CREATING SHAREABLE
SECURITY MODULES
Kara Nance, University of Alaska Fairbanks, Fairbanks, AK, USA
Blair Taylor, Towson University, Towson, MD, USA
Ronald Dodge, United States Military Academy, West Point NY,
USA
Brian Hay, University of Alaska Fairbanks, Fairbanks, AK, USA
Overview
1
2
3
4
5
Introduction
Challenges
Framework for Security Modules
Examples
Future Considerations
Introduction
• Introductions
• Background of the paper
• NSF CCLI grant #0817267 and #1023125
Objectives
• Develop a comprehensive plan for creating sharable
security labs
• Identify challenges of hands-on lab activities
• Identify unique challenges of security labs
• Summarize current state of security labs
• Outline strategies to address challenges
• Identify dissemination strategies
Challenges
• Challenges for the instructor in creating a hands-on
learning environment
• Difficult to develop
• Difficult to disseminate
• Security labs have additional challenges
• Distance Learning
Environmental challenges
• Below is a list of questions instructors may need to address when
creating a hands-on computer lab experience:
1.Do all of the students have the same configuration?
2.Do the students all have the same computing platform?
3.Do they all have the same operating system?
4.Do their machines have enough resources to run the lab exercise?
5.How do I know that they all started from the same configuration?
6.If I am not sure that they all started from the same configuration, how
can I grade them appropriately?
7.When a student has a problem with the lab exercise, how can I
provide help to them?
8.If I need to make a change to the lab exercise or configuration, how
do I distribute that to all students?
9.If I am not at my own computer or at the school, how can I work on
the lab exercises?
Pedagogical challenges
• support a meaningful hands-on educational experience
for the student
• providing adequate foundational elements to bring all students to a
common level
• educational content to meet the learning objectives
• reflective activities to ensure that the learning objectives have been
met
• extension activities to demonstrate how the concepts fit into the big
picture.
• current state of Computer Science (CS) labs
• ad hoc
• inadequately address synthetic and analytical thinking
How can we address these
challenges?
• Problem: more instructors recognize the need for
incorporating security into the curriculum, many are
hindered by the environmental challenges listed above
and
• resource limitations
• time constraints
• insufficient security training
• lack of effective pedagogical materials
Framework for Security Modules
Specifically, a framework for shareable security modules
should:
•be broadly applicable across institutions and courses
•be extendible to meet the needs of diverse audiences
•be easy to use from a student perspective
•be easy to identify, access, and implement for instructors
•encourage active learning
•facilitate and stimulate development of new modules
•be largely platform independent
3.1 Security Injections@Towson
• www.towson.edu/securityinjections
• 1) increase faculty awareness of secure coding concepts
• 2) increase students’ awareness of secure coding issues
• 3) increase students’ ability to apply secure coding
principles and
• 4) increase the number of security-aware students
• Modules for CS0, CS1, CS2, Computer Literacy, Web,
and database
• Sample lab
Initial RAVE Deployments


~1,300 GB RAM, ~80 TB Storage,
~450 Logical Processors
2011 At-Large Regional CCDC ran
across this infrastructure
Example – SI@T modules in the RAVE
environment
Environmental challenges
1.
2.
3.
4.
5.
6.
7.
8.
9.
configuration
computing platform
operating system
adequate machine resources
Starting from the same
configuration
grading
assistance
distributing changes
Remote access
Hand-on Lab done using RAVE
Issues 1-6 addressed by RAVE
7.Instructors have remote
access, permissions to view
and assist student accounts,
snapshot capabilities
8.Images are created on
demand
9.RAVE environments are
remotely accessible 24/7
5 Future Considerations