SaTc: EDU: Collaborative: An Assessment Driven Approach to Self-Directed Learning in Secure Programming (SecTutor)

SaTc：EDU：协作：安全编程中自我导向学习的评估驱动方法（SecTutor）

• 批准号: 1934279
• 负责人: Matt Bishop
• 金额: $ 15.1万
• 依托单位: University of California-Davis
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1934279&HistoricalAwards=false
• 关键词: SaTc; EDU; Collaborative; Assessment; Driven

The field of software development needs developers to write secure code, as well as to continuously respond to evolving threats and adapt system designs to meet new security needs. This requires developers to gain a deep understanding of foundational concepts in secure programming, and continuously learn and practice defensive, secure, and robust coding. Given the current lack of consistent and comprehensive secure programming training in most computing programs, and the need for any training to evolve to meet new requirements, it is essential to have mechanisms that make secure programming training adaptive and intelligent. The goal for this project is to develop one such mechanism, named SecTutor, which is a dual-purpose adaptive testing and intelligent tutoring system. Using SecTutor, learners will be able to identify their current missing knowledge and areas of misunderstanding in secure programming, and access content to improve learning at their own pace. SecTutor will provide immediate feedback and learning analytics to motivate and guide learners.The project will take an assessment-driven approach for personalized, self-directed learning: a rigorous assessment tests the learner's level of knowledge and skill so that the intelligent tutoring system can calibrate the instruction directly to the learner. Specifically, the first step of the project will be to construct an adaptive test to diagnose learners' current level of foundational understanding in secure programming. This adaptive test will be based on a rigorously constructed secure programming concept inventory. This test will also diagnose what topics the learner is finding difficult or is fundamentally not understanding. The next step of the project will be to build an intelligent tutorial system that will provide both content and guidance for the learner to master secure programming concepts and skills. The third step will be to incorporate learning analytics into the system that will not only provide feedback to individual learners, but also provide mechanisms for instructors to gather information about their learners, compare them to other demographics, analyze secure programming questions, and adapt their curriculum to address specific challenges or customized requirements. SecTutor will eventually be integrated into other existing secure programming resources and will be adopted broadly for secure programming training.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

软件开发领域需要开发人员编写安全的代码，以及不断响应不断变化的威胁和调整系统设计以满足新的安全需求。这要求开发人员对安全编程中的基本概念有深入的理解，并不断学习和实践防御性、安全性和健壮性的编码。鉴于目前在大多数计算程序中缺乏一致和全面的安全编程培训，并且需要任何培训来发展以满足新的需求，因此有必要具有使安全编程培训自适应和智能化的机制。这个项目的目标是开发一个这样的机制，名为SecTutor，这是一个双重用途的自适应测试和智能辅导系统。使用SecTutor，学习者将能够识别他们目前在安全编程中缺少的知识和误解领域，并根据自己的进度访问内容以改进学习。SecTutor将提供即时反馈和学习分析，以激励和指导学习者。该项目将采用评估驱动的方法进行个性化、自主学习：严格的评估测试学习者的知识和技能水平，以便智能辅导系统可以直接对学习者进行校准指导。具体来说，该项目的第一步将是构建一个自适应测试，以诊断学习者目前对安全编程的基础理解水平。此自适应测试将基于严格构建的安全编程概念清单。这个测试也会诊断出哪些话题是学习者觉得困难或根本不理解的。该项目的下一步将是建立一个智能教程系统，为学习者掌握安全编程概念和技能提供内容和指导。第三步是将学习分析整合到系统中，这不仅将为个别学习者提供反馈，还将为教师提供机制，以收集有关学习者的信息，将他们与其他人口统计数据进行比较，分析安全编程问题，并调整他们的课程以应对特定挑战或定制需求。SecTutor最终会整合到其他现有的安全编程资源中，并广泛用于安全编程培训。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

SecTutor: An Intelligent Tutoring System for Secure Programming

SecTutor：安全编程智能辅导系统

• 发表时间: 2022
• 期刊: Springer
• 作者: Ngambeki, Ida;Bishop, M.;Dai, Jun;Nico, Phillip;Mian, Shiven;Thao, Ong;Huynh, T. N.;Chance, Z.;Alhasan, Isslam;Afolabi, M.
• 通讯作者: Afolabi, M.

Validation of a Secure Programming Concept Inventory

安全编程概念清单的验证

• 发表时间: 2023
• 期刊: SIGCSE 2023: Proceedings of the 54th ACM Technical Symposium on Computer Science Education; ACM Digital Library
• 作者: Ngambeki, I.;Bishop, M.;Dai, J.;Nico, P.
• 通讯作者: Nico, P.