Abstract
SecTutor is a tutoring system that uses adaptive testing to select instructional modules that allow users to pursue secure programming knowledge at their own pace. This project aims to combat one of the most significant cybersecurity challenges we have today: individuals’ failure to practice defensive, secure, and robust programming. To alleviate this, we introduce SecTutor, an adaptive online tutoring system, to help developers understand the foundational concepts behind secure programming. SecTutor allows learners to pursue knowledge at their own pace and according to their own interests, based on assessments that identify and structure educational modules based on their current level of understanding.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Almansoori, M., et al.: How secure are our computer systems courses? In: Proceedings of the 2020 ACM Conference on International Computing Education Research, pp. 271–281. ACM, New York (2020). https://doi.org/10.1145/3372782.3406266
Bransford, J.D., Brown, A.L., Cocking, R.R. (eds.): How People Learn: Brain, Mind, Experience, and School. National Academy Press, Washington DC, USA, expanded edn. (2000)
Caceffo, R., Wolfman, S., Booth, K.S., Azevedo, R.: Developing a computer science concept inventory for introductory programming. In: Proceedings of the 47th ACM Technical Symposium on Computing Science Education, pp. 364–369. ACM, New York (2016). https://doi.org/10.1145/2839509.2844559
Dawson, M., Burrell, D.N., Rahim, E., Brewster, S.: Integrating software assurance into the software development life cycle (sdlc). J. Inf. Syst. Technol. Plann. 3(6), 49–53 (2010). https://www.researchgate.net/publication/255965523_Integrating_Software_Assur-ance_into_the_Software_Development_Life_Cycle_SDLC
Garrison, D.R.: Self-directed learning: Towards a comprehensive model. Adult Educ. Q. 48(1), 18–33 (1997). https://doi.org/10.1177/074171369704800103
Help Net Security: 70% of organizations recognize the importance of secure coding practices, March 2021. https://www.helpnetsecurity.com/2021/03/26/secure-coding-practices/
Hestenes, D., Wells, M., Swackhamer, G.: Force concept inventory. Phys. Teach. 30(3), 141–158 (1992). https://doi.org/10.1119/1.2343497
Hyder, J.: Electronics systems concept inventory. http://www.esyst.org/PDF/Concept%20Inventory%20Presentation.pdf
Lam, J., Fang, E., Almansoori, M., Chatterjee, R., Soosai Raj, A.G.: Identifying gaps in the secure programming knowledge and skills of students. In: Proceedings of the 53rd ACM Technical Symposium on Computer Science Education, vol. 1, pp. 703–709. ACM, New York (2022). https://doi.org/10.1145/3478431.3499391
Ngambeki, I., Nico, P., Dai, J., Bishop, M.: Concept inventories in cybersecurity education: an example from secure programming. In: Proceedings of the IEEE Frontiers in Education Conference (FIE), pp. 1–5 (2018). https://doi.org/10.1109/FIE.2018.8658474
Sherman, A.T., et al.: The cats hackathon: creating and refining test items for cybersecurity concept inventories. IEEE Secur. Priv. 17(6), 77–83 (2019). https://doi.org/10.1109/MSEC.2019.2929812
Tay, L., Huang, Q., Vermunt, J.K.: Item response theory with covariates (IRT-C): assessing item recovery and differential item functioning for the three-parameter logistic model. Educ. Psychol. Meas. 76(1), 22–42 (2016). https://doi.org/10.1177/0013164415579488
Zhu, J., Xie, J., Lipford, H.R., Chu, B.: Supporting secure programming in web applications through interactive static analysis. J. Adv. Res. 5(4), 449–462 (2014). ISSN 2090–1232. https://doi.org/10.1016/j.jare.2013.11.006
Acknowledgements
This work was supported by grants DGE-1934279 and DGE-2011175 from the National Science Foundation to the University of California Davis, grant DGE-1934269 from the National Science Foundation to Purdue University, and grant DGE-1934285 to the California State University Sacramento. The opinions, findings, and conclusions, or recommendations expressed are those of the author(s) and do not necessarily reflect the views of the National Science Foundation, the California State University, Purdue University, and the University of California Davis.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Ngambeki, I. et al. (2022). SecTutor: An Intelligent Tutoring System for Secure Programming. In: Drevin, L., Miloslavskaya, N., Leung, W.S., von Solms, S. (eds) Information Security Education - Adapting to the Fourth Industrial Revolution. WISE 2022. IFIP Advances in Information and Communication Technology, vol 650. Springer, Cham. https://doi.org/10.1007/978-3-031-08172-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-08172-9_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-08171-2
Online ISBN: 978-3-031-08172-9
eBook Packages: Computer ScienceComputer Science (R0)