Mainstreaming Cybersecurity Research and Practice into Undergraduate Education

将网络安全研究和实践纳入本科教育主流

• 批准号: 0306105
• 负责人: Shivakant Mishra
• 金额: --
• 依托单位: University of Colorado at Boulder
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2003
• 资助国家: 美国
• 起止时间: 2003-09-01 至 2008-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0306105&HistoricalAwards=false
• 关键词: Mainstreaming; Cybersecurity; Research; Practice; into

0306105Shivakant MishraUniversity of Colorado BoulderMainstreaming Cybersecurity Research and Practice into Undergraduate Education$539,999This is a very timely project that addresses the education of undergraduates about the field of cyber-security. Included in the project activities are the creation of a "cyber-security house", an applied cyber-security course, and a cyber-security repository for broad dissemination of the materials and results from the project. While national security is critically dependent on a continuous and correct functioning of modern computing systems, current, state-of-the-art computing systems typically do not meet the stringent requirements of security, availability, fault-tolerance, and high performance. The 2001 Computer Crime and Security Survey from CSI/FBI describes two disturbing characteristics:(1) The number of computer crimes and security breaches are increasing, and (2) The total financial loss due to computer crimes and security breaches is increasing. One possible reason for this weakness of modern computing systems is that there is a severe shortage of skilled security professionals, resulting in a large number of computing systems being constructed by people who do not have adequate understanding of basic security principles. A fundamental reason for the shortage of security practitioners is that the principles and practices of security are typically not well covered in undergraduate education and only a handful of undergraduate programs in the USA even offer a course on computer security. The PI hypothesizes that fundamentally new mechanisms, which go beyond traditional classroom settings, are needed to address the current weaknesses associated with cyber-security technology and education. The overall goal of the project is to prepare a work force that is aware of system vulnerabilities, as well as a cadre of professionals that are knowledgeable about the recognized, best, and latest principles and practices available in security and information assurance. This project focuses on six activities: 1. Development of a "cyber-security house" to permit undergraduate students to learn and experiment with security principles and practices throughout their undergraduate career. This is intended to provide students an opportunity to learn and experiment with the latest cyber-security technology, keep up with the fast pace of change in cyber-security technology, and interact with other undergraduate students at different stages in their undergraduate careers. 2. Development of a new undergraduate course on applied cyber-security. This course provides hands-on experience with using the latest security tools, and designing and implementing secure systems. 3. Development of a repository of cyber-security education-related materials, making them available via the Web. The goal is to provide useful materials that are beyond course syllabi and lecture notes. 4. Dissemination of the results from this project to the CISE community. The methods for dissemination includes collaborating with faculties and students from other institutions via workshops, a TA training program, making course materials available on the Web, and publication and participation in CISE education-related conferences. 5. Increasing participation in the project activities of underrepresented groups by involving faculty and student from historically black colleges and universities, and other minority institutions. 6. Evaluation of the project results at regular intervals, and making modifications or extensions a needed. This evaluation will be based on the inputs from the students who take the new course and participate in the cyber-security house, industry who employ these students, and the instructors who teach the new course or supervise student in the cyber-security house. An important aspect of this project is the inclusion of survivability as an integral aspect of the educational topics proposed. Rather than focusing on the more traditional attack/detection paradigm, students are taught how to design software systems that are less vulnerable to attack and that are designed to survive such attack and provide some level of continuing service.

0306105科罗拉多州巨石学家的网络安全研究和实践对本科教育的实践$ 539,999，这是一个非常及时的项目，旨在解决有关网络安全领域的本科生教育。项目活动中包括创建“网络安全房屋”，应用的网络安全课程以及一个网络安全存储库，用于广泛传播材料和项目的结果。尽管国家安全在严重取决于现代计算系统的连续和正确功能，但当前，最先进的计算系统通常不符合安全性，可用性，容忍性和高性能的严格要求。 CSI/FBI的2001年计算机犯罪和安全调查描述了两个令人不安的特征：（1）计算机犯罪和安全漏洞的数量正在增加，并且（2）由于计算机犯罪和安全漏洞而造成的总财务损失正在增加。这种现代计算系统弱点的可能原因之一是，熟练的安全专业人员严重缺乏，导致大量计算系统是由对基本安全原则没有充分了解的人建造的。安全从业人员短缺的一个基本原因是，安全的原则和实践通常在本科教育中没有很好地涵盖，并且只有少数在美国的本科课程甚至提供计算机安全课程。 PI假设从根本上讲，从根本上讲，这些机制超出了传统的课堂环境，以解决与网络安全技术和教育相关的当前弱点。该项目的总体目标是准备一支意识到系统漏洞的劳动力，以及一群专业人士，这些专业人员对安全和信息保证方面的公认，最佳和最新原则和实践知识渊博。该项目着重于六项活动：1。开发“网络安全之家”，以允许本科生在整个本科生职业中学习和尝试安全原则和实践。这旨在为学生提供一个学习和尝试最新的网络安全技术，跟上网络安全技术变化的快速步伐，并与本科生不同阶段的其他本科生互动的机会。 2。开发有关应用网络安全的新本科课程。本课程提供了使用最新安全工具，设计和实施安全系统的动手经验。 3。开发与网络安全有关材料的存储库，使其通过网络提供。目的是提供有用的材料，这些材料超越课程课程和讲义。 4。将该项目的结果传播到Cise社区。传播方法包括通过研讨会，TA培训计划与其他机构的教职员工和学生合作，在网络上提供课程材料，以及与CISE教育相关的会议的出版和参与。 5。通过参与历史悠久的黑人学院和大学以及其他少数民族的教职员工和学生，增加了代表性团体不足的项目活动的参与。 6。定期评估项目结果，并进行修改或扩展。这项评估将基于参加新课程并参加网络安全之家的学生的意见，雇用这些学生的行业以及在网络安全之家中教新课程或监督学生的讲师。该项目的一个重要方面是将生存能力纳入提出的教育主题的一个组成部分。与其专注于更传统的攻击/检测范式，不如教学生如何设计不容易受到攻击的软件系统，旨在生存这种攻击并提供一定程度的持续服务。