Authentic Learning Modules for DevOps Security Education

DevOps 安全教育的真实学习模块

基本信息

项目摘要

Information technology (IT) organizations use development and operations (DevOps) to deliver software-based services rapidly to end-users. During software development, various documents are often created. These materials, referred to as software artifacts, may include design documents, source code, risk assessments, and other project plans or documentation. Software artifacts used in DevOps yield tremendous benefits for IT organizations. However, without the secure development of these artifacts, deployed software can contain security vulnerabilities which malicious users can exploit to cause serious consequences for organizations. Therefore, students who are poised to become next-generation professionals need to be educated on (i) the consequences of security weaknesses that are commonplace in DevOps artifacts and (ii) how security weaknesses can be mitigated through secure development. This project aims to create an engaging and motivating learning environment that encourages all computer science students to learn cybersecurity integration into artifacts used for DevOps. The project has the potential to transform computer science education in the cross-cutting areas of software engineering and cybersecurity and grow a cybersecurity workforce that is well-versed in secure software development practices and techniques. Principal investigators from Tennessee Tech University, Kennesaw State University, and Tuskegee University will collaborate on developing and deploying authentic learning-based modules for DevOps security education (ALAMOSE). The ALAMOSE project will leverage authentic learning, which provides students with practical knowledge to solve real-world problems. Pre-lab content dissemination, hands-on exercise, and post-lab activities will be included. The modules will be deployed in existing cybersecurity, software engineering, and IT system security courses across the three institutions, potentially impacting students from diverse backgrounds. Faculty workshops and outreach webinars will be employed to promote the adoption of the modules and to gather and present lessons learned and experiential feedback. In addition, the modules will be available to educators nationwide through code and container sharing platforms, such as GitHub and DockerHub. This project is supported by the Secure and Trustworthy Cyberspace (SaTC) program, which funds proposals that address cybersecurity and privacy, and in this case specifically cybersecurity education. The SaTC program aligns with the Federal Cybersecurity Research and Development Strategic Plan and the National Privacy Research Strategy to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
信息技术(IT)组织使用开发和运营(DevOps)来快速向最终用户提供基于软件的服务。在软件开发过程中,经常会创建各种文档。这些材料称为软件工件,可能包括设计文档、源代码、风险评估和其他项目计划或文档。DevOps中使用的软件工件为IT组织带来了巨大的好处。然而,如果没有这些构件的安全开发,部署的软件可能包含恶意用户可以利用的安全漏洞,从而对组织造成严重后果。因此,准备成为下一代专业人士的学生需要接受以下方面的教育:(i)DevOps工件中常见的安全漏洞的后果,以及(ii)如何通过安全开发减轻安全漏洞。该项目旨在创建一个吸引人和激励性的学习环境,鼓励所有计算机科学学生学习将网络安全集成到用于DevOps的工件中。该项目有可能改变软件工程和网络安全交叉领域的计算机科学教育,并培养一支精通安全软件开发实践和技术的网络安全队伍。来自田纳西理工大学、肯尼索州立大学和塔斯基吉大学的主要研究人员将合作开发和部署用于DevOps安全教育(ALAMOSE)的真实的基于学习的模块。ALAMOSE项目将利用真实的学习,为学生提供解决现实世界问题的实用知识。将包括实验前内容传播、动手练习和实验后活动。这些模块将部署在这三个机构现有的网络安全,软件工程和IT系统安全课程中,可能会影响来自不同背景的学生。教师研讨会和外联网络研讨会将被用来促进采用的模块,并收集和介绍经验教训和经验反馈。此外,这些模块将通过代码和容器共享平台(如GitHub和DockerHub)提供给全国的教育工作者。 该项目得到了安全和值得信赖的网络空间(SaTC)计划的支持,该计划为解决网络安全和隐私问题的提案提供资金,在这种情况下,特别是网络安全教育。SATC计划与联邦网络安全研究和发展战略计划和国家隐私研究战略保持一致,以保护和维护网络系统日益增长的社会和经济效益,同时确保安全和隐私。该奖项反映了NSF的法定使命,并通过使用基金会的知识价值和更广泛的影响审查标准进行评估,被认为值得支持。

项目成果

期刊论文数量(9)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
Case Study-Based Approach of Quantum Machine Learning in Cybersecurity: Quantum Support Vector Machine for Malware Classification and Protection
基于案例研究的网络安全量子机器学习方法:用于恶意软件分类和保护的量子支持向量机
  • DOI:
    10.1109/compsac57700.2023.00161
  • 发表时间:
    2023
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Akter, Mst Shapna;Shahriar, Hossain;Iqbal Ahamed, Sheikh;Datta Gupta, Kishor;Rahman, Muhammad;Mohamed, Atef;Rahman, Mohammad;Rahman, Akond;Wu, Fan
  • 通讯作者:
    Wu, Fan
A Trustable LSTM-Autoencoder Network for Cyberbullying Detection on Social Media Using Synthetic Data
Quantum Cryptography for Enhanced Network Security: A Comprehensive Survey of Research, Developments, and Future Directions
Investigating Novel Approaches to Defend Software Supply Chain Attacks
研究防御软件供应链攻击的新方法
Adversarial Data-Augmented Resilient Intrusion Detection System for Unmanned Aerial Vehicles
无人机对抗性数据增强弹性入侵检测系统
  • DOI:
  • 发表时间:
    2023
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Asif, M;Rahman, M;Akkaya, K;Shahriar, H;Cuzzocrea, A
  • 通讯作者:
    Cuzzocrea, A
{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Hossain Shahriar其他文献

Impact of Health Information Technologies on the Quality of Healthcare Deliveries
健康信息技术对医疗服务质量的影响
LDAP Vulnerability Detection in Web Applications
Web 应用程序中的 LDAP 漏洞检测
Teaching DevOps Security Education with Hands-on Labware: Automated Detection of Security Weakness in Python
通过实践实验室软件教授 DevOps 安全教育:Python 安全漏洞的自动检测
  • DOI:
  • 发表时间:
    2023
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Mst. Shapna Akter;Juanjose Rodriguez;Hossain Shahriar;A. Rahman;Fan Wu
  • 通讯作者:
    Fan Wu
Information-Theoretic Detection of SQL Injection Attacks
SQL注入攻击的信息论检测
ACIR: An Aspect-Connector for Intrusion Response
ACIR:用于入侵响应的方面连接器

Hossain Shahriar的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

{{ truncateString('Hossain Shahriar', 18)}}的其他基金

Collaborative Research: SaTC: EDU: Authentic Learning of Machine Learning in Cybersecurity with Portable Hands-on Labware
协作研究:SaTC:EDU:使用便携式动手实验室软件对网络安全中的机器学习进行真实学习
  • 批准号:
    2100115
  • 财政年份:
    2021
  • 资助金额:
    $ 12.59万
  • 项目类别:
    Standard Grant
Collaborative Research: Broadening Secure Mobile Software Development (SMSD) Through Curriculum and Faculty Development
合作研究:通过课程和师资发展拓宽安全移动软件开发 (SMSD)
  • 批准号:
    1723578
  • 财政年份:
    2017
  • 资助金额:
    $ 12.59万
  • 项目类别:
    Standard Grant

相似国自然基金

Scalable Learning and Optimization: High-dimensional Models and Online Decision-Making Strategies for Big Data Analysis
  • 批准号:
  • 批准年份:
    2024
  • 资助金额:
    万元
  • 项目类别:
    合作创新研究团队
Understanding structural evolution of galaxies with machine learning
  • 批准号:
    n/a
  • 批准年份:
    2022
  • 资助金额:
    10.0 万元
  • 项目类别:
    省市级项目
煤矿安全人机混合群智感知任务的约束动态多目标Q-learning进化分配
  • 批准号:
  • 批准年份:
    2022
  • 资助金额:
    30 万元
  • 项目类别:
    青年科学基金项目
基于领弹失效考量的智能弹药编队短时在线Q-learning协同控制机理
  • 批准号:
    62003314
  • 批准年份:
    2020
  • 资助金额:
    24.0 万元
  • 项目类别:
    青年科学基金项目
集成上下文张量分解的e-learning资源推荐方法研究
  • 批准号:
    61902016
  • 批准年份:
    2019
  • 资助金额:
    24.0 万元
  • 项目类别:
    青年科学基金项目
具有时序迁移能力的Spiking-Transfer learning (脉冲-迁移学习)方法研究
  • 批准号:
    61806040
  • 批准年份:
    2018
  • 资助金额:
    20.0 万元
  • 项目类别:
    青年科学基金项目
基于Deep-learning的三江源区冰川监测动态识别技术研究
  • 批准号:
    51769027
  • 批准年份:
    2017
  • 资助金额:
    38.0 万元
  • 项目类别:
    地区科学基金项目
具有时序处理能力的Spiking-Deep Learning(脉冲深度学习)方法研究
  • 批准号:
    61573081
  • 批准年份:
    2015
  • 资助金额:
    64.0 万元
  • 项目类别:
    面上项目
基于有向超图的大型个性化e-learning学习过程模型的自动生成与优化
  • 批准号:
    61572533
  • 批准年份:
    2015
  • 资助金额:
    66.0 万元
  • 项目类别:
    面上项目
E-Learning中学习者情感补偿方法的研究
  • 批准号:
    61402392
  • 批准年份:
    2014
  • 资助金额:
    26.0 万元
  • 项目类别:
    青年科学基金项目

相似海外基金

Collaborative Research: New to IUSE: EDU DCL:Diversifying Economics Education through Plug and Play Video Modules with Diverse Role Models, Relevant Research, and Active Learning
协作研究:IUSE 新增功能:EDU DCL:通过具有不同角色模型、相关研究和主动学习的即插即用视频模块实现经济学教育多元化
  • 批准号:
    2315700
  • 财政年份:
    2024
  • 资助金额:
    $ 12.59万
  • 项目类别:
    Standard Grant
Collaborative Research: A Semiconductor Curriculum and Learning Framework for High-Schoolers Using Artificial Intelligence, Game Modules, and Hands-on Experiences
协作研究:利用人工智能、游戏模块和实践经验为高中生提供半导体课程和学习框架
  • 批准号:
    2342747
  • 财政年份:
    2024
  • 资助金额:
    $ 12.59万
  • 项目类别:
    Standard Grant
Collaborative Research: New to IUSE: EDU DCL:Diversifying Economics Education through Plug and Play Video Modules with Diverse Role Models, Relevant Research, and Active Learning
协作研究:IUSE 新增功能:EDU DCL:通过具有不同角色模型、相关研究和主动学习的即插即用视频模块实现经济学教育多元化
  • 批准号:
    2315699
  • 财政年份:
    2024
  • 资助金额:
    $ 12.59万
  • 项目类别:
    Standard Grant
Collaborative Research: New to IUSE: EDU DCL:Diversifying Economics Education through Plug and Play Video Modules with Diverse Role Models, Relevant Research, and Active Learning
协作研究:IUSE 新增功能:EDU DCL:通过具有不同角色模型、相关研究和主动学习的即插即用视频模块实现经济学教育多元化
  • 批准号:
    2315697
  • 财政年份:
    2024
  • 资助金额:
    $ 12.59万
  • 项目类别:
    Standard Grant
Collaborative Research: New to IUSE: EDU DCL:Diversifying Economics Education through Plug and Play Video Modules with Diverse Role Models, Relevant Research, and Active Learning
协作研究:IUSE 新增功能:EDU DCL:通过具有不同角色模型、相关研究和主动学习的即插即用视频模块实现经济学教育多元化
  • 批准号:
    2315696
  • 财政年份:
    2024
  • 资助金额:
    $ 12.59万
  • 项目类别:
    Standard Grant
Collaborative Research: A Semiconductor Curriculum and Learning Framework for High-Schoolers Using Artificial Intelligence, Game Modules, and Hands-on Experiences
协作研究:利用人工智能、游戏模块和实践经验为高中生提供半导体课程和学习框架
  • 批准号:
    2342748
  • 财政年份:
    2024
  • 资助金额:
    $ 12.59万
  • 项目类别:
    Standard Grant
Toxicology-testing platform integrating immunocompetent in vitro/ex vivo modules with real-time sensing and machine learning based in silico models for life cycle assessment and SSbD
毒理学测试平台,将免疫活性体外/离体模块与基于硅模型的实时传感和机器学习相结合,用于生命周期评估和 SSbD
  • 批准号:
    10100967
  • 财政年份:
    2024
  • 资助金额:
    $ 12.59万
  • 项目类别:
    EU-Funded
Collaborative Research: New to IUSE: EDU DCL:Diversifying Economics Education through Plug and Play Video Modules with Diverse Role Models, Relevant Research, and Active Learning
协作研究:IUSE 新增功能:EDU DCL:通过具有不同角色模型、相关研究和主动学习的即插即用视频模块实现经济学教育多元化
  • 批准号:
    2315698
  • 财政年份:
    2024
  • 资助金额:
    $ 12.59万
  • 项目类别:
    Standard Grant
Collaborative Research: New to IUSE: EDU DCL:Diversifying Economics Education through Plug and Play Video Modules with Diverse Role Models, Relevant Research, and Active Learning
协作研究:IUSE 新增功能:EDU DCL:通过具有不同角色模型、相关研究和主动学习的即插即用视频模块实现经济学教育多元化
  • 批准号:
    2315701
  • 财政年份:
    2024
  • 资助金额:
    $ 12.59万
  • 项目类别:
    Standard Grant
Collaborative Research: A Semiconductor Curriculum and Learning Framework for High-Schoolers Using Artificial Intelligence, Game Modules, and Hands-on Experiences
协作研究:利用人工智能、游戏模块和实践经验为高中生提供半导体课程和学习框架
  • 批准号:
    2342746
  • 财政年份:
    2024
  • 资助金额:
    $ 12.59万
  • 项目类别:
    Standard Grant
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了