Collaborative Research: Broadening Secure Mobile Software Development (SMSD) Through Curriculum and Faculty Development

合作研究：通过课程和师资发展拓宽安全移动软件开发 (SMSD)

• 批准号: 1723578
• 负责人: Hossain Shahriar
• 金额: $ 16.95万
• 依托单位: Kennesaw State University Research and Service Foundation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-08-15 至 2022-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1723578&HistoricalAwards=false
• 关键词: Collaborative; Research; Broadening; Secure; Mobile

The computing landscape is rapidly moving towards mobile computing, and security threats to mobile devices are also keeping up pace. Most security vulnerabilities should be addressed in the mobile software development phase; however, many development professionals are not aware of the importance of mitigating security vulnerabilities, and lack the requisite security knowledge and skills to prevent them at the development stage. The combination of the prevalence of mobile devices and the rapid growth of mobile threats has resulted in a shortage of mobile-security professionals. Education for secure mobile application development is in big demand in IT fields. More and more schools are teaching mobile application development or related courses. However, educational materials and curricula focusing on Secure Mobile Software Development (SMSD) are still sparse. In this project, three universities with prior collaboration records and complementary expertise in mobile security and computing education: Tuskegee University, Kennesaw State University, and Worcester Polytechnic Institute, are collaboratively building research and education capacity in secure mobile software development through three venues: (1) curriculum development and enhancement with eight transferrable learning modules including companion hands-on labs on mobile coding; (2) institutional and faculty development with annual onsite faculty summer workshops and online webinars; and (3) an innovative open source SMSD API plugin for real world Android Studio IDE.The investigators are developing instructional materials, including eight transferable modules with hands-on labs that cover key topics in SMSD, an open source SMSD API plugin for the popular Android Studio IDE, as well as integrating the modules into existing computer science and information assurance courses such as Mobile Security, and hosting workshops and webinars to disseminate the curriculum materials to faculty at other institutions. Through these efforts, the project aims to: (1) build institutional capacity on curricula, student learning, and faculty collaboration and development; (2) broaden participation of minority students in SMSD; and (3) build the capacity in SMSD education among the academic community nationwide with the modular nature of the developed materials.

计算领域正迅速向移动的计算发展，而对移动的设备的安全威胁也在跟上步伐。大多数安全漏洞应该在移动的软件开发阶段解决;然而，许多开发专业人员没有意识到减轻安全漏洞的重要性，并且缺乏必要的安全知识和技能来在开发阶段防止它们。移动的设备的普及和移动的威胁的快速增长导致了移动安全专业人员的短缺。IT领域对安全移动的应用程序开发的教育需求很大。越来越多的学校开始教授移动的应用开发或相关课程。然而，专注于安全移动的软件开发（SMSD）的教育材料和课程仍然很少。在这个项目中，三所在移动的安全和计算教育方面有合作记录和互补专业知识的大学：塔斯基吉大学、肯尼索州立大学和伍斯特理工学院，正在通过三个地点合作建立安全移动的软件开发方面的研究和教育能力：（1）课程发展及提升，提供八个可转移的学习单元，包括移动的编码实验室;（2）机构和教师的发展与年度现场教师暑期讲习班和在线研讨会;以及（3）一个创新的开源SMSD API插件，用于真实的Android Studio IDE。研究人员正在开发教学材料，包括8个可转移模块，其中包含涵盖SMSD关键主题的动手实验，为流行的Android Studio IDE开发一个开源SMSD API插件，并将这些模块集成到现有的计算机科学和信息保障课程中，如移动的安全，并举办研讨会和网络研讨会，向其他机构的教师分发课程材料。通过这些努力，该项目旨在：（1）建设课程、学生学习和教师合作与发展方面的机构能力;（2）扩大少数民族学生对SMSD的参与;（3）利用所编写材料的模块性质，在全国学术界建设SMSD教育的能力。

项目成果

OWASP Risk Analysis Driven Security Requirements Specification for Secure Android Mobile Software Development

OWASP 风险分析驱动的安全 Android 移动软件开发安全需求规范

• DOI: 10.1109/desec.2018.8625114
• 发表时间: 2018
• 期刊: 2018 IEEE Conference on Dependable and Secure Computing (DSC
• 作者: Qian, Kai;Parizi, Reza M.;Lo, Dan
• 通讯作者: Lo, Dan

Enhancing Proactive Control Mobile and Web Software Security Education with Hands-on Labware

通过动手实验室软件加强主动控制移动和 Web 软件安全教育

• 发表时间: 2020
• 期刊: Software and Applications (COMPSAC
• 作者: Shahriar, Hossain;Qian, Kai;Shalan, Atef;Wu, Fan
• 通讯作者: Wu, Fan

Attacks and Mitigation Techniques for Iris-based Authentication Systems

基于虹膜的身份验证系统的攻击和缓解技术

• 发表时间: 2020
• 期刊: Software and Applications (COMPSAC
• 作者: Etienne, Laeticia;Shahriar, Hossain
• 通讯作者: Shahriar, Hossain

A Transfer Learning with Deep Neural Network Approach for Network Intrusion Detection

用于网络入侵检测的深度神经网络迁移学习方法

• 发表时间: 2021
• 期刊: International journal of intellligent computing research
• 作者: Mohammad Masum, Hossain Shahriar

Distributed Denial of Service Attack Detection

分布式拒绝服务攻击检测

• 发表时间: 2020
• 期刊: National Cyber Summit
• 作者: Blue, Travis;Shahriar, Hossain
• 通讯作者: Shahriar, Hossain