Security Injections: Promoting Responsible Coding and Building a Community of Security Ambassadors

安全注入：促进负责任的编码并建立安全大使社区

• 批准号: 1241738
• 负责人: Siddharth Kaza
• 金额: $ 45.19万
• 依托单位: Towson University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2016-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1241738&HistoricalAwards=false
• 关键词: Security; Injections; Promoting; Responsible; Coding

Information Assurance (IA) requires pervasive action to prepare all computing graduates to meet the current and future cybersecurity challenges. The challenges to this are significant: instructors who are untrained in computer security, lack of teaching resources, and introductory classes overloaded with course material. The Security Injections@Towson project includes over 40 security injection modules that target key security concepts including integer overflow, buffer overflow, and input validation to be used in introductory computer science courses. Research results show that these security injection modules lead to an increase in the ability of students to remember, comprehend, and apply secure coding principles. This project builds on the success of the security injection modules. The project team and its partners (from the ACM Committee for Computing Education in Community Colleges, three NSF Advanced Technological Education (ATE) centers, and several diverse institutions) focus on community building and effective national dissemination to reach more students and faculty. Community building efforts include 1) a Security Ambassadors program with faculty who teach and encourage others to teach responsible coding, 2) a Build-A-Lab program to grow teaching resources and increase faculty engagement, knowledge, and sense of ownership, and 3) Short IA pedagogy courses at ATE centers and educational conferences. Project dissemination is synergistic with community building efforts, using short courses at conferences, workshops, outreach through ATE centers, and the security ambassadors to facilitate module adoption at two and four year institutions. All resources will also be submitted to the NSDL Computing Pathway - Ensemble and other venues. The community-building and disseminating strategy uses discrete one-time workshops (short courses), long-range professional development (Build-A-Lab), and the involvement faculty as the source of change through the Security Ambassador program. The team brings strengths in undergraduate curriculum development, education research, capacity-building experience, and the perspective of diverse institutions, including a historically-black university and community colleges.

信息保障（IA）需要采取普遍行动，使所有计算机毕业生做好准备，以应对当前和未来的网络安全挑战。这方面的挑战是巨大的：教师谁是未经培训的计算机安全，缺乏教学资源，以及与课程材料超载的入门课程。 Security Injections@Towson项目包括40多个安全注入模块，这些模块针对关键的安全概念，包括整数溢出，缓冲区溢出和输入验证，用于入门计算机科学课程。研究结果表明，这些安全注入模块导致学生记忆，理解和应用安全编码原则的能力提高。该项目建立在安全注入模块的成功之上。项目团队及其合作伙伴（来自社区学院计算机教育ACM委员会，三个NSF高级技术教育（ATE）中心和几个不同的机构）专注于社区建设和有效的全国传播，以覆盖更多的学生和教师。社区建设工作包括：1）与教授和鼓励他人教授负责任编码的教师一起开展的安全大使计划，2）建立一个实验室计划，以增加教学资源并增加教师的参与度，知识和所有权感，以及3）ATE中心和教育会议的短期IA教学法课程。项目传播与社区建设工作是协同的，利用会议，研讨会，通过ATE中心和安全大使推广的短期课程，以促进两年和四年制机构的模块采用。所有资源也将提交给NSDL计算途径- Ensemble和其他场所。社区建设和传播战略使用离散的一次性讲习班（短期课程），长期专业发展（建立一个实验室），并参与教师通过安全大使计划的变化的来源。该团队带来了本科课程开发，教育研究，能力建设经验和不同机构的观点，包括历史上的黑人大学和社区学院的优势。