Incorporating Cybersecurity Education into the CS curriculum
description
Transcript of Incorporating Cybersecurity Education into the CS curriculum
Incorporating Cybersecurity Education into the CS curriculum
Stephen Cooper, Stanford University
Stanford TRUST educational efforts
• Courseware (Mitchell)– courseware.stanford.edu– Course management system• Social networking features• Good support for multiple media (including video)
Stanford TRUST educational efforts
• Video courses – AI (Thrun and Ng) and DB (Widom)• More than 200K students
– Plans for security (Dawn Song, Berkeley, Boneh, and Mitchell)• Currently videos being recorded
My work
• Incorporating security content into existing courses– Ethics– Introductory programming*
* This material is based upon work supported, in part, by the National Science Foundation under Grant DUE-1022557. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
Ethics• A required course for CS majors at many
colleges o Typically taught using case studies across a wide
range of topics within CS
Ethics - 1• An alternate approach
o Theme the course around cybersecurityo Invite speakers from government, industry, and academia to speak on specific topics
oE.g. Michael Caloyannides (former chief scientist at CIA) speaking about anonymityoE.g. Ruth David (CEO, Analytic Serivces), speaking on international challenges
oVideotaping lectures to make them widely available
Ethics - 2
• Some topics naturally involve cybersecurity– E.g. hacking
• Some topics get increase emphasis– E.g. privacy
• Some topics don’t fit well– E.g. philosophical backgrounds (Kant, Mills, etc.)
Introductory programming and secure coding
• Approach– Change the content/context of several introductory
programming laboratory exercises to use examples taught as part of secure coding
– Otherwise, the course should be identical• Assumption– That the introductory programming course uses closed labs
• Added feature– Playing a serious game which introduces the secure
programming concept
Pairing of CS1 concepts with secure coding concepts
CS1 concept• Strings• Tbd• Parameter passing• Tbd• Tbd• Functions• Data types
Serious programming concept• Validating input• Array bounds checking• Buffer overflow• Operator precedence• Rounding errors• Return values• Numeric over/underflow
Questions?