An official website of the United States government
As mobile computing is now becoming more and more popular, the security threats to mobile applications are also growing explosively. Mobile app flaws and security defects could open doors for hackers to break into them and access sensitive information. Most vulnerabilities should be addressed in the early stage of mobile software development. However, many software development professionals lack awareness of the importance of security vulnerability and the necessary security knowledge and skills at the development stage. The combination of the prevalence of mobile devices and the rapid growth of mobile threats has resulted in a shortage of secure software development professionals. Many schools offer mobile app development courses in computing curriculum; however, secure software development is not yet well represented in most schools' computing curriculum. This paper addresses the needs of authentic and active pedagogical learning materials for SSD and challenges of building Secure Software Development (SSD) capacity through effective, engaging, and investigative approaches. In this paper, we present an innovative authentic and active SSD learning approach through a collection of transferrable learning modules with hands-on companion labs based on the Open Web Application Security Project (OWASP) recommendations. The preliminary feedback from students is positive. Students have gained hands-on real world SSD learning experiences with Android mobile platform and also greatly promoted self-efficacy and confidence in their mobile SSD learning.
more »
« less
Learning database security with hands-on mobile labs
As mobile computing is becoming more and more popular, the security threats to mobile applications are simultaneously increasing explosively. Most malicious activities hack the user’s private information, such as contact and location information, hijack the user’s transactions and communications, and exploit the confidential enterprise data stored in mobile databases or in cache on mobile devices. Database security is one of the most important security areas to be addressed. Many schools are integrating database security topics into database and cybersecurity education. This paper addresses the needs for pedagogical learning materials for database security education and the challenges of building database security capacity through effective, engaging, and investigative learning approaches, through transferrable and integratable mobile-based learning modules with hands-on companion labs based on the OWASP recommendations, such as input validation, data encryption, data sharing, auditing, and others. The primary goal of this learning approach is to create a motivating learning environment that encourages and engages all students in database security concepts and practices learning. The preliminary feedback from students was positive. Students gained hands-on real world learning experiences on Mobile Database Security (MDS) with Android mobile devices, which also greatly promoted students’ self-efficacy and confidence in their mobile security learning.
more »
« less
- Award ID(s):
- 1663350
- PAR ID:
- 10064457
- Date Published:
- Journal Name:
- 2017 IEEE Frontiers in Education Conference (FIE)
- Page Range / eLocation ID:
- 1 to 6
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
As mobile computing is now becoming more and more popular, the security threats to mobile applications are also growing explosively. Mobile app flaws and security defects could open doors for hackers to break into them and access sensitive information. Most vulnerabilities should be addressed in the early stage of mobile software development. However, many software development professionals lack awareness of the importance of security vulnerability and the necessary security knowledge and skills at the development stage. The combination of the prevalence of mobile devices and the rapid growth of mobile threats has resulted in a shortage of secure software development professionals. Many schools offer mobile app development courses in computing curriculum; however, secure software development is not yet well represented in most schools' computing curriculum. This paper addresses the needs of authentic and active pedagogical learning materials for SSD and challenges of building Secure Software Development (SSD) capacity through effective, engaging, and investigative approaches. In this paper, we present an innovative authentic and active SSD learning approach through a collection of transferrable learning modules with hands-on companion labs based on the Open Web Application Security Project (OWASP) recommendations. The preliminary feedback from students is positive. Students have gained hands-on real world SSD learning experiences with Android mobile platform and also greatly promoted self-efficacy and confidence in their mobile SSD learning.more » « less
-
Hardware security is an emerging field with far-ranging impacts on the design and implementation of the devices we use in our everyday lives – from wearable and implantable medical devices to personal mobile devices, and even cloud devices powering the software services that drive our society forward. Practical, hands-on experience is vital to the training of students in this and other security-related fields. We are developing a new model for hardware security education using readily available, cost-efficient, off-the-shelf development boards, with hands-on experiments that offer new learning opportunities for students. Beyond this, we are experimenting with different pedagogical methods to improve student engagement. In particular, we aim to gamify a subset of the experiments and evaluate the impact on student engagement and learning. This work-in-progress paper describes our initial approach to the gamification of hardware security labs and reports on baseline results from our control study using a more traditional, non-gamified approach.more » « less
-
A set of Information Assurance and Security hands-on learning modules is developed and open to the public. Topics include networking security, database security, defensive programming, web security, system fundamentals, mobile security, malware detection using Machine learning, and big data analytics on network intrusion detection. The design follows hands-on casebased pedagogical model, which yields a satisfaction rate up to 92.5% for self-learners.more » « less
-
With the rapid growth of the Internet of Things (IoT) and increasing reliance on network-connected devices, IoT security, which integrates components of hardware and cybersecurity, is more important than ever. Hence, we must improve and expand training opportunities for students in IoT security. Experiential learning is an essential component of education for engineering and cybersecurity in particular. In this work, we describe three comprehensive hands-on IoT security experiments built using off-the-shelf development boards which can provide a low-cost and accessible experiential learning opportunity for students in this area.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/FIE.2017.8190716
