skip to main content
10.1145/2676723.2677280acmconferencesArticle/Chapter ViewAbstractPublication PagessigcseConference Proceedingsconference-collections
research-article

Embedding Secure Coding Instruction into the IDE: A Field Study in an Advanced CS Course

Authors Info & Claims
Published:24 February 2015Publication History

ABSTRACT

Many of the security vulnerabilities common in today's software can be prevented with standard secure coding practices. Computer science students who will become the developers of that software need to learn about those practices so they can prevent such vulnerabilities. Many computing programs are addressing this need through additional lectures, elective courses, or more holistic approaches to integrate security across curriculums. We are exploring a complementary approach, integrating secure coding education into the IDE to provide a learning opportunity in the context of writing code. In this paper, we report on two field studies using an IDE tool in an advanced Web programming course. Our results indicate that the tool can increase students' awareness and knowledge of secure programming, but to be most effective, instructors may need to incentivize its use through in-class methods and careful timing of its introduction.

References

  1. S. Azadegan, M. Lavine, M. O'Leary, A. Wijesinha, and M. Zimand. An undergraduate track in computer security. In Proceedings of the 8th annual conference on Innovation and technology in computer science education, ITiCSE '03, pages 207--210, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. M. Bishop and D. Frincke. Teaching secure programming. IEEE Security Privacy, 3(5):54--56, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. B. J. Brown Leonard. Integrative learning as a developmental process: A grounded theory of college students' experiences in integrative studies. ProQuest, 2007.Google ScholarGoogle Scholar
  4. D. L. Burley and M. Bishop. Summit on education in secure software: Final report. Technical Report CSE-2011-15, Department of Computer Science, University of California at Davis, Davis, June 2011.Google ScholarGoogle Scholar
  5. J. Davis and M. Dark. Teaching students to design secure systems. Security & Privacy, IEEE, 1(2):56--58, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. National Security Agency (NSA) Central Security Service (CSS). Centers of academic excellence institutions. http://www.nsa.gov/ia/academic_outreach/nat_cae/institutions.shtml, 2013.Google ScholarGoogle Scholar
  7. W. H. Newell. Professionalizing interdisciplinarity: Literature review and research agenda. Interdisciplinarity: Essays from the literature, pages 529--563, 1998.Google ScholarGoogle Scholar
  8. OWASP Foundation. OWASP enterprise security api. https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API, 2013.Google ScholarGoogle Scholar
  9. OWASP Foundation. Top ten project. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project, Jun 2013.Google ScholarGoogle Scholar
  10. L. F. Perrone, M. Aburdene, and X. Meng. Approaches to undergraduate instruction in computer security. In Proceedings of the American Society for Engineering Education Annual Conference and Exhibition, ASEE, 2005.Google ScholarGoogle Scholar
  11. B. Taylor and S. Azadegan. Using security checklists and scorecards in cs curriculum. In National Colloquium for Information Systems Security Education, pages 4--9. Citeseer, 2007.Google ScholarGoogle Scholar
  12. B. Taylor and S. Azadegan. Moving beyond security tracks: Integrating security in cs0 and cs1. SIGCSE Bull., 40(1):320--324, Mar 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. R. B. Vaughn Jr. Application of security to the computing science classroom. In ACM SIGCSE Bulletin, volume 32, pages 90--94. ACM, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. J. Xie, B. Chu, H. R. Lipford, and J. T. Melton. ASIDE: IDE support for web application security. In Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC '11, pages 267--276, New York, NY, USA, 2011. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. J. Zhu, H. R. Lipford, and B. Chu. Interactive support for secure programming education. In Proceeding of the 44th ACM technical symposium on Computer science education, SIGCSE '13, pages 687--692, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Embedding Secure Coding Instruction into the IDE: A Field Study in an Advanced CS Course

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in
        • Published in

          cover image ACM Conferences
          SIGCSE '15: Proceedings of the 46th ACM Technical Symposium on Computer Science Education
          February 2015
          766 pages
          ISBN:9781450329668
          DOI:10.1145/2676723

          Copyright © 2015 ACM

          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 24 February 2015

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article

          Acceptance Rates

          SIGCSE '15 Paper Acceptance Rate105of289submissions,36%Overall Acceptance Rate1,595of4,542submissions,35%

          Upcoming Conference

          SIGCSE Virtual 2024
          SIGCSE Virtual 2024: ACM Virtual Global Computing Education Conference
          November 30 - December 1, 2024
          Virtual Event , USA

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader