100 likes | 205 Views
Incorporating Cybersecurity Education into the CS curriculum. Stephen Cooper, Stanford University. Stanford TRUST educational efforts. Courseware (Mitchell) courseware.stanford.edu Course management system Social networking features Good support for multiple media (including video).
E N D
Incorporating Cybersecurity Education into the CS curriculum Stephen Cooper, Stanford University
Stanford TRUST educational efforts • Courseware (Mitchell) • courseware.stanford.edu • Course management system • Social networking features • Good support for multiple media (including video)
Stanford TRUST educational efforts • Video courses • AI (Thrun and Ng) and DB (Widom) • More than 200K students • Plans for security (Dawn Song, Berkeley, Boneh, and Mitchell) • Currently videos being recorded
My work • Incorporating security content into existing courses • Ethics • Introductory programming* * This material is based upon work supported, in part, by the National Science Foundation under Grant DUE-1022557. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
Ethics • A required course for CS majors at many colleges • Typically taught using case studies across a wide range of topics within CS
Ethics - 1 • An alternate approach • Theme the course around cybersecurity • Invite speakers from government, industry, and academia to speak on specific topics • E.g. Michael Caloyannides (former chief scientist at CIA) speaking about anonymity • E.g. Ruth David (CEO, Analytic Serivces), speaking on international challenges • Videotaping lectures to make them widely available
Ethics - 2 • Some topics naturally involve cybersecurity • E.g. hacking • Some topics get increase emphasis • E.g. privacy • Some topics don’t fit well • E.g. philosophical backgrounds (Kant, Mills, etc.)
Introductory programming and secure coding • Approach • Change the content/context of several introductory programming laboratory exercises to use examples taught as part of secure coding • Otherwise, the course should be identical • Assumption • That the introductory programming course uses closed labs • Added feature • Playing a serious game which introduces the secure programming concept
Pairing of CS1 concepts with secure coding concepts CS1 concept Serious programming concept Validating input Array bounds checking Buffer overflow Operator precedence Rounding errors Return values Numeric over/underflow • Strings • Tbd • Parameter passing • Tbd • Tbd • Functions • Data types