SaTC:EDU: Enhancing Security Education in Hybrid Mobile and Internet of Things Firmware through Inclusive, Engaging, Learning Modules (E-SHIIELD)

SaTC:EDU：通过包容性、参与性学习模块加强混合移动和物联网固件的安全教育 (E-SHIIELD)

• 批准号: 1947295
• 负责人: Meera Sridhar
• 金额: $ 42.87万
• 依托单位: University of North Carolina at Charlotte
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-12-15 至 2024-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1947295&HistoricalAwards=false
• 关键词: SaTC; EDU; Enhancing; Security; Education

Improvements in advanced cybersecurity education are necessary to strengthen the nation’s cybersecurity workforce, including efforts to ensure diversity in the cybersecurity workforce. This project has two overarching goals: (1) to develop curricular materials relating to web-based (hybrid) mobile apps and Internet of Things (IoT) firmware security, and (2) to strengthen the nation's workforce, especially for current and future generation students from underrepresented groups. Toward the above goals, this project will create and broadly deploy two courses in the web-based mobile app and IoT security technology spaces. The courses will incorporate state-of-the-art educational techniques that address challenges that instructors face in teaching these advanced cybersecurity topics. Using multiple methods of instruction and rapidly-changing course materials, the faculty will employ inclusive and engaged educational strategies for promoting diversity in advanced cybersecurity. The primary goals of this project are to develop, deploy, evaluate and disseminate course modules in the areas of hybrid mobile apps and IoT firmware security. The courses will be designed as stackable modules for easy integration into existing courses, and broadly disseminated under a Creative Commons license. Additionally, the courses will be designed to align with NSA/DHS Centers for Academic Excellence (CAE) Knowledge Unit requirements to incentivize CAE institutions to adopt them. The scope of the course modules will range from junior and senior level undergraduate courses to graduate level courses. Modules will target students pursuing various degree programs in cybersecurity at the University of North Carolina at Charlotte (UNCC) and extend more broadly to students pursuing Computer Science degrees at UNCC and other institutions. Specifically, the project will train faculty at five North Carolina universities (including HBCUs and community colleges) on the course modules, to deploy them at their universities. The project will also include a K-12 IoT Roadshow at five Title I Charlotte-Mecklenburg Schools. The course modules will adopt the Inclusive Curriculum Framework and mploy state-of-the-art educational strategies aimed towards improved student learning and engagement. Modules will support multiple class modalities (face-to-face, hybrid, online). The course modules will also ensure accessibility and inclusivity in the concept, content, delivery, assessment, feedback and review. This project is supported by the Secure and Trustworthy Cyberspace (SaTC) program, which funds proposals that address cybersecurity and privacy, and in this case specifically cybersecurity education. The SaTC program aligns with the Federal Cybersecurity Research and Development Strategic Plan and the National Privacy Research Strategy to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

改进高级网络安全教育对于加强国家网络安全劳动力是必要的，包括努力确保网络安全劳动力的多样性。该项目有两个主要目标：(1)开发与基于网络的(混合)移动应用程序和物联网(IoT)固件安全相关的课程材料；(2)加强国家劳动力队伍，特别是针对来自代表性不足群体的当前和未来一代学生。为了实现上述目标，该项目将在基于网络的移动应用和物联网安全技术领域创建并广泛部署两门课程。这些课程将融入最先进的教育技术，以解决教师在教授这些高级网络安全主题时面临的挑战。使用多种教学方法和快速变化的课程材料，该学院将采用包容性和参与性的教育战略，促进先进网络安全的多样性。该项目的主要目标是开发、部署、评估和传播混合移动应用和物联网固件安全领域的课程模块。这些课程将被设计为可堆叠的模块，以便轻松整合到现有课程中，并根据知识共享许可证广泛传播。此外，这些课程的设计将与NSA/国土安全部卓越学术中心(CAE)知识单位的要求保持一致，以激励CAE机构采用这些要求。课程单元的范围将从初级和高级本科课程到研究生课程。模块将面向在北卡罗来纳大学夏洛特分校(UNCC)攻读各种网络安全学位课程的学生，并更广泛地扩展到在UNCC和其他机构攻读计算机科学学位的学生。具体地说，该项目将对北卡罗来纳州五所大学(包括HBCU和社区学院)的教师进行课程模块方面的培训，以便将其部署到各自的大学。该项目还将包括在五所第一书名夏洛特-梅克伦堡学校举行的K-12物联网路演。课程单元将采用包容性课程框架，并采用旨在改善学生学习和参与的最新教育战略。模块将支持多种课程模式(面对面、混合、在线)。课程单元还将确保概念、内容、交付、评估、反馈和审查的可及性和包容性。这个项目得到了安全和值得信赖的网络空间(SATC)计划的支持，该计划为解决网络安全和隐私问题的提案提供资金，在这种情况下，特别是网络安全教育。SATC计划与联邦网络安全研究和发展战略计划和国家隐私研究战略保持一致，以保护和维护网络系统日益增长的社会和经济效益，同时确保安全和隐私。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Interactive Program Visualization to Teach Stack Smashing: An Experience Report

交互式程序可视化教学堆栈粉碎：经验报告

• DOI: 10.53735/cisse.v10i1.164
• 发表时间: 2023
• 期刊: Journal of The Colloquium for Information Systems Security Education
• 作者: Ramaprasad, Harini;Sridhar, Meera;Akeyson, Erik
• 通讯作者: Akeyson, Erik

From DDoSim to DDoSimQ: Enhancing ddos attack simulations through full system emulation

从 DDoSim 到 DDoSimQ：通过完整的系统仿真增强 ddos​​ 攻击模拟

• 发表时间: 2023
• 期刊: 5th Workshop on CPS & IoT Security and Privacy 2023
• 作者: Islam Obaidat;Zachary Palko;Meera Sridhar
• 通讯作者: Meera Sridhar

Creating a Large-scale Memory Error IoT Botnet Using NS3DockerEmulator

• DOI: 10.1109/dsn58367.2023.00051
• 发表时间: 2023-06
• 期刊: 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
• 作者: Islam Obaidat;Bennett Kahn;Fatemeh Tavakoli;Meera Sridhar

Criminal Investigations: An Interactive Experience to Improve Student Engagement and Achievement in Cybersecurity Courses

犯罪调查：提高学生网络安全课程参与度和成绩的互动体验

• DOI: 10.1145/3478431.3499417
• 发表时间: 2022
• 期刊: ACM Technical Symposium on Computer Science Education
• 作者: Hall, John Grady;Mohanty, Abhinav;Murarisetty, Pooja;Nguyen, Ngoc Diep;Bahamón, Julio César;Ramaprasad, Harini;Sridhar, Meera
• 通讯作者: Sridhar, Meera