abstract

Public Access

SecureCvisual: Visualization and Analysis for C Code Security

Authors:

Steve Carr,

Jean MayoAuthors Info & Claims

SIGCSE '20: Proceedings of the 51st ACM Technical Symposium on Computer Science Education

Page 1418

https://doi.org/10.1145/3328778.3372540

Published: 26 February 2020 Publication History

Abstract

In many undergraduate programs, students primarily write code in Java or other scripting languages. Yet C and C++ are widely used when performance is important. Poor understanding of a C program's layout in memory and its execution leads to the introduction of security vulnerabilities. We present the SecureCvisual system, which is designed to help students learn to develop more secure and robust C programs.

The system takes input from dynamic analysis using Pintool. The analysis produces a sequence of events that are processed by the visualizations. A student or instructor can step forward or backwards through an execution. Source code is displayed, and events are linked to a line of source code. A program address space visualization depicts the values of registers and the program address space. Buffer overflows and other memory errors are easily seen. An integer representation window identifies integer coercions that take place within an equation. The result of a conversion between integer types is also shown. A sensitive data visualization teaches students how to protect data so that it does not appear unencrypted on secondary storage. The tool is convenient for lecture. Multiple levels of detail and different perspectives on an execution make the tool useful in a variety of courses. This work has been supported by the National Science Foundation under grants DUE-1245310, DGE-1522883 and DGE-1523017.

Cited By

View all

Tran KBacher JShi YSkripchuk JPrice T(2024)Overcoming Barriers in Scaling Computing Education Research Programming Tools: A Developer's PerspectiveProceedings of the 2024 ACM Conference on International Computing Education Research - Volume 110.1145/3632620.3671113(312-325)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.1145/3632620.3671113

Index Terms

SecureCvisual: Visualization and Analysis for C Code Security
1. Security and privacy
  1. Software and application security
2. Social and professional topics
  1. Professional topics
    1. Computing education
      1. Computing education programs
        Computer science education

Recommendations

A Model and Framework for Visualization Exploration

Visualization exploration is the process of extracting insight from data via interaction with visual depictions of that data. Visualization exploration is more than presentation; the interaction with both the data and its depiction is as important as ...
A Graph-Theoretic Visualization Approach to Network Risk Analysis
VizSec '08: Proceedings of the 5th international workshop on Visualization for Computer Security

This paper describes a software system that provides significant new capabilities for visualization and analysis of network attack graphs produced through Topological Vulnerability Analysis (TVA). The TVA approach draws on a database of known exploits ...
Combining static and dynamic data in code visualization

The task of developing, tuning, and debugging compiler optimizations is a difficult one which can be facilitated by software visualization. There are many characteristics of the code which must be considered when studying the kinds of optimizations ...

Comments

Information & Contributors

Information

Published In

SIGCSE '20: Proceedings of the 51st ACM Technical Symposium on Computer Science Education

February 2020

1502 pages

ISBN:9781450367936

DOI:10.1145/3328778

General Chairs:
Jian Zhang
Texas Woman's University, USA
,
Mark Sherriff
University of Virginia, USA
,
Program Chairs:
Sarah Heckman
North Carolina State University, USA
,
Pamela Cutter
Kalamazoo College, USA
,
Alvaro Monge
California State University, Long Beach, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 February 2020

Check for updates

Author Tags

Qualifiers

Abstract

Funding Sources

National Science Foundation

Conference

SIGCSE '20

Sponsor:

SIGCSE

SIGCSE '20: The 51st ACM Technical Symposium on Computer Science Education

March 11 - 14, 2020

OR, Portland, USA

Acceptance Rates

Overall Acceptance Rate 1,787 of 5,146 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Tran KBacher JShi YSkripchuk JPrice T(2024)Overcoming Barriers in Scaling Computing Education Research Programming Tools: A Developer's PerspectiveProceedings of the 2024 ACM Conference on International Computing Education Research - Volume 110.1145/3632620.3671113(312-325)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.1145/3632620.3671113

Abstract

Cited By

Index Terms

Recommendations

A Model and Framework for Visualization Exploration

A Graph-Theoretic Visualization Approach to Network Risk Analysis

Combining static and dynamic data in code visualization

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Share

Share this Publication link

Share on social media

Affiliations