CREATING SHAREABLE SECURITY MODULES Kara Nance, University of Alaska Fairbanks, Fairbanks, AK, USA Blair Taylor, Towson University, Towson, MD, USA Ronald Dodge, United States Military Academy, West Point NY, USA Brian Hay, University of Alaska Fairbanks, Fairbanks, AK, USA Overview 1 2 3 4 5 Introduction Challenges Framework for Security Modules Examples Future Considerations Introduction • Introductions • Background of the paper • NSF CCLI grant #0817267 and #1023125 Objectives • Develop a comprehensive plan for creating sharable security labs • Identify challenges of hands-on lab activities • Identify unique challenges of security labs • Summarize current state of security labs • Outline strategies to address challenges • Identify dissemination strategies Challenges • Challenges for the instructor in creating a hands-on learning environment • Difficult to develop • Difficult to disseminate • Security labs have additional challenges • Distance Learning Environmental challenges • Below is a list of questions instructors may need to address when creating a hands-on computer lab experience: 1.Do all of the students have the same configuration? 2.Do the students all have the same computing platform? 3.Do they all have the same operating system? 4.Do their machines have enough resources to run the lab exercise? 5.How do I know that they all started from the same configuration? 6.If I am not sure that they all started from the same configuration, how can I grade them appropriately? 7.When a student has a problem with the lab exercise, how can I provide help to them? 8.If I need to make a change to the lab exercise or configuration, how do I distribute that to all students? 9.If I am not at my own computer or at the school, how can I work on the lab exercises? Pedagogical challenges • support a meaningful hands-on educational experience for the student • providing adequate foundational elements to bring all students to a common level • educational content to meet the learning objectives • reflective activities to ensure that the learning objectives have been met • extension activities to demonstrate how the concepts fit into the big picture. • current state of Computer Science (CS) labs • ad hoc • inadequately address synthetic and analytical thinking How can we address these challenges? • Problem: more instructors recognize the need for incorporating security into the curriculum, many are hindered by the environmental challenges listed above and • resource limitations • time constraints • insufficient security training • lack of effective pedagogical materials Framework for Security Modules Specifically, a framework for shareable security modules should: •be broadly applicable across institutions and courses •be extendible to meet the needs of diverse audiences •be easy to use from a student perspective •be easy to identify, access, and implement for instructors •encourage active learning •facilitate and stimulate development of new modules •be largely platform independent 3.1 Security Injections@Towson • www.towson.edu/securityinjections • 1) increase faculty awareness of secure coding concepts • 2) increase students’ awareness of secure coding issues • 3) increase students’ ability to apply secure coding principles and • 4) increase the number of security-aware students • Modules for CS0, CS1, CS2, Computer Literacy, Web, and database • Sample lab Initial RAVE Deployments ~1,300 GB RAM, ~80 TB Storage, ~450 Logical Processors 2011 At-Large Regional CCDC ran across this infrastructure Example – SI@T modules in the RAVE environment Environmental challenges 1. 2. 3. 4. 5. 6. 7. 8. 9. configuration computing platform operating system adequate machine resources Starting from the same configuration grading assistance distributing changes Remote access Hand-on Lab done using RAVE Issues 1-6 addressed by RAVE 7.Instructors have remote access, permissions to view and assist student accounts, snapshot capabilities 8.Images are created on demand 9.RAVE environments are remotely accessible 24/7 5 Future Considerations