Re: Education and security -- another perspective (was "ACM Queue - Content")

[James Walden <jwalden () eecs utoledo edu>]

Dana Epp wrote:
I'd be interested to hear what people think of the two approaches 
(separate security courses vs. spreading security all over the curricula).

> > Regards.
> >
> > Fernando.

I don't think it's an either/or question; we need both approaches.  Students 
should study security wherever it's relevant in the curriculum, but they also 
need a security class towards the end of the degree program to integrate what 
they've learned with a deeper and more theoretical look at security at the 
level of Matt Bishop's Computer Security: Art and Science.


Well, I have been asked to teach a new forth year course at the British 
Columbia Institute of Technology (BCIT) this fall on Secure Programming 
(COMP4476).


It looks like a good class, Dana.  My only suggestion would be to present 
secure design principles in unit 2, instead of waiting to bring them up until 
unit 7 (I'm presuming you'll bring up more than least privilege there.)  I 
think you're right to wait until later in the term to bring up buffer 
overflows; it's a more difficult problem for students than I expected it to be 
the first time I gave such an assignment.


I only wish I could make all these books be textbook requirements for 
the curriculum. It should be mandatory reading.


I think they're all good books, but covering fewer topics and books in greater 
depth increases learning, so don't succumb to that temptation.  You can't teach 
them everything in one term, but you can point the way to continue learning 
with those books for students who want to know about security than one class 
can teach them.


Of course, I also think students should have to take at least one course 
in ASM to really understand how computer instructions work, so they can 
gain a foundation of learning for the heart of computer processing. And
I think they should be taught the powers and failures of C. Since I know 
many of you think I'm nuts for that, you might want to look at this 
outline with the same amount of consideration.


I agree with you on both of those requirements.  You need to have a basic 
understanding of assembly and how C is translated into assembly to understand 
the most common types of buffer overflow attacks.  There are better languages 
for secure programming than C, but students are almost certainly going to have 
to read or write C at some point in their careers, so they need to understand it.


--
James Walden, Ph.D.
Visiting Assistant Professor of EECS
The University of Toledo @ LCCC
http://www.eecs.utoledo.edu/~jwalden/