development standards and rules in C/C++ [310], which enable best practices in code safety, security, portability, and reliability in embedded systems.
In addition to these knowledge resources, several research groups focused on building Common Body of Knowledge (CBK) to provide a comprehensive framework of all relevant subjects that a security professional should be familiar with, including skills, techniques and best practices. The United States Department of Homeland Security has developed a common body of knowledge for software assurance (SwACBK) [370]. The Cyber Security Body of Knowledge project (CyBoK) [356]
funded by the U.K. National Cyber Security Program aims to inform and underpin education and professional training for the cybersecurity sector.
To formalize security knowledge, be following the design consideration of the contextualized learning system, this thesis first considered which terms are critical in explaining software security knowledge without overlapping between concepts they represent, further, extracted corresponding knowledge from the available resources to construct the security knowledge, as the kernel of the learning system. The corresponding research work is described in RP V and RP VI.
2.2 Teaching and Learning Software Security 2.2.1 Approaches for Teaching Software Security
Education is an essential tool to help produce secure code in software engineering [321]. To ensure all software engineering graduates have the knowledge necessary to develop secure software systems, security experts and educators emphasize education must infuse security principles and secure programming early and often in the learning process [48, 209]. As such, a number of researchers are investigating various methods for integrating security practices into the computer science and information system management curriculum. Perrone et al. [353] and Taylor and Azadegan [435] recommend a threaded approach intended to reach all students in the computer science and information system curriculum. Security principles and secure coding practices are interleaved into the curriculum, starting with the foundation courses and re-enforced throughout the student’s course of study.
Similarly, Chung et al. [82] proposed to develop a secure software engineering-based thread approach. In their proposal, students develop software with software-engineering case studies, then they are demonstrated how the produced code can be transformed to include security across the life cycle, resulting in secured code. Kara Nance [320] presented projects in introductory classes that asked students to deal with security problems such as file recovery and printer forensics. These require
21 MISRA is a collaboration between manufacturers, component suppliers and engineering consultancies which seeks to promote best practice in developing safety- and security-related electronic systems and other software-intensive application: https://www.misra.org.uk/
28
integrating security material into the class curriculum. Bishop et al. [46, 111] then proposed the use of Secure Programming Clinic (SPC) to provide practical educational training for students that extends and reinforces the theory they learn in classes. In SPC, students send their code to the clinicians, usually manned by graduate students, who review the code and then have one-to-one discussions with students about the security implication of their code.
The above security integration teaching techniques have been recognized as pedagogically effective, which have an advantage in that security concepts can be transferred more easily across both core and elective curricula, as well as different kinds of institutions [82, 435]. However, adopting this approach, institutions need substantial time and funds to upgrade curriculum to include security topics (either in the curriculum itself or in faculty time to develop new course materials or alter existing ones), as well as to prepare a sufficient number of skilled resources, including trained faculty, to support the program. We advocate to further explore the context-based approach to complement the security integration approach, without causing the severe expense of depth and breadth of a curriculum change for resource-limited institutions. We contribute to this approach by concretely exploring a viable implementation solution and evaluating its effectiveness.
2.2.2 Conventional Security Learning Materials
In the learning process, learning materials is one of the main factors to be considered by the instructor because it can contribute to the acceptance of students of knowledge presented. Learning material can consist of various forms and formats depending on the teaching methods. When most institutions plan and develop security learning materials, either textbooks, lectures or online courses, they commonly use conventional approaches to guide the process. Such conventional learning materials and approaches are commonly made up of two distinct methods: black-hat concepts and white-hat concepts (offense/defense, construction/destruction) [294]. Figure 2.3 illustrates the two types of learning materials. The black hat/white hat concepts apply the classic western “bad guy/good guy” concept to software security. A black-hat refers to a hacker who tries to break into a system with malicious intent. Black-hat actions include destructive activities such as attacks and exploits [294]. Using a black-hat approach in software security implies thinking proactively about ways tblack-hat a system could be exploited. A white-hat refers to an individual who identifies a vulnerability in a system and reports it to the system owners. White-hat actions include constructive activities such as design, defense, and functionality [294]. Using a white-hat approach in software development includes building defense into a system, often using information from a black-hat history.
The conventional learning materials typically address particular security topics, and the starting point of instructions consists of basic security concepts and theories, which are taught in a logical order and structure. In addition, these learning materials are often written in the form of a reference manual or a guide to a particular security
29
certification, which is more effective at training security experts. However, it is difficult for developers to correlate what they are learning to their programming experience, further, to link the security knowledge to real software scenarios. In this approach, the interests and thoughts of developers and the knowledge they already possess are not taken into account, which could lead to forced concept development and misconceptions. An ideal learning process should therefore also be guided by the motives, skills, and pre-knowledge of students. Since security learners have to demonstrate the applicability of the knowledge through experience in order to understand their practical use [294], the learning materials presented must provide meaning for learners, allowing them to learn security principles closed to the real-world situations that are of particular interest to them.2.2.3 Tool-Based Support for Learning Software Security
Some efforts have been made to enhance software security education and learning using tool-based learning approaches. In this section, various types of security education tools from the literature are briefly introduced.
Atsuo Hazeyama et al. [195, 196] proposed an artifact-driven learning process for software security as well as an online learning environment utilizing a body of knowledge for security education. In the learning process, learners conduct secure software development by inputting artifacts that were created in a traditional software engineering course, such as requirements specification, use case diagram, and test specification. The learning flow takes security into consideration after considering the functional requirements of a system. The designed learning environment provides functionalities for maintaining artifacts that are inputs for
(a) (b)
Two types of conventional learning materials for software security: (a) the black-hat approach, and (b) the white-hat approach
30
learning about software security and outputs from that learning, furthermore, giving relationships between artifacts and the reference information. Learners proceed to learn about software security by referring to the available information.
In addition to online programs, the Integrated Development Environment (IDE) plug-in has been applied plug-in teachplug-ing students or programmers about security awareness.
The University of North Carolina at Charlotte (UNCC) has designed and developed an Educational Security in the Integrated Development Environment (ESIDE) plug-in for Eclipse22 that delivers real-time secure programming instructional support as students write code [492, 517], similar to the underline in a word processing spell checker. The tool is designed to improve student awareness and understanding of security vulnerabilities and to increase the utilization of secure programming techniques in assignments. ESIDE aims to provide educational interventions for more advanced students (a senior and masters-level web development course) [492], and the tool only works on Eclipse IDE for Java and cannot support other platforms, for example, the Android IDE.
Visualization is another approach in teaching software security courses, which heavily uses images, diagrams or animations to communicate messages [401]. To integrate visualization techniques in classroom instruction, Yuan [509] developed three visualization and animation tools that demonstrate various information security concepts. The information security concepts illustrated include packet sniffer and related computer network concepts, the Kerberos authentication architecture, and wireless network attacks, through the usage of Macromedia’s Flash software.
Bishop et al. [47] have developed a Concept Map23 of secure programming to visualize the relevant body of knowledge, which assists students in understanding complex concepts, principles, and ideas and the important relationships between them. Their concept maps are assessments designed to identify students’
misconceptions; the questions, scoring procedures, and interpretations are consistent and in adherence with a predetermined standard. The results from the concept map are primarily intended to improve pedagogy, though the results can be used to help instructors make comparisons of teaching over time.
Furthermore, video games (game-based learning), such as CyberCIEGE [216] and hACMEgane [324], are approaches taken to stem the declining interest and enrollment in computing courses, where students explore relevant security aspect of games in a learning context designed by the instructor. CyberCIEGE24 is a free tool that can be downloaded from the Internet for that purpose. Students can build their networking environment virtually and learn the possible threats that affect their network based on their design. Through available security scenarios, students will learn security through the consequences of their choice while they build their own
22 Eclipse is an integrated development environment used in computer programming. It contains a base workspace and an extensible plug-in system for customizing the environment: https://www.eclipse.org
23 http://spc.cs.ucdavis.edu/index.php/conceptmap
24 https://my.nps.edu/web/c3o/cyberciege