Archives

In this paper, we describe the SWARM course. SWARM was designed for Honor Senior students to learn and practice secure wireless communication in the setting of rescue mission type of applications [1]. The theoretical component of the course covers aspects such as cryptography, security protocols, and wireless communication protocols. On the practical side, the students’ teams design a system composed of a smartphone, a sensor network, 2-3 robots controlled through a multi-hop network, and compete for quickly localizing an object that periodically transmits a beacon message.

A large portion of security vulnerabilities result from mistakes in the design or code of software systems. To address this problem, secure development lifecycle practices have been introduced into the software engineering curriculum at five different universities. Each phase of the software development lifecycle has been modified in at least one university to incorporate security. This paper provides a survey of practices involved in the secure development lifecycle and describes how these practices can be introduced into the software engineering curriculum. Each contributor discusses his or her experiences and challenges while integrating security into one phase of the software development process.

First defenders (system and network administrators) can significantly benefit from an educational foundation that helps enterprise networks survive the challenges found in today’s Internet. The Survivability and Information Assurance Curriculum, created by the CERT® Program1, a part of the Software Engineering Institute (SEI), provides such a foundation. This paper describes this freely available curriculum.

In 2004 a workshop was held in San Antonio, TX to discuss the possibility of establishing a national collegiate cyber security competition. Academicians and students from across the nation were invited to share their ideas on how such a competition should be conducted. The final report from this workshop included a number of recommendations and described a general consensus among the participants that such an event should be pursued. Several participants from the Texas school presents agreed to develop a regional competition which was held in March of 2005.

The recently proposed Secure Software Assurance Common Body of Knowledge is a first effort at collecting information about security-enhanced programming and systems development. One of its stated goals is to drive curriculum development in academic institutions. This paper analyzes the SwACBK’s usefulness in programs for advanced undergraduate and graduate education, and offers suggestions for strengthening it.

This paper describes a comprehensive threat model for a new breed of threats based on XML content, including XML languages used in the Service Oriented Architecture (SOA) paradigm such as SOAP [6] and the Web Services Description Language [11]. In addition to defining a new threat model, this paper compares it to a more traditional network security threat model, by defining it in terms of the network stack. This document also illustrates the concept of XML Intrusion Prevention (XIP) as an analog to traditional network-based intrusion prevention.