Education DCL: EAGER: Advancing Secure Coding Education: Empowering Students to Safely Utilize AI-powered Coding Assistant Tools

教育 DCL：EAGER：推进安全编码教育：使学生能够安全地利用人工智能驱动的编码辅助工具

• 批准号: 2335798
• 负责人: Doowon Kim
• 金额: $ 30万
• 依托单位: University of Tennessee Knoxville
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2335798&HistoricalAwards=false
• 关键词: Education; DCL; EAGER; Advancing; Secure; Education; DCL; EAGER; Advancing; Secure

The advent of Artificial Intelligence (AI) has transformed the landscape of the software engineering ecosystem. Particularly, AI-powered coding assistant tools (e.g., ChatGPT and GitHub Copilot) are believed to potentially revolutionize the software development landscape. The tools can enhance software developers' efficiency and productivity in software development by generating boilerplate code for developers. Unfortunately, the tools can generate (or suggest) insecure code for developers because (1) the models that the tools rely on can inadvertently learn from insecure code snippets of untrusted, unverified open-source projects, or (2) the models are also vulnerable to poisoning attacks. The project's novelties are to develop new curricular modules and hands-on exercises for computer science students and the software development workforce to enhance their secure coding practices when using the tools. The project's broader significance and importance are to equip students and the workforce with secure coding practices when using AI-powered coding assistant tools, thereby enabling them to develop secure programs in the future. Moreover, this project's activities will be used to attract undergraduate students from underrepresented groups to cybersecurity.The main objective of this education project is to help students and the workforce have secure coding practices. First, this project develops new hands-on exercises where the students and the workforce can learn how suggested insecure code can impact their software and how the software can be vulnerable and exploited by adversaries. This engages them in active security-oriented learning to cultivate their secure coding practices when using AI-powered coding assistant tools. The hands-on materials include a real-world programming environment where the learners are expected to have experience with poisoned models. Second, this project actively pursues the involvement of undergraduate/high school students in research, including underrepresented groups (specifically the Appalachia region). Third, the project team host workshops in the summer to assist participating faculty in learning how to use our hands-on lab materials developed through this projectThis award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

人工智能（AI）的出现改变了软件工程生态系统的景观。特别是，据信，AI驱动的编码助理工具（例如Chatgpt和Github Copilot）可能会彻底改变软件开发格局。这些工具可以通过为开发人员生成样板代码来提高软件开发人员在软件开发中的效率和生产率。不幸的是，这些工具可以为开发人员生成（或建议）不安全的代码，因为（1）工具依赖的模型可以无意间从不安全，未经验证的未经验证的开源项目的不安全代码段中学习，或者（2）模型也容易受到中毒的攻击。该项目的新颖性是为计算机科学专业的学生和软件开发人员开发新的课程模块和动手练习，以在使用工具时增强其安全的编码实践。该项目使用AI驱动的编码助理工具时，该项目的重要性和重要性是为学生和劳动力提供安全的编码实践，从而使他们能够在将来开发安全的程序。此外，该项目的活动将用于吸引从代表性不足的团体到网络安全的本科生。该教育项目的主要目标是帮助学生和劳动力具有安全的编码实践。首先，该项目开发了新的动手练习，学生和劳动力可以在其中学习建议的不安全代码如何影响其软件以及该软件如何脆弱和受到对手的影响。这使他们参与了以安全性为导向的学习，以便在使用AI驱动的编码助手工具时培养其安全的编码实践。动手的材料包括一个现实世界中的编程环境，希望学习者具有有毒模型的经验。其次，该项目积极追求本科/高中学生参与研究的参与，包括代表性不足的群体（特别是阿巴拉契亚地区）。第三，项目团队在夏季举办研讨会，以协助参与教师学习如何通过该项目奖开发的动手实验室材料反映了NSF的法定任务，并被认为是值得通过基金会的知识分子和更广泛影响的评估评估标准通过评估来获得支持的。