Education DCL: EAGER: Advancing Secure Coding Education: Empowering Students to Safely Utilize AI-powered Coding Assistant Tools

教育 DCL：EAGER：推进安全编码教育：使学生能够安全地利用人工智能驱动的编码辅助工具

• 批准号: 2335798
• 负责人: Doowon Kim
• 金额: $ 30万
• 依托单位: University of Tennessee Knoxville
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2335798&HistoricalAwards=false
• 关键词: Education; DCL; EAGER; Advancing; Secure

The advent of Artificial Intelligence (AI) has transformed the landscape of the software engineering ecosystem. Particularly, AI-powered coding assistant tools (e.g., ChatGPT and GitHub Copilot) are believed to potentially revolutionize the software development landscape. The tools can enhance software developers' efficiency and productivity in software development by generating boilerplate code for developers. Unfortunately, the tools can generate (or suggest) insecure code for developers because (1) the models that the tools rely on can inadvertently learn from insecure code snippets of untrusted, unverified open-source projects, or (2) the models are also vulnerable to poisoning attacks. The project's novelties are to develop new curricular modules and hands-on exercises for computer science students and the software development workforce to enhance their secure coding practices when using the tools. The project's broader significance and importance are to equip students and the workforce with secure coding practices when using AI-powered coding assistant tools, thereby enabling them to develop secure programs in the future. Moreover, this project's activities will be used to attract undergraduate students from underrepresented groups to cybersecurity.The main objective of this education project is to help students and the workforce have secure coding practices. First, this project develops new hands-on exercises where the students and the workforce can learn how suggested insecure code can impact their software and how the software can be vulnerable and exploited by adversaries. This engages them in active security-oriented learning to cultivate their secure coding practices when using AI-powered coding assistant tools. The hands-on materials include a real-world programming environment where the learners are expected to have experience with poisoned models. Second, this project actively pursues the involvement of undergraduate/high school students in research, including underrepresented groups (specifically the Appalachia region). Third, the project team host workshops in the summer to assist participating faculty in learning how to use our hands-on lab materials developed through this projectThis award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

人工智能（AI）的出现改变了软件工程生态系统的格局。特别是，人工智能编码辅助工具（如ChatGPT和GitHub Copilot）被认为有可能彻底改变软件开发领域。这些工具可以通过为开发人员生成样板代码来提高软件开发人员在软件开发中的效率和生产力。不幸的是，这些工具可以为开发人员生成（或建议）不安全的代码，因为(1)工具所依赖的模型可以不经意地从不受信任的、未经验证的开源项目的不安全代码片段中学习，或者(2)模型也容易受到中毒攻击。该项目的新颖之处在于为计算机科学专业的学生和软件开发人员开发新的课程模块和实践练习，以增强他们在使用这些工具时的安全编码实践。该项目更广泛的意义和重要性在于，让学生和员工在使用人工智能编程辅助工具时掌握安全的编码实践，从而使他们能够在未来开发安全的程序。此外，该项目的活动将用于吸引来自代表性不足群体的本科生学习网络安全。这个教育项目的主要目标是帮助学生和工作人员进行安全的编码实践。首先，这个项目开发了新的动手练习，学生和工作人员可以学习建议的不安全代码如何影响他们的软件，以及软件如何容易受到攻击并被对手利用。这让他们参与主动的安全导向学习，在使用人工智能编码辅助工具时培养他们的安全编码实践。实践材料包括一个真实世界的编程环境，学习者应该有中毒模型的经验。第二，本项目积极鼓励本科生/高中生参与研究，包括代表性不足的群体（特别是阿巴拉契亚地区）。第三，项目团队在夏季举办研讨会，帮助参与的教师学习如何使用我们通过该项目开发的动手实验材料。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。