SATC: EDU: Network Design for Security using Protocol Trust Boundary Observations

SATC：EDU：使用协议信任边界观察进行安全的网络设计

• 批准号: 1907537
• 负责人: Deniz Gurkan
• 金额: $ 29.24万
• 依托单位: University of Houston
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-08-01 至 2022-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1907537&HistoricalAwards=false
• 关键词: SATC; EDU; Network; Design; Security

"Network security" is a typical core course in master's and bachelor's level curricula in electrical/computer engineering or computer science or technology. This project makes a novel attempt to relate "Network Security" to "Software Systems Security", where a solid educational foundation has been using threat modeling with effective tools and associated defense and mitigation techniques. This novel approach enables network security education to use the same principles that apply to information systems security. Namely, by viewing each network system as a collection of software systems, this project will enable the use of techniques developed for Software Systems Security education for Network Security education.The main goal of this project is to create novel instructional material to teach network security from the perspective of a built-in security posture within the network design process, with a focus on the creation of protocol behavior knowledge modules with a trust boundary analysis enhanced through hands-on lab experiments, instantaneous feedback, reflections on learnings, as well as a comprehensive project component for application of the gained knowledge. The instructional material is composed of lecture modules, documentation, lab modules with network topologies, an extension mechanism for other instructors to create new network models, and a hands-on lab system that is based on the Jupyter Notebooks, a web-based interactive computing platform supportive of diverse learning styles. The lab material includes exercises that load within the Jupyter Notebooks and are auto-graded through the lab system for immediate feedback on learnings of specific concepts. The question descriptors are also open source and available for the adopting instructors to tailor to their own learning objectives in specific offerings of the instructional material. The instructional material has a broader impact in attracting and retaining underrepresented minorities and female students to the field by providing equitable access mechanisms along with multiple forms of delivery of the concepts in modern interfaces.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

《网络安全》是电气/计算机工程或计算机科学或技术专业硕士和学士课程中典型的核心课程。该项目做出了将“网络安全”与“软件系统安全”联系起来的新颖尝试，其中坚实的教育基础一直是使用威胁建模以及有效的工具和相关的防御和缓解技术。这种新颖的方法使网络安全教育能够使用适用于信息系统安全的相同原则。也就是说，通过将每个网络系统视为软件系统的集合，该项目将能够使用为软件系统安全教育开发的技术来进行网络安全教育。该项目的主要目标是创建新颖的教学材料来教授网络安全网络设计过程中内置安全态势的视角，重点是创建协议行为知识模块，并通过实验室实践实验、即时反馈、学习反思以及增强的信任边界分析来创建协议行为知识模块。应用所获得知识的综合项目组成部分。教学材料由讲座模块、文档、具有网络拓扑的实验室模块、供其他教师创建新网络模型的扩展机制以及基于 Jupyter Notebooks（一种基于 Web 的交互式计算）的动手实验室系统组成。支持多样化学习方式的平台。实验室材料包括在 Jupyter Notebooks 中加载的练习，并通过实验室系统自动评分，以便对特定概念的学习提供即时反馈。问题描述符也是开源的，可供采用的教师在特定的教学材料中根据自己的学习目标进行定制。该教材通过提供公平的准入机制以及在现代界面中以多种形式传递概念，在吸引和留住代表性不足的少数族裔和女学生方面具有更广泛的影响。该奖项反映了 NSF 的法定使命，并被认为值得支持通过使用基金会的智力优点和更广泛的影响审查标准进行评估。