The Development of a Graduate Curriculum for Software Assurance
Mark Ardis, Stevens Institute of TechnologyNancy Mead, Software Engineering Institute
Acknowledgments (1/2) We thank the Department of Homeland
Security (DHS) National Cyber Security Division (NCSD) for their support
We thank our curriculum co-authors: Julia H. Allen, Software Engineering Institute Thomas B. Hilburn, Embry-Riddle Aeronautical
University Andrew J. Kornecki, Embry-Riddle Aeronautical
University Richard Linger, Software Engineering Institute James McDonald, Monmouth University
2
Acknowledgments (2/2) Some of these slides are from Jeff Williams of
OWASP
3
Outline
4
1. Motivation2. Sources3. Process4. Core Body of Knowledge5. Curriculum Architecture6. Course Outlines and Syllabi7. Outreach and Future Plans
Motivation "The business of security for government
agencies is growing by an enviable 9 percent a year"--- NYTimes August 4, 2011
5
What if the software world was only…
100 apps written by 100 developers at 100 companies
Sources for MSwA Recommendations GSwE2009 – Graduate Software Engineering Other Curricula
MSE 1989 – Original Graduate Software Engineering
SE 2004 – Undergraduate Software Engineering CE 2004 – Undergraduate Computer Engineering CS 2010 – Undergraduate Computer Science
SWEBOK – Software Engineering Body of Knowledge
Textbook by Allen, Mead et al. Build Security In (BSI) Website
10
Process
11
Core Body of Knowledge 3-level outline of topics Associated student outcome expectations in
terms of Bloom's Taxonomy Top Level:
1. Assurance Across Life Cycles2. Risk Management3. Assurance Assessment4. Assurance Management5. System Security Assurance6. System Functionality Assurance7. System Operational Assurance
12
Curriculum Architecture
13
MSwE with SwA Specialization
Information Sciences with SwA Specialization
15
Course Outlines and Syllabi Course Syllabi:
Assurance Management System Operational
Assurance Assured Software
Analytics Assured Software
Development 1 Assured Software
Development 2 Assured Software
Development 3 Assurance Assessment System Security
Assurance
Course Outlines Undergraduate
courses 4 software assurance
courses 1 capstone project
course Community College
courses 3 foundation CS
courses 3 security courses
16
Getting Started with MSwA Courses Implementation options:
add 1-2 courses that supplement an existing program (e.g., Master of Software Engineering, Master of Information Systems)
build on strengths of faculty and supplement existing courses
build on local industry needs take advantage of resources
mentoring offered by SwA curriculum team other artifacts (e.g., MSwA course outlines, master bibliography)
consider starting with a course that does not require prerequisites within the program, such as Assured Software Development 1 or System Operational Assurance
add 1-2 courses each year to build up to a complete MSwA or specialization within another degree program
Resources http://www.cert.org/mswa/
MSwA Reference Curriculum document undergraduate course outlines MSwA course outlines and syllabi 2-Year college course outlines master bibliography curriculum overview seminar VTE workshop from CSEET 2010
Contact Information
Nancy R. Mead, Ph.D.
Senior Technical StaffCERT® ProgramSoftware Engineering InstituteCarnegie Mellon UniversityEmail: [email protected]
U.S. mail:
Software Engineering InstituteCustomer Relations4500 Fifth AvenuePittsburgh, PA 15213-2612USA
Mark A. Ardis
Distinguished Service ProfessorSchool of Systems and EnterprisesStevens Institute of TechnologyEmail: [email protected]: personal.stevens.edu/~mardis
U.S. mail:
Stevens Institute of TechnologyCastle Point on HudsonHoboken, NJ 07030USA
Top Related