skip to main content
research-article

SEED: A Suite of Instructional Laboratories for Computer Security Education

Published:01 March 2008Publication History
Skip Abstract Section

Abstract

The security and assurance of our computing infrastructure has become a national priority. To address this priority, higher education has gradually incorporated the principles of computer and information security into the mainstream undergraduate and graduate computer science curricula. To achieve effective education, learning security principles must be grounded in experience. This calls for effective laboratory exercises (or course projects). Although a number of laboratories have been designed for security education, they only cover a small portion of the fundamental security principles. Moreover, their underlying lab environments are different, making integration of these laboratories infeasible for a semester-long course. Currently, security laboratories that can be widely adopted are still lacking, and they are in great demand in security education.

We have developed a novel laboratory environment (referred to as SEED). The SEED environment consists of Minix, an instructional operating system (OS), and Linux, a production OS; it takes advantage of the simplicity of Minix and the completeness of Linux, and provides a unified platform to support a rich set of laboratories for computer security education. Based on the SEED environment, we have developed a list of laboratories that cover a wide spectrum of security principles. These labs provide opportunities for students to develop essential skills for secure computing practice. We have been using these labs in our courses during the last five years. This article presents our SEED environment, laboratories, and evaluation results.

References

  1. Appel, A. W. and Palsberg, J. 2002. Modern Compiler Implementation in Java, 2nd ed. Number 0-521-82060-X. Cambridge University Press. Cambridge, UK.Google ScholarGoogle Scholar
  2. Bishop, M. 1997. Computer security in introductory programming classes. In Proceedings of Workshop on Education in Computer Security (WECS'97). Monterey, CA, 1--2.Google ScholarGoogle Scholar
  3. Borzak, L. 1981. Field Study. A Source Book for Experiential Learning. Beverly Hills: Sage Publications. 9.Google ScholarGoogle Scholar
  4. Christopher, W. A., Procter, S. J., and Anderson, T. E. 1993. The Nachos instructional operating system. In Proceedings of the Winter 1993 USENIX Conference. San Diego, CA, USA, 481--489. Available at http://http.cs.berkeley.edu/~tea/nachos. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Comer, D. 1984. Operating System Design: The XINU Approach. Prentice Hall, Upper Saddle River, NJ. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Comer, D. 2000. Internetworking With TCP/IP Volume 1: Principles Protocols, and Architecture, 4th ed. Number 0130183806. Prentice Hall, Upper Saddle River, NJ. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Crowley, E. 2004. Experiential learning and security lab design. In Proceedings of Information Technology Education Annual Conference (SIGITE'04). Salt Lake City, Utah, 169--176. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Denning, P. J. 2003. Great principles of computing. Comm. ACM 46, 11 (November), 15--20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Fedora Project. 2005. Fedora core 4. Available at http://fedoraproject.org/.Google ScholarGoogle Scholar
  10. Felder, R. and Silverman, L. 1988. Learning and teaching styles in engineering education. Engin. Educ. 78, 7, 674--681.Google ScholarGoogle Scholar
  11. Ferraiolo, D. and Kuhn, R. 1992. Role-based access controls. In Proceedings of the 15th NIST-NCSC National Computer Security Conference. Baltimore, MD, 554--563.Google ScholarGoogle Scholar
  12. Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., and Chandramouli, R. 2001. Proposed NIST standard for role-based access control. ACM Trans. Inform. Syst. Secur. 4, 3 (August), 224--274. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. George, B. and Valeva, A. 2006. A database security course on a shoestring. In Proceedings of the 37th Technical Symposium on Computer Science Education (SIGCSE'06). Houston, Texas. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Hill, J. M. D., Jr., C. A. C., Humphries, J. W., and Pooch, U. W. 2001. Using an isolated network laboratory to teach advanced networks and security. In Proceedings of the 32nd Technical Symposium on Computer Science Education (SIGCSE'01). Charlotte, NC, 36--40. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Howatt, J. 2002. Operating systems projects: Minix revisited. SIGCSE Bulletin--Inroads, 109--111. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Hu, J., Meinel, C., and Schmitt, M. 2004. Tele-lab IT security: an architecture for interactive lessons for security education. In Proceedings of the 35th Technical Symposium on Computer Science Education (SIGCSE'04). ACM Press, Norfolk, Virginia, 412--416. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Irvine, C. E. 1999. Amplifying security education in the laboratory. In Proceedings of IFIP TC11 WC11. First World Conference on INFOSEC Education. Kista, Sweden, 139--146.Google ScholarGoogle ScholarCross RefCross Ref
  18. Irvine, C. E., Levin, T. E., Nguyen, T. D., and Dinolt, G. W. 2004. The trusted computing exemplar project. In Proceedings of the IEEE Systems Man and Cybernetics Information Assurance Workshop (SMC'04). West Point, NY, 109--115.Google ScholarGoogle Scholar
  19. Irvine, C. E. and Thompson, M. 2003. Teaching objectives of a simulation game for computer security. In Proceedings of Informing Science and Information Technology Joint Conference (InSITE'03). Pori, Finland.Google ScholarGoogle Scholar
  20. Joseph, A., Tygar, D., Vazirani, U., and Wagner, D. CS 194-1, Fall 2005 Computer Security. University of Berkeley. http://www-inst.eecs.berkeley.edu/~cs161/fa05/.Google ScholarGoogle Scholar
  21. Kolb, D. 1984. Experiential Learning: Experience as the Source of Learning and Development. Prentice Hall, Englewood Cliffs, NJ.Google ScholarGoogle Scholar
  22. Lie, D. 2005. ECE1776: Computer Security, Cryptography and Privacy. University of Toronto. http://www.eecg.toronto.edu/~lie/ECE1776/.Google ScholarGoogle Scholar
  23. Loscocco, P. and Smalley, S. 2001. Integrating flexible support for security policies into the Linux operating system. In Proceedings of the 10th USENIX Conference (FREENIX Track'01). Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Mayo, J. and Kearns, P. 1999. A secure unrestricted advanced systems laboratory. In Proceedings of the 30th Technical Symposium on Computer Science Education (SIGCSE'99). New Orleans, LA, 165--169. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Memon, N. 2005. CS392/681: Computer Security. http://isis.poly.edu/courses/cs392/.Google ScholarGoogle Scholar
  26. Micco, M. and Rossman, H. 2002. Building a cyberwar lab: lessons learned: teaching cybersecurity principles to undergraduates. In Proceedings of the 33rd Technical Symposium on Computer Science Education (SIGCSE'02). ACM Press, Cincinnati, Kentucky, 23--27. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Mitchener, W. G. and Vahdat, A. 2001. A chat room assignment for teaching network security. In Proceedings of the 32nd Technical Symposium on Computer Science Education (SIGCSE'01). ACM Press, Charlotte, NC, 31--35. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Mullins, P., Wolfe, J., Fry, M., Wynters, E., Calhoun, W., Montante, R., and Oblitey, W. 2002. Panel on integrating security concepts into existing computer courses. In Proceedings of the 33rd Technical Symposium on Computer Science Education (SIGCSE'02). ACM Press, Cincinnati, KY, 365--366. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. O'Leary, M. 2006. A laboratory based capstone course in computer security for undergraduates. In Proceedings of the 37th Technical Symposium on Computer Science Education (SIGCSE'06). Houston, TX. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Romney, G. W. and Stevenson, B. R. 2004. An isolated, multi-platform network sandbox for teaching it security system engineers. In Proceedings of the 5th Conference on Information Technology Education (CITCS'04). Salt Lake City, UT. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Ross, K. 2005. CS393/682: Network Security. http://isis.poly.edu/courses/cs393-s2005/.Google ScholarGoogle Scholar
  32. Schafer, J., Ragsdale, D. J., Surdu, J. R., and Carver, C. A. 2001. The iwar range: a laboratory for undergraduate information assurance education. J. Comput. Small Coll. 16, 4, 223--232. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. SUN Microsystems, Inc. 2001. White paper: RBAC in the Solaris operating environment. Available at http://www.sun.com/software/whitepapers/wp-rbac/wp-rbac.pdf.Google ScholarGoogle Scholar
  34. Tanenbaum, A. S. and Woodhull, A. S. 1997. Operating Systems Design and Implementation, 2nd ed. Number 0136386776. Prentice Hall, Upper Saddle River, NJ. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Vaughn Jr., R. B. 2000. Application of security to the computing science classroom. In Proceedings of the 31st Technical Symposium on Computer Science Education (SIGCSE'00). Austin, TX, 90--94. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Wagner, P. J. and Wudi, J. M. 2004. Designing and implementing a cyberwar laboratory exercise for a computer security course. In Proceedings of the 35th Technical Symposium on Computer Science Education (SIGCSE'04). ACM Press, Norfolk, VA, 402--406. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. SEED: A Suite of Instructional Laboratories for Computer Security Education

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image Journal on Educational Resources in Computing
        Journal on Educational Resources in Computing  Volume 8, Issue 1
        March 2008
        48 pages
        ISSN:1531-4278
        EISSN:1531-4278
        DOI:10.1145/1348713
        Issue’s Table of Contents

        Copyright © 2008 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 1 March 2008
        • Accepted: 1 January 2008
        • Revised: 1 November 2007
        • Received: 1 June 2007
        Published in jeric Volume 8, Issue 1

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Research
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!