Security Injections: Promoting Responsible Coding and Building a Community of Security Ambassadors

安全注入：促进负责任的编码并建立安全大使社区

• 批准号: 1241738
• 负责人: Siddharth Kaza
• 金额: $ 45.19万
• 依托单位: Towson University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2016-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1241738&HistoricalAwards=false
• 关键词: Security; Injections; Promoting; Responsible; Coding

Information Assurance (IA) requires pervasive action to prepare all computing graduates to meet the current and future cybersecurity challenges. The challenges to this are significant: instructors who are untrained in computer security, lack of teaching resources, and introductory classes overloaded with course material. The Security Injections@Towson project includes over 40 security injection modules that target key security concepts including integer overflow, buffer overflow, and input validation to be used in introductory computer science courses. Research results show that these security injection modules lead to an increase in the ability of students to remember, comprehend, and apply secure coding principles. This project builds on the success of the security injection modules. The project team and its partners (from the ACM Committee for Computing Education in Community Colleges, three NSF Advanced Technological Education (ATE) centers, and several diverse institutions) focus on community building and effective national dissemination to reach more students and faculty. Community building efforts include 1) a Security Ambassadors program with faculty who teach and encourage others to teach responsible coding, 2) a Build-A-Lab program to grow teaching resources and increase faculty engagement, knowledge, and sense of ownership, and 3) Short IA pedagogy courses at ATE centers and educational conferences. Project dissemination is synergistic with community building efforts, using short courses at conferences, workshops, outreach through ATE centers, and the security ambassadors to facilitate module adoption at two and four year institutions. All resources will also be submitted to the NSDL Computing Pathway - Ensemble and other venues. The community-building and disseminating strategy uses discrete one-time workshops (short courses), long-range professional development (Build-A-Lab), and the involvement faculty as the source of change through the Security Ambassador program. The team brings strengths in undergraduate curriculum development, education research, capacity-building experience, and the perspective of diverse institutions, including a historically-black university and community colleges.

信息保证（IA）需要采取普遍的行动来准备所有计算毕业生，以应对当前和未来的网络安全挑战。对此的挑战是重大的：未经计算机安全性，缺乏教学资源的教练以及与课程材料过载的介绍课程。 安全注射@Towson项目包括40多个安全性注入模块，这些模块针对关键安全概念，包括整数溢出，缓冲区溢出和用于入门计算机科学课程中的输入验证。研究结果表明，这些安全性注入模块导致学生记住，理解和应用安全编码原则的能力提高。该项目建立在安全注入模块的成功基础上。项目团队及其合作伙伴（来自社区大学计算机教育委员会，三个NSF高级技术教育（ATE）中心以及几个不同的机构）着重于社区建设和有效的民族传播，以吸引更多的学生和教职员工。社区建设工作包括1）与教师的安全大使计划，他们教授和鼓励其他人教负责任的编码，2）一个建筑物的计划，以增加教学资源并提高教师的参与，知识和所有权感，以及3）短期IA Ate Centers和Ate Center和教育会议的短期IA教学法。项目传播与社区建设的努力是协同的作用，使用会议，研讨会，通过Ate中心的宣传以及安全大使，以促进两年和四年机构采用模块的安全大使。所有资源也将提交给NSDL计算途径 - 集合和其他场所。社区建设和传播策略使用离散的一次性研讨会（短期课程），远程专业发展（Build-A-LAB）和参与教师作为通过安全大使计划的变化来源。该团队为本科课程发展，教育研究，能力建设经验以及包括历史悠久的大学和社区学院在内的各种机构的观点带来了优势。