ACM Digital Library home
ACM home
Advanced Search
10.1145/3328778.3366894acmconferencesArticle/Chapter ViewAbstractPublication PagessigcseConference Proceedingsconference-collections
research-article
Public Access

A System for Visualizing the Process Address Space in the Context of Teaching Secure Coding in C

Authors Info & Claims
SIGCSE '20: Proceedings of the 51st ACM Technical Symposium on Computer Science EducationFebruary 2020Pages 1033–1039https://doi.org/10.1145/3328778.3366894
Published:26 February 2020Publication History
  • 1citation
  • 266
  • Downloads
Metrics
Total Citations1
Total Downloads266
Last 12 Months70
Last 6 weeks8

SIGCSE '20: Proceedings of the 51st ACM Technical Symposium on Computer Science Education

A System for Visualizing the Process Address Space in the Context of Teaching Secure Coding in C
Pages 1033–1039
PreviousChapterNextChapter

ABSTRACT

Seemingly small coding errors can create significant vulnerabilities in C programs. This often occurs due to memory being overwritten in unexpected ways. If a student understands where program variables appear in the process address space, then she can understand the effect of writing beyond the memory allocated to a variable. With this understanding, she can tie her code to its effect within an executing process and is more likely to appreciate the significance of these seemingly harmless errors and to avoid them. We have developed a program analysis and visualization tool to help students understand the impact of common memory errors with the goal to help students avoid introducing these errors into their code. The visualization is through the Program Address Space (PAS) window within a larger system for analysis and visualization of security issues in C programs. The larger system is called SecureCvisual. In this paper, we describe our experience with teaching students fundamental concepts about process address spaces and the impact of buffer overflows using the PAS window. We also present the results from an evaluation of the tool. Our results indicate that students found the tool useful and that it enhanced the course in which it was used.

References

  1. AbsInt. [n. d.]. Astrée. https://www.absint.com/astree/index.htm. Accessed: 2019-02--14.Google ScholarGoogle Scholar
  2. James W. Benham. 1992. A Geometric Approach to Presenting Computer Representations of Integers. SIGCSE Bull. 24, 4 (Dec. 1992), 27--28.Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Derek Ebeling and Rob Santos. 2007. Public Key Infrastructure Visualization. J. Comput. Sci. Coll. 23, 1 (Oct. 2007), 247--254.Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Matthew Egan and Chris McDonald. [n. d.]. SeeC Viewing Execution Traces. https://seec-team.github.io/seec/seec-view.html Accessed: 2019--11--25.Google ScholarGoogle Scholar
  5. Matthew Heinsen Egan and Chris McDonald. 2014. Program Visualization and Explanation for Novice C Programmers. In Proceedings of the Sixteenth Australasian Computing Education Conference - Volume 148 (ACE '14). Australian Computer Society, Inc., Darlinghurst, Australia, Australia, 51--57. http: //dl.acm.org/citation.cfm?id=2667490.2667496Google ScholarGoogle Scholar
  6. IBM. [n. d.]. Rational Purify. https://www-01.ibm.com/software/awdtools/purify/ compare.html. Accessed: 2019-02--14.Google ScholarGoogle Scholar
  7. Niakam Kazemi and Shiva Azadegan. 2010. IPsecLite: ATool for Teaching Security Concepts. In Proceedings of the 41st ACM Technical Symposium on Computer Science Education (SIGCSE '10). ACM, New York, NY, USA, 138--142.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Kiuwan. [n. d.]. Kiuwan. https://www.kiuwan.com/. Accessed: 2019-02--14.Google ScholarGoogle Scholar
  9. Yifei Li, Steve Carr, Jean Mayo, Ching-Kuang Shene, and Chaoli Wang. 2012. DTEvisual: A Visualization System for Teaching Access Control Using Domain Type Enforcement. Journal of Computing Science in College 28, 1 (October 2012), 125--132.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. C. K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S.Wallace, V. J. Reddi, and K. Hazelwood. 2005. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. In Proceedings of 2005 Conference on Programming Language Design and Implementation (PLDI). Chicago, Illinois.Google ScholarGoogle Scholar
  11. Jun Ma, Jun Tao, Melissa Keranen, Jean Mayo, Ching-Kuang Shene, and Chaoli Wang. 2014. SHAvisual: A Secure Hash Algorithm Visualization Tool. In Proceedings of the 2014 conference on Innovation & technology in computer science education. ACM, 338--338.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Parasoft. [n. d.]. Parasoft. https://www.parasoft.com/. Accessed: 2019-02--14.Google ScholarGoogle Scholar
  13. Dino Schweitzer and Leemon C. Baird III. 2006. The design and use of interactive visualization applets for teaching ciphers. In Proceedings of the 7th Annual IEEE Information Assurance Workshop. 69--75.Google ScholarGoogle Scholar
  14. Dino Schweitzer, Mike Collins, and Leemon C Baird III. 2007. A visual approach to teaching formal models in security. In Proceedings of the 11th Colloquium for Information Systems Security Education (CISSE). 69--75.Google ScholarGoogle Scholar
  15. Dino L. Schweitzer, Leemon C. Baird III, Mike D. Collins, Wayne C. Brown, and Mike Sherman. 2006. GRASP: A visualization tool for teaching security protocols. In Proceedings of the 10th Colloquium for Information Systems Security Education. 75--81.Google ScholarGoogle Scholar
  16. P. A. Smith and G. I. Webb. 1995. Transparency Debugging with Explanations for Novice Programmers. In Proceedings of the Second International Workshop on Automated and Algorithmic Debugging (AADEBUG'95), M. Ducass (Ed.). IRISACNRS.Google ScholarGoogle Scholar
  17. Rogue Wave Software. [n. d.]. Klocwork. https://www.roguewave.com/productsservices/ klocwork. Accessed: 2019-02--14.Google ScholarGoogle Scholar
  18. Jun Tao, Jun Ma, Melissa Keranan, Jean Mayo, and Ching-Kuang Shene. 2012. ECvisual: A Visualization Tool for Elliptic Curve Based Ciphers. In roceedings of the 43rd ACM technical symposium on Computer Science Education. ACM, 571--576.Google ScholarGoogle Scholar
  19. Jun Tao, Jun Ma, Melissa Keranen, Jean Mayo, and Ching-Kuang Shene. 2011. DESvisual: A Visualization Tool for the DES Cipher. Journal of Computing Science in College 27, 1 (October 2011), 81--89.Google ScholarGoogle Scholar
  20. Jun Tao, Jun Ma, Melissa Keranen, Jean Mayo, Ching-Kuang Shene, and Chaoli Wang. 2014. RSAvisual: A Visualization Tool for the RSA Cipher. In Proceedings of the 45th ACM technical symposium on Computer science education. ACM, 635--640.Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Minoru Terada. 2005. ETV: A Program Trace Player for Students. In Proceedings of the 10th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education (ITiCSE '05). ACM, New York, NY, USA, 118--122. https://doi. org/10.1145/1067445.1067480Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Kenneth Vollmar and Pete Sanderson. 2006. MARS: An Education-oriented MIPS Assembly Language Simulator. In Proceedings of the 37th SIGCSE Technical Symposium on Computer Science Education (SIGCSE '06). ACM, 239--243.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Man Wang, Steve Carr, Jean Mayo, Ching-Kuang Shene, and Chaoli Wang. 2014. MLSvisual: A Visualization Tool for Teaching Access Control Using Multi-Level Security. In Proceedings of the 2014 conference on Innovation & technology in computer science education. ACM, 93--98.Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. JustinWarner, David Musielewicz, G. Parks Masters, Taylor Verett, Robert Winchester, and Steven Fulton. 2010. Network Firewall Visualization in the Classroom. J. Comput. Sci. Coll. 26, 2 (Dec. 2010), 88--96.Google ScholarGoogle Scholar
  25. David A. Wheeler. [n. d.]. Flawfinder. https://dwheeler.com/flawfinder/ Accessed: 2019-02--14.Google ScholarGoogle Scholar
  26. Cecile Yehezkel, Mordechai Ben-Ari, and Tommy Dreyfus. 2005. Computer Architecture and Mental Models. In Proceedings of the 36th SIGCSE Technical Symposium on Computer Science Education (SIGCSE '05). ACM, 101--105.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Xiaohong Yuan, Percy Vega, Yaseen Qadah, Ricky Archer, Huiming Yu, and Jinsheng Xu. 2010. Visualization Tools for Teaching Computer Security. Trans. Comput. Educ. 9, 4 (Jan. 2010), 20:1--20:28.Google ScholarGoogle Scholar

Index Terms

  1. A System for Visualizing the Process Address Space in the Context of Teaching Secure Coding in C

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      Get this Publication

      • Published in

        cover image ACM Conferences
        SIGCSE '20: Proceedings of the 51st ACM Technical Symposium on Computer Science Education
        February 2020
        1502 pages
        ISBN:9781450367936
        DOI:10.1145/3328778

        Copyright © 2020 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 26 February 2020

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article

        Acceptance Rates

        Overall Acceptance Rate1,595of4,542submissions,35%

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      View Table of Contents
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!