CREATING SHAREABLE SECURITY MODULES

Kara Nance, University of Alaska Fairbanks, Fairbanks, AK, USABlair Taylor, Towson University, Towson, MD, USARonald Dodge, United States Military Academy, West Point NY, USABrian Hay, University of Alaska Fairbanks, Fairbanks, AK, USA

Overview1 Introduction2 Challenges3 Framework for Security Modules4 Examples5 Future Considerations

Introduction• Introductions• Background of the paper• NSF CCLI grant #0817267 and #1023125

Objectives• Develop a comprehensive plan for creating sharable

security labs• Identify challenges of hands-on lab activities• Identify unique challenges of security labs• Summarize current state of security labs• Outline strategies to address challenges• Identify dissemination strategies

Challenges• Challenges for the instructor in creating a hands-on

learning environment• Difficult to develop• Difficult to disseminate

• Security labs have additional challenges• Distance Learning

Environmental challenges• Below is a list of questions instructors may need to address when

creating a hands-on computer lab experience:

1.Do all of the students have the same configuration?2.Do the students all have the same computing platform?3.Do they all have the same operating system?4.Do their machines have enough resources to run the lab exercise?5.How do I know that they all started from the same configuration?6.If I am not sure that they all started from the same configuration, how

can I grade them appropriately?7.When a student has a problem with the lab exercise, how can I

provide help to them?8.If I need to make a change to the lab exercise or configuration, how

do I distribute that to all students?9.If I am not at my own computer or at the school, how can I work on

the lab exercises?

Pedagogical challenges• support a meaningful hands-on educational experience for

the student• providing adequate foundational elements to bring all students to a

common level• educational content to meet the learning objectives• reflective activities to ensure that the learning objectives have been

met• extension activities to demonstrate how the concepts fit into the big

picture.

• current state of Computer Science (CS) labs • ad hoc • inadequately address synthetic and analytical thinking

How can we address these challenges?• Problem: more instructors recognize the need for

incorporating security into the curriculum, many are hindered by the environmental challenges listed above and • resource limitations• time constraints• insufficient security training• lack of effective pedagogical materials

Framework for Security Modules Specifically, a framework for shareable security modules should:•be broadly applicable across institutions and courses•be extendible to meet the needs of diverse audiences•be easy to use from a student perspective•be easy to identify, access, and implement for instructors•encourage active learning•facilitate and stimulate development of new modules•be largely platform independent

3.1 Security Injections@Towson

• www.towson.edu/securityinjections• 1) increase faculty awareness of secure coding concepts • 2) increase students’ awareness of secure coding issues • 3) increase students’ ability to apply secure coding

principles and • 4) increase the number of security-aware students• Modules for CS0, CS1, CS2, Computer Literacy, Web,

and database• Sample lab

Initial RAVE Deployments ~1,300 GB RAM, ~80 TB Storage,

~450 Logical Processors 2011 At-Large Regional CCDC ran

across this infrastructure

Example – SI@T modules in the RAVE environment

Environmental challenges

1. configuration2. computing platform3. operating system4. adequate machine resources5. Starting from the same

configuration6. grading7. assistance8. distributing changes9. Remote access

Hand-on Lab done using RAVE

Issues 1-6 addressed by RAVE7.Instructors have remote access, permissions to view and assist student accounts, snapshot capabilities8.Images are created on demand9.RAVE environments are remotely accessible 24/7

5 Future Considerations