The Development of a Graduate
Curriculum for Software Assurance
Mark Ardis, Stevens Institute of Technology
Nancy Mead, Software Engineering Institute
We thank the Department of Homeland Security (DHS)
National Cyber Security Division (NCSD) for their support
We thank our curriculum co-authors:
Julia H. Allen, Software Engineering Institute
Thomas B. Hilburn, Embry-Riddle Aeronautical University
Andrew J. Kornecki, Embry-Riddle Aeronautical University
Richard Linger, Software Engineering Institute
James McDonald, Monmouth University
2
Some of these slides are from Jeff Williams of OWASP
3
1.
2.
3.
4.
5.
6.
7.
Motivation
Sources
Process
Core Body of Knowledge
Curriculum Architecture
Course Outlines and Syllabi
Outreach and Future Plans
4
Motivation
"The business of security for government agencies is growing by an enviable 9 percent a year"
--- NYTimes August 4, 2011
5
What if the software world was only…
100 apps written by 100 developers at 100 companies
Sources for MSwA Recommendations
GSwE2009 – Graduate Software Engineering
Other Curricula
MSE 1989 – Original Graduate Software Engineering
SE 2004 – Undergraduate Software Engineering
CE 2004 – Undergraduate Computer Engineering
CS 2010 – Undergraduate Computer Science
SWEBOK – Software Engineering Body of Knowledge
Textbook by Allen, Mead et al.
Build Security In (BSI) Website
10
Process
11
Core Body of Knowledge
3-level outline of topics
Associated student outcome expectations in terms of
Bloom's Taxonomy
1.
2.
3.
4.
5.
6.
7.
Top Level:
Assurance Across Life Cycles
Risk Management
Assurance Assessment
Assurance Management
System Security Assurance
System Functionality Assurance
System Operational Assurance
12
Curriculum Architecture
13
MSwE with SwA Specialization
Information Sciences with SwA Specialization
15
Course Outlines and Syllabi
16
Course Syllabi:
Assurance Management
System Operational
Assurance
Assured Software Analytics
Assured Software
Development 1
Assured Software
Development 2
Assured Software
Development 3
Assurance Assessment
System Security Assurance
Course Outlines
Undergraduate courses
4 software assurance courses
1 capstone project course
Community College courses
3 foundation CS courses
3 security courses
Getting Started with MSwA Courses
Implementation options: add 1-2 courses that supplement an existing program (e.g., Master of
Software Engineering, Master of Information Systems) build on strengths of faculty and supplement existing courses build on local industry needs take advantage of resources
mentoring offered by SwA curriculum team
other artifacts (e.g., MSwA course outlines, master bibliography) consider starting with a course that does not require prerequisites within the program, such as Assured Software Development 1 or System
Operational Assurance add 1-2 courses each year to build up to a complete MSwA or specialization within another degree program
http://www.cert.org/mswa/
MSwA Reference Curriculum document undergraduate course outlines
MSwA course outlines and syllabi
2-Year college course outlines master bibliography curriculum overview seminar
VTE workshop from CSEET 2010
Nancy R. Mead, Ph.D.
Senior Technical Staff
CERT ® Program
Software Engineering Institute
Carnegie Mellon University
Email: nrm@sei.cmu.edu
U.S. mail:
Software Engineering Institute
Customer Relations
4500 Fifth Avenue
Pittsburgh, PA 15213-2612
USA
Mark A. Ardis U.S. mail:
Distinguished Service Professor
School of Systems and Enterprises
Stevens Institute of Technology
Email: mark.ardis@stevens.edu
WWW: personal.stevens.edu/~mardis
Stevens Institute of Technology
Castle Point on Hudson
Hoboken, NJ 07030
USA