How Do Students Feel About Automated Security Static Analysis Exercises?

被引：3

作者：

Rahman, Akond ^{[1
]}

Shahriar, Hossain ^{[2
]}

Bose, Dibyendu Brinto ^{[3
]}

机构：

[1] Tennessee Technol Univ, Dept Comp Sci, Cookeville, TN 38505 USA

[2] Kennessaw State Univ, Coll Comp & Software Engn, Kennessaw, GA USA

[3] Reeve Syst, Dhaka, Bangladesh

来源：

2021 IEEE FRONTIERS IN EDUCATION CONFERENCE (FIE 2021) | 2021年

基金：

美国国家科学基金会;

关键词：

computer science; cybersecurity; devops; devsecops; education; exercise; experience report; student perception;

D O I：

10.1109/FIE49875.2021.9637201

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This Innovative Practice, work in progress (WIP) paper presents our experience related to two exercises that focus on automated security static analysis, a practice used to integrate security into development and operations (DevOps). The concept has gained popularity amongst information technology (IT) organizations. However, security-related concerns, such as security weaknesses in DevOps artifacts can cause serious consequences. Our preliminary findings indicate that (i) students positively perceive the introduced exercises; and (ii) the students perform well if they are provided necessary background on the exercises. Our WIP paper lays the groundwork to build course materials that will facilitate development, deployment, and dissemination of DevOps-related education materials that also incorporate cybersecurity concepts.

引用

页数：4

共 14 条

[1]

Bose D. B, 2021, IN PRESS

[2] KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems [J].

Celeda, Pavel ;

Vykopal, Jan ;

Svabensky, Valdemar ;

Slavicek, Karel .

SIGCSE 2020: PROCEEDINGS OF THE 51ST ACM TECHNICAL SYMPOSIUM ON COMPUTER SCIENCE EDUCATION, 2020, :1026-1032

[3]

Humble Jez, 2010, Continuous delivery: reliable software releases through build, test, and deployment automation

[4] Cybersecurity in Liberal Arts General Education Curriculum [J].

Mountrouidou, Xenia ;

Li, Xiangyang ;

Burke, Quinn .

ITICSE'18: PROCEEDINGS OF THE 23RD ANNUAL ACM CONFERENCE ON INNOVATION AND TECHNOLOGY IN COMPUTER SCIENCE EDUCATION, 2018, :182-187

[5]

NIETP, 2020, NIETP CAE PROGR

[6]

Olano M., 2014, 2014 {USENIX{ Summit on Gaming, Games, and Gamification in Security Education (3GSE 14)

[7] The Top 10 Adages in Continuous Deployment [J].

Parnin, Chris ;

Helms, Eric ;

Atlee, Chris ;

Boughton, Harley ;

Ghattas, Mark ;

Glover, Andy ;

Holman, James ;

Micco, John ;

Murphy, Brendan ;

Savor, Tony ;

Stumm, Michael ;

Whitaker, Shari ;

Williams, Laurie .

IEEE SOFTWARE, 2017, 34 (03) :86-95

[8] Global Perspectives on Cybersecurity Education for 2030: A Case for a Meta-discipline [J].

Parrish, Allen ;

Impagliazzo, John ;

Raj, Rajendra K. ;

Santos, Henrique ;

Asghar, Muhammad Rizwan ;

Josang, Audun ;

Pereira, Teresa ;

Stavrou, Eliana .

ITICSE 2018 COMPANION: PROCEEDINGS COMPANION OF THE 23RD ANNUAL ACM CONFERENCE ON INNOVATION AND TECHNOLOGY IN COMPUTER SCIENCE EDUCATION, 2018, :36-54

[9] Security Smells in Ansible and Chef Scripts: A Replication Study [J].

Rahman, Akond ;

Rahman, Md Rayhanur ;

Parnin, Chris ;

Williams, Laurie .

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2021, 30 (01)

[10] The Seven Sins: Security Smells in Infrastructure as Code Scripts [J].

Rahman, Akond ;

Parnin, Chris ;

Williams, Laurie .

2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2019), 2019, :164-175

← 1 2 →