验安全原则和实践。这旨在为学生提供学习和实验最新网络安全技术的机会，跟上网络安全技术的快速变化，并在本科生涯的不同阶段与其他本科生互动。2.开发新的应用网络安全本科课程。本课程提供使用最新安全工具以及设计和实施安全系统的实践经验。3.建立一个网络安全教育相关材料库，通过网络提供。目标是提供课程大纲和课堂讲稿之外的有用材料。4. 将该项目的成果传播给CISE社区。传播的方法包括通过讲习班与其他机构的教师和学生合作，技术援助培训方案，在网上提供课程材料，以及出版和参加CISE教育相关会议。5.通过让历史上的黑人学院和大学以及其他少数民族机构的教师和学生参与，增加代表性不足群体的项目活动的参与。6.定期评估项目结果，并根据需要进行修改或扩展。这项评估将基于参加新课程并参加网络安全机构的学生，雇用这些学生的行业以及在网络安全机构教授新课程或监督学生的教师的投入。该项目的一个重要方面是将生存能力作为拟议教育专题的一个组成部分。而不是专注于更传统的攻击/检测范式，学生们被教导如何设计软件系统，是不容易受到攻击，旨在生存这种攻击，并提供一定程度的持续服务。