Education DCL: EAGER: Advancing Secure Coding Education: Empowering Students to Safely Utilize AI-powered Coding Assistant Tools

教育 DCL：EAGER：推进安全编码教育：使学生能够安全地利用人工智能驱动的编码辅助工具

• 批准号: 2335798
• 负责人: Doowon Kim
• 金额: $ 30万
• 依托单位: University of Tennessee Knoxville
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2335798&HistoricalAwards=false
• 关键词: Education; DCL; EAGER; Advancing; Secure

The advent of Artificial Intelligence (AI) has transformed the landscape of the software engineering ecosystem. Particularly, AI-powered coding assistant tools (e.g., ChatGPT and GitHub Copilot) are believed to potentially revolutionize the software development landscape. The tools can enhance software developers' efficiency and productivity in software development by generating boilerplate code for developers. Unfortunately, the tools can generate (or suggest) insecure code for developers because (1) the models that the tools rely on can inadvertently learn from insecure code snippets of untrusted, unverified open-source projects, or (2) the models are also vulnerable to poisoning attacks. The project's novelties are to develop new curricular modules and hands-on exercises for computer science students and the software development workforce to enhance their secure coding practices when using the tools. The project's broader significance and importance are to equip students and the workforce with secure coding practices when using AI-powered coding assistant tools, thereby enabling them to develop secure programs in the future. Moreover, this project's activities will be used to attract undergraduate students from underrepresented groups to cybersecurity.The main objective of this education project is to help students and the workforce have secure coding practices. First, this project develops new hands-on exercises where the students and the workforce can learn how suggested insecure code can impact their software and how the software can be vulnerable and exploited by adversaries. This engages them in active security-oriented learning to cultivate their secure coding practices when using AI-powered coding assistant tools. The hands-on materials include a real-world programming environment where the learners are expected to have experience with poisoned models. Second, this project actively pursues the involvement of undergraduate/high school students in research, including underrepresented groups (specifically the Appalachia region). Third, the project team host workshops in the summer to assist participating faculty in learning how to use our hands-on lab materials developed through this projectThis award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

人工智能 (AI) 的出现改变了软件工程生态系统的面貌。特别是，人工智能驱动的编码辅助工具（例如 ChatGPT 和 GitHub Copilot）被认为有可能彻底改变软件开发格局。这些工具可以通过为开发人员生成样板代码来提高软件开发人员的软件开发效率和生产力。不幸的是，这些工具可能会为开发人员生成（或建议）不安全的代码，因为（1）这些工具所依赖的模型可能会无意中从不受信任、未经验证的开源项目的不安全代码片段中学习，或者（2）这些模型也容易受到中毒攻击。该项目的新颖之处在于为计算机科学学生和软件开发人员开发新的课程模块和实践练习，以增强他们在使用这些工具时的安全编码实践。该项目更广泛的意义和重要性是让学生和员工在使用人工智能驱动的编码辅助工具时具备安全的编码实践，从而使他们能够在未来开发安全的程序。此外，该项目的活动将用于吸引弱势群体的本科生学习网络安全。该教育项目的主要目标是帮助学生和员工进行安全的编码实践。首先，该项目开发了新的实践练习，学生和员工可以了解建议的不安全代码如何影响他们的软件，以及软件如何容易受到攻击并被对手利用。这使他们能够积极主动地进行面向安全的学习，以在使用人工智能驱动的编码辅助工具时培养他们的安全编码实践。实践材料包括现实世界的编程环境，学习者应该有使用中毒模型的经验。其次，该项目积极促进本科生/高中生参与研究，包括代表性不足的群体（特别是阿巴拉契亚地区）。第三，项目团队在夏季举办研讨会，帮助参与的教师学习如何使用通过该项目开发的实践实验室材料。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。