An official website of the United States government
The enormous advancement of digital technology and the Internet usage have significantly improved our lives, but have threatened our security and privacy as well. Cyberattacks may have harmful long-term implications to individuals and organizations. High school students are accessible targets for various cybercrimes due to the lack of cybersecurity knowledge and cyber-safe practices. It is important that education about cybersecurity awareness and cyber hygiene practices must begin at a young age. Offering cybersecurity knowledge through interactive tutorials and game-based techniques may increase students' interest in this domain. To develop a security mindset and improve the perception and attitude towards cybersecurity, we created an interactive cybersecurity framework for high school students. Through this framework, we attempt to effectively educate students in cybersecurity through interactive animated visualization modules developed in Unity 3D engine, enabling learning of physical, software, and mathematical aspects of cybersecurity. Each topic in the visualization tool is explained in four stages including information, interaction, explanation, and assessment. Several surveys have been conducted to determine whether this framework enhances users' cognitive abilities.
more »
« less
Interactive Program Visualization to Teach Stack Smashing: An Experience Report
This paper presents an experience report on using an interactive program visualization tool — Dynamic, Interactive Stack-Smashing Attack Visualization (DISSAV) — and a complementary active-learning exercise to teach stack smashing, a key software security attack. The visualization tool and active-learning exercise work synergistically to guide the student through challenging, abstract concepts in the advanced cybersecurity area. DISSAV and the exercise are deployed within the software security module of an undergraduate cybersecurity course that introduces a broad range of security topics. A study is designed that collects and evaluates student perceptions on the user interface of DISSAV and the effectiveness of the two resources in improving student learning and engagement. The study finds that over 80% of responses to user interface questions, 66% of responses to student learning questions and 64% of responses to student engagement questions are positive, suggesting that the resources improve student learning and engagement in general. The study does not find discernible patterns of difference in responses from students of different ages and varying levels of prior experience with stack smashing attacks, program visualization tools and C programming.
more »
« less
- Award ID(s):
- 1947295
- PAR ID:
- 10469275
- Publisher / Repository:
- Journal of The Colloquium for Information Systems Security Education
- Date Published:
- Journal Name:
- Journal of The Colloquium for Information Systems Security Education
- Volume:
- 10
- Issue:
- 1
- ISSN:
- 2641-4546
- Page Range / eLocation ID:
- 8
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Haldorai, Anandakumar (Ed.)Cybersecurity affects us all in our daily lives. New knowledge on best practices, new vulnerabilities, and timely fixes for cybersecurity issues is growing super-linearly, and is spread across numerous, heterogeneous sources. Because of that, community contribution-based, question and answer sites have become clearinghouses for cybersecurity-related inquiries, as they have for many other topics. Historically, Stack Overflow has been the most popular platform for different kinds of technical questions, including for cybersecurity. That has been changing, however, with the advent of Security Stack Exchange, a site specifically designed for cybersecurity-related questions and answers. More recently, some cybersecurity-related subreddits of Reddit, have become hubs for cybersecurity-related questions and discussions. The availability of multiple overlapping communities has created a complex terrain to navigate for someone looking for an answer to a cybersecurity question. In this paper, we investigate how and why people choose among three prominent, overlapping, question and answer communities, for their cybersecurity knowledge needs. We aggregated data of several consecutive years of cybersecurity-related questions from Stack Overflow, Security Stack Exchange, and Reddit, and performed statistical, linguistic, and longitudinal analysis. To triangulate the results, we also conducted user surveys. We found that the user behavior across those three communities is different, in most cases. Likewise, cybersecurity-related questions asked on the three sites are different, more technical on Security Stack Exchange and Stack Overflow, and more subjective and personal on Reddit. Moreover, there appears to have been a differentiation of the communities along the same lines, accompanied by overall popularity trends suggestive of Stack Overflow’s decline and Security Stack Exchange’s rise within the cybersecurity community. Reddit is addressing the more subjective, discussion type needs of the lay community, and is growing rapidly.more » « less
-
Paiva, A.C.R.; Cavalli, A.R.; Ventura, Martins P.; Perez-Castillo, R. (Ed.)The ubiquitous use of software in critical systems necessitates integrating cybersecurity concepts into the software engineering curriculum so that students studying software engineering have adequate knowledge to securely develop software projects, which could potentially secure critical systems. An experience report of developing and conducting a course can help educators to gain an understanding of student preferences on topics related to secure software development. We provide an experience report related to the ‘Secure Software Development’ course conducted at Tennessee Technological University. We discuss student motivations, as well as positive and negative perceptions of students towards exercises. Based on our findings, we recommend educators to integrate real-world exercises into a secure software development course with careful consideration of tool documentation, balance in exercise diversity, and student background.more » « less
-
Hyperion is a 3D visualization platform for optical design. It provides a fully immersive, intuitive, and interactive 3D user experience by leveraging existing AR/VR technologies. It enables the visualization of models of folded freeform optical systems in a dynamic 3D environment. The frontend user experience is supported by the computational ray-tracing engine of Eikonal+, an optical design research software currently being developed. We have built a cross-platform light-weight version of Eikonal+ that can communicate with any user interface or other scientific software. We have also demonstrated a prototype of the Hyperion 3D user experience using a Hololens AR display.more » « less
-
This paper proposes a design for an introductory password cracking exercise that gives students the opportunity to develop foundational cybersecurity skills while increasing their confidence and agency. This exercise aims to educate students about the brittle nature of passwords while increasing students' cybersecurity soft skills, such as collaboration, autonomy, and problem solving. To do so, the exercise uses pedagogical methods such as the Gradual Release of Responsibility model and guiding questions. The exercise is holistic, hands-on, and consists of three scaffolded levels: Password guessing, intelligence gathering, and spear phishing. • Manually attempting a “credential stuffing” attack on a simple password. • Scripting an automated password cracking tool. This exercise will educate students about passwords, how to attack them, and how to choose secure passwords while building foundational cybersecurity skills and keeping less experienced students interested, engaged, and motivated.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.53735/cisse.v10i1.164
