Abstract
The ubiquitous use of software in critical systems necessitates integrating cybersecurity concepts into the software engineering curriculum so that students studying software engineering have adequate knowledge to securely develop software projects, which could potentially secure critical systems. An experience report of developing and conducting a course can help educators to gain an understanding of student preferences on topics related to secure software development. We provide an experience report related to the ‘Secure Software Development’ course conducted at Tennessee Technological University. We discuss student motivations, as well as positive and negative perceptions of students towards exercises. Based on our findings, we recommend educators to integrate real-world exercises into a secure software development course with careful consideration of tool documentation, balance in exercise diversity, and student background.
Partially funded by the U.S. National Science Foundation (NSF) award # 2026869. Special thanks to the PASER group at TnTU for their feedback.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
References
Ammann, P., Offutt, J.: Introduction to Software Testing. Cambridge University Press, Cambridge (2016)
Anonymous: Materials for the Secure Software Development Course, December 2020. https://figshare.com/s/f40c6df28ab2a2b55165
Beach, S.K.: Usable cybersecurity: human factors in cybersecurity education curricula. Nat. Cybersecur. Inst. J. 1(1), 5–15 (2014)
Bures, T., et al.: Software engineering for smart cyber-physical systems: challenges and promising solutions. ACM SIGSOFT Softw. Eng. Notes 42(2), 19–24 (2017)
Chuvakin, A., Peterson, G.: How to do application logging right. IEEE Secur. Priv. 8(4), 82–85 (2010). https://doi.org/10.1109/MSP.2010.127
Cohen, J.: A coefficient of agreement for nominal scales. Educ. Psychol. Measur. 20(1), 37–46 (1960). https://doi.org/10.1177/001316446002000104
Firesmith, D., et al.: Engineering security requirements. J. Object Technol. 2(1), 53–68 (2003)
Gupta, M.K., Govil, M.C., Singh, G.: Static analysis approaches to detect SQL injection and cross site scripting vulnerabilities in web applications: a survey. In: International Conference on Recent Advances and Innovations in Engineering (ICRAIE-2014), pp. 1–5 (2014). https://doi.org/10.1109/ICRAIE.2014.6909173
King, J., Pandita, R., Williams, L.: Enabling forensics by proposing heuristics to identify mandatory log events. In: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015, Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2746194.2746200
Kumar, R.S.S., et al.: Adversarial machine learning-industry perspectives. arXiv preprint arXiv:2002.05646 (2020)
Lukowiak, M., Radziszowski, S., Vallino, J., Wood, C.: Cybersecurity education: bridging the gap between hardware and software domains. ACM Trans. Comput. Educ. 14(1), 1–20 (2014). https://doi.org/10.1145/2538029
Mountrouidou, X., Li, X., Burke, Q.: Cybersecurity in liberal arts general education curriculum. In: Proceedings of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education, ITiCSE 2018, pp. 182–187. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3197091.3197110
NIETP: NIETP About CAE Program (2020). https://www.iad.gov/nietp/CAERequirements.cfm. Accessed 18 Dec 2020
Olano, M., et al.: SecurityEmpire: development and evaluation of a digital game to promote cybersecurity education. In: 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14). USENIX Association, San Diego, August 2014. https://www.usenix.org/conference/3gse14/summit-program/presentation/olano
Onik, M.M.H., Kim, C.S., Lee, N.Y., Yang, J.: Personal information classification on aggregated android application’s permissions. Appl. Sci. 9(19), 3997 (2019)
Rahman, A., Rahman, M.R., Parnin, C., Williams, L.: Security smells in ansible and chef scripts: a replication study. ACM Trans. Softw. Eng. Methodol. 30(1), 1–31 (2021). https://doi.org/10.1145/3408897
Saldana, J.: The Coding Manual for Qualitative Researchers. Sage (2015)
Theisen, C., Williams, L., Oliver, K., Murphy-Hill, E.: Software security education at scale. In: Proceedings of the 38th International Conference on Software Engineering Companion, pp. 346–355 (2016)
Veneruso, S.V., Ferro, L.S., Marrella, A., Mecella, M., Catarci, T.: CyberVR: an interactive learning experience in virtual reality for cybersecurity related issues. In: Proceedings of the International Conference on Advanced Visual Interfaces, AVI 2020, Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3399715.3399860
Wood, C., Raj, R.: Keyloggers in cybersecurity education. In: Security and Management, pp. 293–299. Citeseer (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Rahman, A., Hossain, S., Bose, D.B. (2021). Exercise Perceptions: Experience Report from a Secure Software Development Course. In: Paiva, A.C.R., Cavalli, A.R., Ventura Martins, P., Pérez-Castillo, R. (eds) Quality of Information and Communications Technology. QUATIC 2021. Communications in Computer and Information Science, vol 1439. Springer, Cham. https://doi.org/10.1007/978-3-030-85347-1_37
Download citation
DOI: https://doi.org/10.1007/978-3-030-85347-1_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-85346-4
Online ISBN: 978-3-030-85347-1
eBook Packages: Computer ScienceComputer Science (R0)