A Case Study of Adopting Security Guidelines in Undergraduate Software Engineering Education

نویسندگان

  • Yen-Hung Hu
  • Charles Scott
چکیده

Security plays a large role in software development; simply without its existence the software would be vulnerable to many different types of attacks. Software security prevents leaks of data, alternation of data, and unauthorized access to data. Building a secure software involves a number of different processes but security awareness and implementation are the most important ones among them. To produce high quality software security engineers need to meet today’s cybersecurity demands, security awareness and implementation must be integrated in undergraduate computer science programming courses. In this paper, we demonstrate the importance of adopting security guidelines in undergraduate software engineering education. Thus, this paper focuses on integrating secure guidelines into existing applications to eliminate common security vulnerabilities. An assessment table, derived from several existing Java security guidelines, is developed to provide in depth critiques of the selected capstone project. Potential security vulnerabilities in the capstone project are identified and presented in a form showing the degree of threats against the three security characteristics: confidentiality, integrity, and availability addressed in the McCumber Cube model. Meanwhile, vulnerability density of the capstone project is calculated to demonstrate the performance of this research.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Case Study: Integrating a Game Application-driven Approach and Social Collaborations into Software Engineering Education

Teaching software engineering to undergraduate students is a challenge task. Students are expected to understand both technical and social aspects of software engineering. This paper presents a complete case study of a hybrid approach that systematically combines a game application-driven approach and social collaborations into the software engineering curriculum at the undergraduate level. The...

متن کامل

Integrating emerging cryptographic engineering research and security education

Unlike traditional embedded systems such as secure smart cards, emerging secure deeplyembedded systems, e.g., implantable and wearable medical devices, have larger “attack surface”. A security breach in such systems which are embedded deeply in human bodies or objects would be life-threatening, for which adopting traditional solutions might not be practical due to tight constraints of these oft...

متن کامل

The Joint Task Force on Cybersecurity Education

The Joint Task Force (JTF) on Cybersecurity Education (http://www.csec2017.org/) was launched in September, 2015 as a collaboration between major international computing societies: Association for Computing Machinery (ACM), IEEE Computer Society (IEEE CS), Association for Information Systems Special Interest Group on Security (AIS SIGSEC1), and International Federation for Information Processin...

متن کامل

Panel: Teaching Undergraduate Information Assurance

As the importance of information assurance and computer security has become recognized, the number of institutions teaching these subjects in their undergraduate curriculum has grown. But methods of integrating this material into the undergraduate program are varied, as are the methods used to teach the material itself. Two key issues highlight the differences in instructional methods and techn...

متن کامل

Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory

Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2014