CREATING SHAREABLE SECURITY MODULES

1. CREATING SHAREABLE SECURITY MODULES Kara Nance, University of Alaska Fairbanks, Fairbanks, AK, USA Blair Taylor, Towson University, Towson, MD, USA Ronald Dodge, United States Military Academy, West Point NY, USA Brian Hay, University of Alaska Fairbanks, Fairbanks, AK, USA

2. Overview • Introduction • Challenges • Framework for Security Modules • Examples • Future Considerations

3. Introduction Introductions Background of the paper NSF CCLI grant #0817267 and #1023125

4. Objectives • Develop a comprehensive plan for creating sharable security labs • Identify challenges of hands-on lab activities • Identify unique challenges of security labs • Summarize current state of security labs • Outline strategies to address challenges • Identify dissemination strategies

5. Challenges • Challenges for the instructor in creating a hands-on learning environment • Difficult to develop • Difficult to disseminate • Security labs have additional challenges • Distance Learning

6. Environmental challenges Below is a list of questions instructors may need to address when creating a hands-on computer lab experience: Do all of the students have the same configuration? Do the students all have the same computing platform? Do they all have the same operating system? Do their machines have enough resources to run the lab exercise? How do I know that they all started from the same configuration? If I am not sure that they all started from the same configuration, how can I grade them appropriately? When a student has a problem with the lab exercise, how can I provide help to them? If I need to make a change to the lab exercise or configuration, howdo I distribute that to all students? If I am not at my own computer or at the school, how can I work on the lab exercises?

7. Pedagogical challenges • support a meaningful hands-on educational experience for the student • providing adequate foundational elements to bring all students to a common level • educational content to meet the learning objectives • reflective activities to ensure that the learning objectives have been met • extension activities to demonstrate how the concepts fit into the big picture. • current state of Computer Science (CS) labs • ad hoc • inadequately address synthetic and analytical thinking

8. How can we address these challenges? • Problem: more instructors recognize the need for incorporating security into the curriculum, many are hindered by the environmental challenges listed above and • resource limitations • time constraints • insufficient security training • lack of effective pedagogical materials

9. Framework for Security Modules Specifically, a framework for shareable security modules should: be broadly applicable across institutions and courses be extendible to meet the needs of diverse audiences be easy to use from a student perspective be easy to identify, access, and implement for instructors encourage active learning facilitate and stimulate development of new modules be largely platform independent

10. 3.1 Security Injections@Towson www.towson.edu/securityinjections 1) increase faculty awareness of secure coding concepts 2) increase students’ awareness of secure coding issues 3) increase students’ ability to apply secure coding principles and 4) increase the number of security-aware students Modules for CS0, CS1, CS2, Computer Literacy, Web, and database Sample lab

11. Initial RAVE Deployments • ~1,300 GB RAM, ~80 TB Storage, ~450 Logical Processors • 2011 At-Large Regional CCDC ran across this infrastructure

12. Example – SI@T modules in the RAVE environment Environmental challenges Hand-on Lab done using RAVE configuration computing platform operating system adequate machine resources Starting from the same configuration grading assistance distributing changes Remote access Issues 1-6 addressed by RAVE Instructors have remote access, permissions to view and assist student accounts, snapshot capabilities Images are created on demand RAVE environments are remotely accessible 24/7

13. 5 Future Considerations