A novel approach for computer security education using Minix instructional operating system

Abstract

To address national needs for computer security education, many universities have incorporated computer and security courses into their undergraduate and graduate curricula. In these courses, students learn how to design, implement, analyze, test, and operate a system or a network to achieve security. Pedagogical research has shown that effective laboratory exercises are critically important to the success of these types of courses. However, such effective laboratories do not exist in computer security education.

Intrigued by the successful practice in operating system and network courses education, we adopted a similar practice, i.e., building our laboratories based on an instructional operating system. We use Minix operating system as the lab basis, and in each lab we require students to add a different security mechanism to the system. Benefited from the instructional operating system, we design our lab exercises in a way such that students can focus on one or a few specific security concepts while doing each exercise. The similar approach has proved to be effective in teaching operating system and network courses, but it has not yet been used in teaching computer security courses.

Introduction

The high priority that information security education warrants has been recognized since early 1990s. In 2001, Eugene Spafford, director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University, testified before Congress that “to ensure safe computing, the security (and other desirable properties) must be designed in from the start. To do that, we need to be sure all of our students understand the many concerns of security, privacy, integrity, and reliability” (Spafford, 1997).

To address these needs, many universities have incorporated computer and information security courses into their undergraduate and graduate curricula. In many curricula, computer security and network security are two core courses. These courses teach students how to design, implement, analyze, test, and operate a system or a network with the goal of making it secure. Pedagogical research has shown that students' learning is enhanced if they can engage in a significant amount of hands-on exercises. Therefore, effective laboratory exercises (or course projects) are critically important to the success of computer security education.

Traditional courses, such as operating systems, compilers, and networking, have effective laboratory exercises, as the result of 20 years' maturation. In contrast, laboratory designs in security education courses are still embryonic. A variety of approaches are currently used; three of the most frequently used designs are the following: (1) the free-style approach, i.e., instructors allow students to pick any security-related topic they are interested in for the course projects; (2) the dedicated computing environment approach, i.e., students conduct security implementation, analysis and testing (Hill et al., 2001, Mayo and Kearns, 1999) in a contained environment; and (3) the build-it-from-scratch approach, i.e., students build a secure system from scratch (Mitchener and Vahdat, 2001).

Free-style design projects are effective for creative students; however, most students become frustrated with this strategy because of the difficulty in finding an interesting topic. With the dedicated environment approach, projects can be very interesting, with the logistical burdens of the laboratory – obtaining, setting up, and managing the computing environment. In addition, course size is constrained by the size of the dedicated environment. The third design approach requires students to spend considerable amount of time on activities that are irrelevant to computer security education but are essential for a meaningful and functional system.

The lack of an effective and efficient laboratory for security courses motivated us to consider practices adopted by the traditional mature courses, e.g., operating systems (OS) and compilers. In OS courses, a widely adopted successful practice is using an instructional OS (e.g., MINIX (Tanenbaum, 1996), NACHOS (Christopher et al., 1993), and XINU (Comer, 1984)) as a framework and ask students to write significant portions of each major piece of a modern OS. The compiler and network courses adopted a similar approach. Inspired by the success of the instructional OS strategy, we adapt it to our computer security courses. Specifically, we provide students with a system as the framework, and then ask them to implement significant portions of each fundamental security-relevant functionality for a system. Although there are a number of instructional systems for OS courses, to our knowledge, this approach has not yet been applied to computer and information security courses.

Our goal is to develop a courseware system, serving as an experimental platform and framework for computer security courses. The courseware is not designed to create new security mechanisms, but to let students practice existing security work. The courseware contains a set of well defined and documented projects for helping students focus on (1) grasping security concepts, principles, and technologies; (2) practicing design and implementation of security mechanisms and policies; and (3) analyzing and testing a system for its security properties.

We chose Minix as our base system, and have designed a number of laboratory assignments on it. These assignments cover topics ranging from the design and implementation of security mechanisms to the analysis and testing of a system for security purpose. Each assignment can be considered as adding/modifying security mechanisms to Minix. To finish each task, students just need to focus on those security mechanisms, with minimum effort on other parts of the system. For example, while learning discretionary access control (DAC), we give students a file system without DAC mechanisms; students only need to design and implement DAC for this existing file system. Students can immediately see how their DAC implementation affects the system. This strategy helps students to stay focused on security concepts.

Our course projects consist of two parts. One part focuses on design and implementation. This part of the projects requires students to add new security mechanisms to the underlying Minix system to enhance its security. The security mechanisms students need to implement include access control, capability, sandbox, and encrypted file systems. In the second part of our projects, we gave students a modified Minix system that contains a number of injected vulnerabilities. Students need to use their skills learned from the lectures to identify, exploit, and fix those vulnerabilities.

Our approach is open-ended, i.e., we can add more laboratory projects to this framework without affecting others. The projects presented in this paper are the result of 3 years' maturation, with more components added in each year. We are also planning to design a number of network security projects for Minix based on the Minix's existing networking functionality.

The paper is organized as follows: the next section briefly describes our computer security course. Then the design of our courseware is described which is followed by description of each of our laboratory projects. Further the experiences and lessons we have gained during our 3-year practice are presented. Finally, the last section concludes the paper and describes the future work.