Abstract
The security and assurance of our computing infrastructure has become a national priority. To address this priority, higher education has gradually incorporated the principles of computer and information security into the mainstream undergraduate and graduate computer science curricula. To achieve effective education, learning security principles must be grounded in experience. This calls for effective laboratory exercises (or course projects). Although a number of laboratories have been designed for security education, they only cover a small portion of the fundamental security principles. Moreover, their underlying lab environments are different, making integration of these laboratories infeasible for a semester-long course. Currently, security laboratories that can be widely adopted are still lacking, and they are in great demand in security education.
We have developed a novel laboratory environment (referred to as SEED). The SEED environment consists of Minix, an instructional operating system (OS), and Linux, a production OS; it takes advantage of the simplicity of Minix and the completeness of Linux, and provides a unified platform to support a rich set of laboratories for computer security education. Based on the SEED environment, we have developed a list of laboratories that cover a wide spectrum of security principles. These labs provide opportunities for students to develop essential skills for secure computing practice. We have been using these labs in our courses during the last five years. This article presents our SEED environment, laboratories, and evaluation results.
- Appel, A. W. and Palsberg, J. 2002. Modern Compiler Implementation in Java, 2nd ed. Number 0-521-82060-X. Cambridge University Press. Cambridge, UK.Google Scholar
- Bishop, M. 1997. Computer security in introductory programming classes. In Proceedings of Workshop on Education in Computer Security (WECS'97). Monterey, CA, 1--2.Google Scholar
- Borzak, L. 1981. Field Study. A Source Book for Experiential Learning. Beverly Hills: Sage Publications. 9.Google Scholar
- Christopher, W. A., Procter, S. J., and Anderson, T. E. 1993. The Nachos instructional operating system. In Proceedings of the Winter 1993 USENIX Conference. San Diego, CA, USA, 481--489. Available at http://http.cs.berkeley.edu/~tea/nachos. Google Scholar
Digital Library
- Comer, D. 1984. Operating System Design: The XINU Approach. Prentice Hall, Upper Saddle River, NJ. Google Scholar
Digital Library
- Comer, D. 2000. Internetworking With TCP/IP Volume 1: Principles Protocols, and Architecture, 4th ed. Number 0130183806. Prentice Hall, Upper Saddle River, NJ. Google Scholar
Digital Library
- Crowley, E. 2004. Experiential learning and security lab design. In Proceedings of Information Technology Education Annual Conference (SIGITE'04). Salt Lake City, Utah, 169--176. Google Scholar
Digital Library
- Denning, P. J. 2003. Great principles of computing. Comm. ACM 46, 11 (November), 15--20. Google Scholar
Digital Library
- Fedora Project. 2005. Fedora core 4. Available at http://fedoraproject.org/.Google Scholar
- Felder, R. and Silverman, L. 1988. Learning and teaching styles in engineering education. Engin. Educ. 78, 7, 674--681.Google Scholar
- Ferraiolo, D. and Kuhn, R. 1992. Role-based access controls. In Proceedings of the 15th NIST-NCSC National Computer Security Conference. Baltimore, MD, 554--563.Google Scholar
- Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., and Chandramouli, R. 2001. Proposed NIST standard for role-based access control. ACM Trans. Inform. Syst. Secur. 4, 3 (August), 224--274. Google Scholar
Digital Library
- George, B. and Valeva, A. 2006. A database security course on a shoestring. In Proceedings of the 37th Technical Symposium on Computer Science Education (SIGCSE'06). Houston, Texas. Google Scholar
Digital Library
- Hill, J. M. D., Jr., C. A. C., Humphries, J. W., and Pooch, U. W. 2001. Using an isolated network laboratory to teach advanced networks and security. In Proceedings of the 32nd Technical Symposium on Computer Science Education (SIGCSE'01). Charlotte, NC, 36--40. Google Scholar
Digital Library
- Howatt, J. 2002. Operating systems projects: Minix revisited. SIGCSE Bulletin--Inroads, 109--111. Google Scholar
Digital Library
- Hu, J., Meinel, C., and Schmitt, M. 2004. Tele-lab IT security: an architecture for interactive lessons for security education. In Proceedings of the 35th Technical Symposium on Computer Science Education (SIGCSE'04). ACM Press, Norfolk, Virginia, 412--416. Google Scholar
Digital Library
- Irvine, C. E. 1999. Amplifying security education in the laboratory. In Proceedings of IFIP TC11 WC11. First World Conference on INFOSEC Education. Kista, Sweden, 139--146.Google Scholar
Cross Ref
- Irvine, C. E., Levin, T. E., Nguyen, T. D., and Dinolt, G. W. 2004. The trusted computing exemplar project. In Proceedings of the IEEE Systems Man and Cybernetics Information Assurance Workshop (SMC'04). West Point, NY, 109--115.Google Scholar
- Irvine, C. E. and Thompson, M. 2003. Teaching objectives of a simulation game for computer security. In Proceedings of Informing Science and Information Technology Joint Conference (InSITE'03). Pori, Finland.Google Scholar
- Joseph, A., Tygar, D., Vazirani, U., and Wagner, D. CS 194-1, Fall 2005 Computer Security. University of Berkeley. http://www-inst.eecs.berkeley.edu/~cs161/fa05/.Google Scholar
- Kolb, D. 1984. Experiential Learning: Experience as the Source of Learning and Development. Prentice Hall, Englewood Cliffs, NJ.Google Scholar
- Lie, D. 2005. ECE1776: Computer Security, Cryptography and Privacy. University of Toronto. http://www.eecg.toronto.edu/~lie/ECE1776/.Google Scholar
- Loscocco, P. and Smalley, S. 2001. Integrating flexible support for security policies into the Linux operating system. In Proceedings of the 10th USENIX Conference (FREENIX Track'01). Google Scholar
Digital Library
- Mayo, J. and Kearns, P. 1999. A secure unrestricted advanced systems laboratory. In Proceedings of the 30th Technical Symposium on Computer Science Education (SIGCSE'99). New Orleans, LA, 165--169. Google Scholar
Digital Library
- Memon, N. 2005. CS392/681: Computer Security. http://isis.poly.edu/courses/cs392/.Google Scholar
- Micco, M. and Rossman, H. 2002. Building a cyberwar lab: lessons learned: teaching cybersecurity principles to undergraduates. In Proceedings of the 33rd Technical Symposium on Computer Science Education (SIGCSE'02). ACM Press, Cincinnati, Kentucky, 23--27. Google Scholar
Digital Library
- Mitchener, W. G. and Vahdat, A. 2001. A chat room assignment for teaching network security. In Proceedings of the 32nd Technical Symposium on Computer Science Education (SIGCSE'01). ACM Press, Charlotte, NC, 31--35. Google Scholar
Digital Library
- Mullins, P., Wolfe, J., Fry, M., Wynters, E., Calhoun, W., Montante, R., and Oblitey, W. 2002. Panel on integrating security concepts into existing computer courses. In Proceedings of the 33rd Technical Symposium on Computer Science Education (SIGCSE'02). ACM Press, Cincinnati, KY, 365--366. Google Scholar
Digital Library
- O'Leary, M. 2006. A laboratory based capstone course in computer security for undergraduates. In Proceedings of the 37th Technical Symposium on Computer Science Education (SIGCSE'06). Houston, TX. Google Scholar
Digital Library
- Romney, G. W. and Stevenson, B. R. 2004. An isolated, multi-platform network sandbox for teaching it security system engineers. In Proceedings of the 5th Conference on Information Technology Education (CITCS'04). Salt Lake City, UT. Google Scholar
Digital Library
- Ross, K. 2005. CS393/682: Network Security. http://isis.poly.edu/courses/cs393-s2005/.Google Scholar
- Schafer, J., Ragsdale, D. J., Surdu, J. R., and Carver, C. A. 2001. The iwar range: a laboratory for undergraduate information assurance education. J. Comput. Small Coll. 16, 4, 223--232. Google Scholar
Digital Library
- SUN Microsystems, Inc. 2001. White paper: RBAC in the Solaris operating environment. Available at http://www.sun.com/software/whitepapers/wp-rbac/wp-rbac.pdf.Google Scholar
- Tanenbaum, A. S. and Woodhull, A. S. 1997. Operating Systems Design and Implementation, 2nd ed. Number 0136386776. Prentice Hall, Upper Saddle River, NJ. Google Scholar
Digital Library
- Vaughn Jr., R. B. 2000. Application of security to the computing science classroom. In Proceedings of the 31st Technical Symposium on Computer Science Education (SIGCSE'00). Austin, TX, 90--94. Google Scholar
Digital Library
- Wagner, P. J. and Wudi, J. M. 2004. Designing and implementing a cyberwar laboratory exercise for a computer security course. In Proceedings of the 35th Technical Symposium on Computer Science Education (SIGCSE'04). ACM Press, Norfolk, VA, 402--406. Google Scholar
Digital Library
Index Terms
SEED: A Suite of Instructional Laboratories for Computer Security Education
Recommendations
SEED: a suite of instructional laboratories for computer SEcurity EDucation
SIGCSE '07: Proceedings of the 38th SIGCSE technical symposium on Computer science educationTo provide students with hands-on exercises in computer security education, we have developed a laboratory environment (SEED) for computer security education. It is based on VMware, Minix, and linux, all of which are free for educational uses. Based on ...
Technology workshops by in-service teachers for pre-service teachers
SIGUCCS '01: Proceedings of the 29th annual ACM SIGUCCS conference on User servicesThis project was an initiative through university courses to have graduate in-service teachers, who have learned the use of technology for classroom instruction, offer workshops to undergraduate pre-service teachers. The goals of the project were two-...
Expanding security awareness in introductory computer science courses
InfoSecCD '09: 2009 Information Security Curriculum Development ConferenceInformation Security is typically reserved for upper division courses in Computer Science (CS) and Computer Information System (IS) programs. It is often an elective or graduate level course. Information Security is an important topic that can be ...






Comments