This paper presents an innovative approach to DevOps security education, addressing the dynamic landscape
of cybersecurity threats. We propose a student-centered learning methodology by developing comprehensive hands-on learning modules. Specifically, we introduce labware modules designed to automate static security analysis, empowering learners to identify known vulnerabilities efficiently. These modules offer a structured learning experience with pre-lab, hands-on, and post-lab sections, guiding students through DevOps concepts and security challenges. In this paper, we introduce hands-on learning modules that familiarize students with recognizing known security flaws through the application of Git Hooks. Through practical exercises with real-world code examples containing security flaws, students gain proficiency in detecting vulnerabilities using relevant tools. Initial evaluations conducted across educational institutions indicate that these hands-on modules foster student interest in software security and cybersecurity and equip them with practical skills to address DevOps security vulnerabilities.
more »
« less
Development of a Laboratory Platform for UAV Cybersecurity Education
There is an increasing need to fly unmanned aerial vehicles (UAVs) to enable a wide variety of beneficial applications such as emergency/disaster response, observation and study of weather phenomena including severe storms. However, UAVs are subject to cybersecurity threats stemming from increasing reliance on computer and communication technologies. There is a need to foster a robust workforce with integrated UAV and cybersecurity competencies. In addition to technique challenges, current UAV cybersecurity education also faces two significant non-technical challenges: first, there are federal or state rules and regulations on UAV flights; second, the number of designated UAV test sites is limited. A three years NSF SaTC funded project in 2020 will specifically address these challenges. We propose to develop a laboratory platform for UAV cybersecurity education. To be specific, our platform integrates software simulation with hardware-in-the-loop (HIL) simulation to simulate different UAV scenarios, on the top of which cybersecurity components are developed for hands-on practicing. We use a firmware for UAV system development, Pixhawk with related open-source software packages, as the basic simulation framework. On the top of the simulation environment, a series of hands-on exercise modules will be developed to cover UAV cybersecurity issues. Motivated by different types of cybersecurity threats to UAVs, we will adopt the scenario based design and set up several categories of exercise modules including common threats in UAV and additional modules for newly identified threats with corresponding actors, goals, actions, and events. In such a manner offense and defense tasks can be further developed. The proposed platform has the potential to be adopted by universities with limited resources to UAV cybersecurity. It will help educate future workforce with integrated UAV and cybersecurity competencies, towards secure and trustworthy cyberspace around UAVs.
more »
« less
- Award ID(s):
- 1956193
- PAR ID:
- 10285309
- Date Published:
- Journal Name:
- 2021 ASEE Virtual Annual Conference
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
This paper presents an innovative approach to DevOps security education, addressing the dynamic landscape of cybersecurity threats. We propose a student-centered learning methodology by developing comprehensive hands-on learning modules. Specifically, we introduce labware modules designed to automate static security analysis, empowering learners to identify known vulnerabilities efficiently. These modules offer a structured learning experience with pre-lab, hands-on, and post-lab sections, guiding students through DevOps concepts and security challenges. In this paper, we introduce hands-on learning modules that familiarize students with recognizing known security flaws through the application of Git Hooks. Through practical exercises with real-world code examples containing security flaws, students gain proficiency in detecting vulnerabilities using relevant tools. Initial evaluations conducted across educational institutions indicate that these hands-on modules foster student interest in software security and cybersecurity and equip them with practical skills to address DevOps security vulnerabilities.more » « less
-
The field of DevOps security education necessitates innovative approaches to effectively address the ever evolving challenges of cybersecurity. Adopting a student-centered approach, there is the need for the design and development of a comprehensive set of hands-on learning modules. In this paper, we introduce hands-on learning modules that enable learners to be familiar with identifying known security weaknesses, based on taint tracking to accurately pinpoint vulnerable code. To cultivate an engaging and motivating learning environment, our hands-on approach includes a pre-lab, hands-on and post-lab sections. They all provide introduction to specific DevOps topics and software security problems at hand, followed by practicing with real world code examples having security issues to detect them using tools. The initial evaluation results from a number of courses across multiple schools show that the hands-on modules are enhancing the interests among students on software security and cybersecurity, while preparing them to address DevOps security vulnerabilities.more » « less
-
The field of DevOps security education necessitates innovative approaches to effectively address the ever evolving challenges of cybersecurity. Adopting a student-centered approach, there is the need for the design and development of a comprehensive set of hands-on learning modules. In this paper, we introduce hands-on learning modules that enable learners to be familiar with identifying known security weaknesses, based on taint tracking to accurately pinpoint vulnerable code. To cultivate an engaging and motivating learning environment, our hands-on approach includes a pre-lab, hands-on and postlab sections. They all provide introduction to specific DevOps topics and software security problems at hand, followed by practicing with real world code examples having security issues to detect them using tools. The initial evaluation results from a number of courses across multiple schools show that the hands-on modules are enhancing the interests among students on software security and cybersecurity, while preparing them to address DevOps security vulnerabilities.more » « less
-
The field of DevOps security education necessitates innovative approaches to effectively address the ever evolving challenges of cybersecurity. Adopting a student-centered approach, there is the need for the design and development of a comprehensive set of hands-on learning modules. In this paper, we introduce hands-on learning modules that enable learners to be familiar with identifying known security weaknesses, based on taint tracking to accurately pinpoint vulnerable code. To cultivate an engaging and motivating learning environment, our hands-on approach includes a pre-lab, hands-on and post-lab sections. They all provide introduction to specific DevOps topics and software security problems at hand, followed by practicing with real world code examples having security issues to detect them using tools. The initial evaluation results from a number of courses across multiple schools show that the hands-on modules are enhancing the interests among students on software security and cybersecurity, while preparing them to address DevOps security vulnerabilities.more » « less