ESIDE: The integration of secure programming education into the IDE
1 online resource (135 pages) : PDF
University of North Carolina at Charlotte
Securing the world's technological resources has become one of the largest challenges of modern day. From healthcare to national security, power grids to public safety, the world is reliant on computer systems and their ability to perform in a safe and secure manner. To this end, higher education must graduate software developers who comprehend the importance of security and take steps to ensure the safety of our technological systems. Unfortunately, academia's efforts are falling short as the world continues to experience a shortage of these individuals.In this dissertation, I present a novel educational approach to improve on academia's current methods of secure programming instruction. Known as ESIDE: Educational Security in the IDE, it complements current methods of instruction (e.g., modified courses, elective courses, security tracks) by infusing instructional guidance and materials in a contextually based real-time manner into the student's IDE in a method similar to Microsoft's Grammar Check (a.k.a., green squiggly). The effect of which is an exponential increase in exposure to the principles and practices of secure coding. I designed the ESIDE to provide an interactive educational experience for all levels of programming students across the curriculum. Currently, it runs as a plugin for the Eclipse IDE and monitors the student's code writing process for potentially vulnerable code patterns. When vulnerable code is discovered, ESIDE initiates an educational process based on the type of vulnerability discovered. I have evaluated this model in formative and summative studies at multiple institutions and educational levels and have received promising results. I plan to continue implementing lessons learned and knowledge gained into future research so that I might create a more robust educational resource.
COMPUTER AND INFORMATION SCIENCE EDUCATIONCOMPUTER SCIENCE EDUCATIONINFORMATION SYSTEMS EDUCATIONSECURE PROGRAMMINGSECURITY EDUCATION
Latulip, CelineChu, Bei-TsengShehab, MohamedLambert, Richard
Thesis (Ph.D.)--University of North Carolina at Charlotte, 2015.
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). For additional information, see http://rightsstatements.org/page/InC/1.0/.
Copyright is held by the author unless otherwise indicated.