Archives

Papers

Multidisciplinary systems design experiences are available for students at North Carolina State University (NCSU) in the form of a project studio specializing in the analysis and design of state of the art electronic commerce systems. The initiative seeks to integrate core research and educational objectives. The research addresses a number of important issues in the design and evolution of electronic commerce systems. The ultimate goal of our work is to demonstrate viable solutions for supporting the early stages of the software lifecycle, specifically addressing the need for novel approaches to ensure security and privacy requirements coverage. Students at the graduate level are participating in the design of electronic commerce systems while applying software engineering principles in the NCSU electronic commerce project studio.

The continued proliferation of crude and poorly disguised malware, such as those spread by execution of email attachments, has highlighted the failure of large-scale security education to convey simple messages such as “don’t open email attachments sent by strangers.” Computer security education, like public health education, is not a ‘one-size-fits-all’ endeavor. Needs, goals, and curricula to achieve these goals must be carefully assessed for the population targeted. Once the intervention has been delivered, its results must then be evaluated to assess the impact of the program. This paper describes a public health-based framework for needs assessment in security education.

Syracuse University is one of thirty-six National Security Agency designated Centers of Academic Excellence in Information Assurance Education. Our IA program was developed within the Center for Systems Assurance (CSA), whose mission is to promote improvement in systems and information assurance through research, education, and technology transfer. The goal of the CSA educational program is to develop students with a broad background in security and information assurance who distinguish themselves by their ability to (1) analyze, synthesize, and make judgments based on engineering and computer-science principles, and (2) use analytical techniques to evaluate the implications of policies, standards, and procedures; the ramifications of changes; and the potential dangers of refinements.

A recent innovation within the curriculum of the Information Resources Management College of the National Defense University has been the establishment of an Information Assurance Laboratory. The purpose of the laboratory is to support the delivery of the information assurance curriculum by providing an opportunity for students to gain some minimal hands-on experience with the technological aspects of information assurance. Although the students in the IRMC curriculum are working senior managers or prospective senior managers, who in practice, will likely have little hands-on interaction with information assurance technologies, we are finding that the lab experience greatly enhances their understanding of the theoretical aspects of information assurance technologies and provides a firm basis for their critical evaluation of the management-level considerations that they will face as information assurance managers or even chief information officers.

The world of cryptology has a long and rich history. Many different cipher systems have been developed and ultimately broken. While these systems are no longer in use as main stream encryption methods, the study of such systems and their weaknesses remains important. Classical cryptology teaches students about the pitfalls of cipher design, develops an intuitive feel for the nature of cipher systems and motivates the study of modern ciphers. This paper describes a software tool called CAP (Cryptographic Analysis Program) that can be used in a course on classical cryptology. The program allows students to explore different implementations of classical ciphers and provides the tools necessary to break many of those ciphers.

Information Security college-level education efforts received a financial shot in the arm late last year with the announcement of a federal funding program to train an information security workforce. In this paper, we address issues surrounding development of a viable Computer Science, Information Security laboratory that meets the three-pronged needs of research, education and outreach in a research university setting. We show how configuration of the computers can be controlled in the shared laboratory environment and discuss the software resources necessary to support the laboratory goals.

Repeatedly, news headlines read: "Buffer overflow in vendor’s product allows intruders to take over computer!” This widespread programming mistake is easy to make, exacerbated by the ubiquitous C language, and very simple to exploit. We describe a demonstration (a Java applet) appropriate for a traditional programming course to drive home key points: why buffer overflows occur, how overflows open the door to attackers, and why certain defense mechanisms should be used. The module is in its early stages of experimental use, with a formative evaluation to determine how well the module works and opportunities for its improvement.

This paper will report on a National Science Foundation funded project designed to advance information security in postsecondary education through the development and integration of information ethics and social issues in the undergraduate computer science curriculum. In this paper, we will report the rationale for the project, methods used to improve the instructional capability of computer science and security faculty with respect to emerging sociological and ethical issues associated with information assurance and security, and methods used to develop and test curricular materials. The authors will share examples of the curriculum materials developed as a result of the project.

Many view the solutions to information assurance with an increasingly technical focus, however the mindsets and actions that generate security problems are not solely technical in nature. Security specialists need strong conceptual skills in order to think in a number of different ways. Postgraduate programs in the information assurance arena need to carefully balance the technical, conceptual and human skills. This paper is a brief overview of a postgraduate program in Internet Security Management currently being developed at Curtin University in Perth, Western Australia. The course is jointly offered by the Schools of Computer Science and Information Systems and incorporates generic, technical and management skills. This paper explains the philosophy and structure for the Masters of Internet Security Management.

This paper presents an overview of pressing issues in use of forensic science in the context of high-technology crime investigations, often called computer forensics or digital forensics. It also highlights several existing training programs in computer forensics and attempts a crude estimate of capacity for training in computer forensics. Law enforcement faces many significant challenges in developing and mastering the skills, tools and techniques of digital forensics. Finding qualified forensics personnel is difficult in the private sector, partly because of the restrictions placed on civilian access to training programs. In law enforcement, additional difficulties arise due to a multitude of structural and cultural factors in that closed community. Even in those cases where trained personnel are available, there may be impediments to successful prosecution, such as the lack of adequate equipment and facilities to process digital evidence, or prosecutorial unfamiliarity with the issues surrounding the seizure and processing of such evidence.

This paper discusses promoting the information security program at an academic institution through a student organization dedicated to information security. It first gives an overview of the benefits associated with having such a student organization. It then details the components required for the organization to be successful. Emphasis is placed on describing various types of popular and beneficial activities.

Current Intel-based computer architecture, at least from the iAPX-286 CPU onwards, owes its security structure in large part to the earlier MULTICS program. This developed from the 1960s to late 1970s to create a secure, time-shared computing environment. However, in current commodity operating systems of today the major security principles of that architecture are largely ignored. This paper discusses this failure of systems and supporting software systems to use well established security hardware features in computers as a failure in education related to IT security, and even software engineering, over at least the last twenty year period. At the same time, IT systems managers are being asked to consider enhanced security in relation to National Information Infrastructure Protection (NIIP) as a cooperative effort between Government and the private sector, against growing international standards.

This paper and presentation provides a look at instructional methods for information assurance (IA) using simulation. The simulation methods of 1) Packet Wars, 2) Sniffers + Network Design Tools, 3) Canned Attack/Defend Scenarios, 4) Management Flight Simulators, and 5) Role-playing are presented. These techniques are presented as options for educating a variety of IA constituency including network administrators, functional managers, security managers, and naïve users. Each method is demonstrated and its value supported by providing examples and by drawing upon conclusions from the author’s experiences using them in a classroom environment. The session looks at simulation as a foundation for providing benefits in understanding computer security by providing a long term view of security, demonstrating a balancing act of data, program, and network access versus restriction, presenting a competition for limited defensive resources, involving cooperation from a variety of players, and staging an analysis of risk tradeoffs.

 
 
Powered by Phoca Download