skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 10:00 PM ET on Thursday, February 12 until 1:00 AM ET on Friday, February 13 due to maintenance. We apologize for the inconvenience.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Development of Course Modules in Python for Hardware Security Education
Year after year, computing systems continue to grow in complexity at an exponential rate. While this can have far-ranging positive impacts on society, it has become extremely difficult to ensure the security of these systems in the field. Hardware security - in conjunction with more traditional cybersecurity topics like software and network security - is critical for designing secure systems. Moving forward, hardware security education must ensure the next generation of engineers have the knowledge and tools to address this growing challenge. A good foundation in hardware security draws on concepts from several different fields, including fundamental hardware design principles, signal processing and statistics, and even machine learning for modeling complex physical processes. It can be difficult to convey the material in a manageable way, even to advanced undergraduate students. In this paper, we describe how we have leveraged Python, and its rich ecosystem of open-source libraries, and scaffolding with Jupyter notebooks, to bridge the gap between theory and implementation of hardware security topics, helping students learn through experience.  more » « less
Award ID(s):
1954259
PAR ID:
10407664
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
2023 IEEE Southeast Conference
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; (, In Proceedings of the 53rd ACM Technical Symposium on Computer Science Education)
    Often, security topics are only taught in advanced computer science (CS) courses. However, most US R1 universities do not require students to take these courses to complete an undergraduate CS degree. As a result, students can graduate without learning about computer security and secure programming practices. To gauge students’ knowledge and skills of secure programming, we conducted a coding interview with 21 students from two R1 universities in the United States. All the students in our study had at least taken Computer Systems or an equivalent course. We then analyzed the students’ approach to safe programming practices, such as avoiding unsafe functions like gets and strcpy, and basic security knowledge, such as writing code that assumes user inputs can be malicious. Our results suggest that students lack the key fundamental skills to write secure programs. For example, students rarely pay attention to details, such as compiler warnings, and often do not read programming language documentation with care. Moreover, some students’ understanding of memory layout is cursory, which is crucial for writing secure programs. We also found that some students are struggling with even the basics of C programming, even though it is the main language taught in Computer Systems courses. 
    more » « less
  2. ; ; ; ; (, IEEE)
    This research paper systematically identifies the perceptions of learning machine learning (ML) topics. To keep up with the ever-increasing need for professionals with ML expertise, for-profit and non-profit organizations conduct a wide range of ML-related courses at undergraduate and graduate levels. Despite the availability of ML-related education materials, there is lack of understanding how students perceive ML-related topics and the dissemination of ML-related topics. A systematic categorization of students' perceptions of these courses can aid educators in understanding the challenges that students face, and use that understanding for better dissemination of ML-related topics in courses. The goal of this paper is to help educators teach machine learning (ML) topics by providing an experience report of students' perceptions related to learning ML. We accomplish our research goal by conducting an empirical study where we deploy a survey with 83 students across five academic institutions. These students are recruited from a mixture of undergraduate and graduate courses. We apply a qualitative analysis technique called open coding to identify challenges that students encounter while studying ML-related topics. Using the same qualitative analysis technique we identify quality aspects do students prioritize ML-related topics. From our survey, we identify 11 challenges that students face when learning about ML topics, amongst which data quality is the most frequent, followed by hardware-related challenges. We observe the majority of the students prefer hands-on projects over theoretical lectures. Furthermore, we find the surveyed students to consider ethics, security, privacy, correctness, and performance as essential considerations while developing ML-based systems. Based on our findings, we recommend educators who teach ML-related courses to (i) incorporate hands-on projects to teach ML-related topics, (ii) dedicate course materials related to data quality, (iii) use lightweight virtualization tools to showcase computationally intensive topics, such as deep neural networks, and (iv) empirical evaluation of how large language models can be used in ML-related education. 
    more » « less
  3. ; ; ; ; (, IEEE Design & Test)
    Recent advances in model piracy have uncovered a new security hole for malicious attacks endangering the Intellectual Property (IP) of Deep Learning (DL) systems. This manuscript features our research titled “DeepAttest: An End-toEnd Attestation Framework for Deep Neural Networks” [1] that is selected for the 2021 Top Picks in hardware and embedded security. DeepAttest is the first end-to-end framework that achieves reliable and efficient IP protection of DL devices with hardware-bounded usage control. We leverage device-specific model fingerprinting and Trusted Execution Environment (TEE) to ensure that only DL models with the device-specific fingerprint can run inference on protected hardware 
    more » « less
  4. ; ; ; ; ; (, Proceedings of the International Conference on Software Engineering)
    null (Ed.)
    Lack of security expertise among software practitioners is a problem with many implications. First, there is a deficit of security professionals to meet current needs. Additionally, even practitioners who do not plan to work in security may benefit from an increased understanding of security. The goal of this paper is to aid software engineering educators in designing a comprehensive software security course by sharing an experience running a software security course for the eleventh time. Through all the eleven years of running the software security course, the course objectives have been comprehensive -- ranging from security testing, to secure design and coding, to security requirements to security risk management. For the first time in this eleventh year, a theme of the course assignments was to map vulnerability discovery to the security controls of the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS). Based upon student performance on a final exploratory penetration testing project, this mapping may have increased students' depth of understanding of a wider range of security topics. The students efficiently detected 191 unique and verified vulnerabilities of 28 different Common Weakness Enumeration (CWE) types during a three-hour period in the OpenMRS project, an electronic health record application in active use. 
    more » « less
  5. ; (, International Conference on Security and Management)
    While many vulnerabilities are often related to computing and network systems, there has been a growing number of vulnerabilities and attacks in software systems. They are generally caused by careless software design and implementations, and not putting sufficient effort into eliminating defects and flaws in the software itself. When it comes to building reliable and secure software, it is critical that security must be considered throughout the software development process. This paper presents a series of modules that are designed to introduce security concepts in beginners programming courses. The modules have been developed to teach the fundamental concepts of defensive programming from the freshman year, to ensure that the programming concepts are taught to beginning programmers from a security perspective. These modules are intended to build a strong cybersecurity foundation, which will then be enhanced further in the advanced courses, such as Secure Applications Programming and Secure Software Engineering courses. Both instructors and students can practice defensive programming with these modules in their classroom. The study plans to evaluate the teaching effectiveness of the modules associated with the Model-Eliciting Activity (MEA), an evidence-based teaching and learning methodology. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Text Encoded Conversion
  • XML
  • Save / Share this Record
  • Send to Email