slides - personal.stevens.edu - Stevens Institute of Technology

advertisement

The Development of a Graduate

Curriculum for Software Assurance

Mark Ardis, Stevens Institute of Technology

Nancy Mead, Software Engineering Institute

Acknowledgments (1/2)

We thank the Department of Homeland Security (DHS)

National Cyber Security Division (NCSD) for their support

We thank our curriculum co-authors:

Julia H. Allen, Software Engineering Institute

Thomas B. Hilburn, Embry-Riddle Aeronautical University

Andrew J. Kornecki, Embry-Riddle Aeronautical University

Richard Linger, Software Engineering Institute

James McDonald, Monmouth University

2

Acknowledgments (2/2)

Some of these slides are from Jeff Williams of OWASP

3

1.

2.

3.

4.

5.

6.

7.

Outline

Motivation

Sources

Process

Core Body of Knowledge

Curriculum Architecture

Course Outlines and Syllabi

Outreach and Future Plans

4

Motivation

"The business of security for government agencies is growing by an enviable 9 percent a year"

--- NYTimes August 4, 2011

5

What if the software world was only…

100 apps written by 100 developers at 100 companies

Sources for MSwA Recommendations

GSwE2009 – Graduate Software Engineering

Other Curricula

MSE 1989 – Original Graduate Software Engineering

SE 2004 – Undergraduate Software Engineering

CE 2004 – Undergraduate Computer Engineering

CS 2010 – Undergraduate Computer Science

SWEBOK – Software Engineering Body of Knowledge

Textbook by Allen, Mead et al.

Build Security In (BSI) Website

10

Process

11

Core Body of Knowledge

3-level outline of topics

Associated student outcome expectations in terms of

Bloom's Taxonomy

1.

2.

3.

4.

5.

6.

7.

Top Level:

Assurance Across Life Cycles

Risk Management

Assurance Assessment

Assurance Management

System Security Assurance

System Functionality Assurance

System Operational Assurance

12

Curriculum Architecture

13

MSwE with SwA Specialization

Information Sciences with SwA Specialization

15

Course Outlines and Syllabi

16

Course Syllabi:

Assurance Management

System Operational

Assurance

Assured Software Analytics

Assured Software

Development 1

Assured Software

Development 2

Assured Software

Development 3

Assurance Assessment

System Security Assurance

Course Outlines

Undergraduate courses

4 software assurance courses

 1 capstone project course

Community College courses

3 foundation CS courses

3 security courses

Getting Started with MSwA Courses

Implementation options: add 1-2 courses that supplement an existing program (e.g., Master of

Software Engineering, Master of Information Systems) build on strengths of faculty and supplement existing courses build on local industry needs take advantage of resources

 mentoring offered by SwA curriculum team

 other artifacts (e.g., MSwA course outlines, master bibliography) consider starting with a course that does not require prerequisites within the program, such as Assured Software Development 1 or System

Operational Assurance add 1-2 courses each year to build up to a complete MSwA or specialization within another degree program

Resources

 http://www.cert.org/mswa/

MSwA Reference Curriculum document undergraduate course outlines

MSwA course outlines and syllabi

2-Year college course outlines master bibliography curriculum overview seminar

VTE workshop from CSEET 2010

Contact Information

Nancy R. Mead, Ph.D.

Senior Technical Staff

CERT ® Program

Software Engineering Institute

Carnegie Mellon University

Email: nrm@sei.cmu.edu

U.S. mail:

Software Engineering Institute

Customer Relations

4500 Fifth Avenue

Pittsburgh, PA 15213-2612

USA

Mark A. Ardis U.S. mail:

Distinguished Service Professor

School of Systems and Enterprises

Stevens Institute of Technology

Email: mark.ardis@stevens.edu

WWW: personal.stevens.edu/~mardis

Stevens Institute of Technology

Castle Point on Hudson

Hoboken, NJ 07030

USA

Download