research-article

SEED: A Suite of Instructional Laboratories for Computer Security Education

Authors:

Ronghua WangAuthors Info & Claims

Journal on Educational Resources in Computing (JERIC), Volume 8, Issue 1

Article No.: 3, Pages 1 - 24

https://doi.org/10.1145/1348713.1348716

Published: 01 March 2008 Publication History

Abstract

The security and assurance of our computing infrastructure has become a national priority. To address this priority, higher education has gradually incorporated the principles of computer and information security into the mainstream undergraduate and graduate computer science curricula. To achieve effective education, learning security principles must be grounded in experience. This calls for effective laboratory exercises (or course projects). Although a number of laboratories have been designed for security education, they only cover a small portion of the fundamental security principles. Moreover, their underlying lab environments are different, making integration of these laboratories infeasible for a semester-long course. Currently, security laboratories that can be widely adopted are still lacking, and they are in great demand in security education.

We have developed a novel laboratory environment (referred to as SEED). The SEED environment consists of Minix, an instructional operating system (OS), and Linux, a production OS; it takes advantage of the simplicity of Minix and the completeness of Linux, and provides a unified platform to support a rich set of laboratories for computer security education. Based on the SEED environment, we have developed a list of laboratories that cover a wide spectrum of security principles. These labs provide opportunities for students to develop essential skills for secure computing practice. We have been using these labs in our courses during the last five years. This article presents our SEED environment, laboratories, and evaluation results.

References

[1]

Appel, A. W. and Palsberg, J. 2002. Modern Compiler Implementation in Java, 2nd ed. Number 0-521-82060-X. Cambridge University Press. Cambridge, UK.

[2]

Bishop, M. 1997. Computer security in introductory programming classes. In Proceedings of Workshop on Education in Computer Security (WECS'97). Monterey, CA, 1--2.

[3]

Borzak, L. 1981. Field Study. A Source Book for Experiential Learning. Beverly Hills: Sage Publications. 9.

[4]

Christopher, W. A., Procter, S. J., and Anderson, T. E. 1993. The Nachos instructional operating system. In Proceedings of the Winter 1993 USENIX Conference. San Diego, CA, USA, 481--489. Available at http://http.cs.berkeley.edu/~tea/nachos.

Digital Library

[5]

Comer, D. 1984. Operating System Design: The XINU Approach. Prentice Hall, Upper Saddle River, NJ.

Digital Library

[6]

Comer, D. 2000. Internetworking With TCP/IP Volume 1: Principles Protocols, and Architecture, 4th ed. Number 0130183806. Prentice Hall, Upper Saddle River, NJ.

Digital Library

[7]

Crowley, E. 2004. Experiential learning and security lab design. In Proceedings of Information Technology Education Annual Conference (SIGITE'04). Salt Lake City, Utah, 169--176.

Digital Library

[8]

Denning, P. J. 2003. Great principles of computing. Comm. ACM 46, 11 (November), 15--20.

Digital Library

[9]

Fedora Project. 2005. Fedora core 4. Available at http://fedoraproject.org/.

[10]

Felder, R. and Silverman, L. 1988. Learning and teaching styles in engineering education. Engin. Educ. 78, 7, 674--681.

[11]

Ferraiolo, D. and Kuhn, R. 1992. Role-based access controls. In Proceedings of the 15th NIST-NCSC National Computer Security Conference. Baltimore, MD, 554--563.

[12]

Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., and Chandramouli, R. 2001. Proposed NIST standard for role-based access control. ACM Trans. Inform. Syst. Secur. 4, 3 (August), 224--274.

Digital Library

[13]

George, B. and Valeva, A. 2006. A database security course on a shoestring. In Proceedings of the 37th Technical Symposium on Computer Science Education (SIGCSE'06). Houston, Texas.

Digital Library

[14]

Hill, J. M. D., Jr., C. A. C., Humphries, J. W., and Pooch, U. W. 2001. Using an isolated network laboratory to teach advanced networks and security. In Proceedings of the 32nd Technical Symposium on Computer Science Education (SIGCSE'01). Charlotte, NC, 36--40.

Digital Library

[15]

Howatt, J. 2002. Operating systems projects: Minix revisited. SIGCSE Bulletin--Inroads, 109--111.

Digital Library

[16]

Hu, J., Meinel, C., and Schmitt, M. 2004. Tele-lab IT security: an architecture for interactive lessons for security education. In Proceedings of the 35th Technical Symposium on Computer Science Education (SIGCSE'04). ACM Press, Norfolk, Virginia, 412--416.

Digital Library

[17]

Irvine, C. E. 1999. Amplifying security education in the laboratory. In Proceedings of IFIP TC11 WC11. First World Conference on INFOSEC Education. Kista, Sweden, 139--146.

[18]

Irvine, C. E., Levin, T. E., Nguyen, T. D., and Dinolt, G. W. 2004. The trusted computing exemplar project. In Proceedings of the IEEE Systems Man and Cybernetics Information Assurance Workshop (SMC'04). West Point, NY, 109--115.

[19]

Irvine, C. E. and Thompson, M. 2003. Teaching objectives of a simulation game for computer security. In Proceedings of Informing Science and Information Technology Joint Conference (InSITE'03). Pori, Finland.

[20]

Joseph, A., Tygar, D., Vazirani, U., and Wagner, D. CS 194-1, Fall 2005 Computer Security. University of Berkeley. http://www-inst.eecs.berkeley.edu/~cs161/fa05/.

[21]

Kolb, D. 1984. Experiential Learning: Experience as the Source of Learning and Development. Prentice Hall, Englewood Cliffs, NJ.

[22]

Lie, D. 2005. ECE1776: Computer Security, Cryptography and Privacy. University of Toronto. http://www.eecg.toronto.edu/~lie/ECE1776/.

[23]

Loscocco, P. and Smalley, S. 2001. Integrating flexible support for security policies into the Linux operating system. In Proceedings of the 10th USENIX Conference (FREENIX Track'01).

Digital Library

[24]

Mayo, J. and Kearns, P. 1999. A secure unrestricted advanced systems laboratory. In Proceedings of the 30th Technical Symposium on Computer Science Education (SIGCSE'99). New Orleans, LA, 165--169.

Digital Library

[25]

Memon, N. 2005. CS392/681: Computer Security. http://isis.poly.edu/courses/cs392/.

[26]

Micco, M. and Rossman, H. 2002. Building a cyberwar lab: lessons learned: teaching cybersecurity principles to undergraduates. In Proceedings of the 33rd Technical Symposium on Computer Science Education (SIGCSE'02). ACM Press, Cincinnati, Kentucky, 23--27.

Digital Library

[27]

Mitchener, W. G. and Vahdat, A. 2001. A chat room assignment for teaching network security. In Proceedings of the 32nd Technical Symposium on Computer Science Education (SIGCSE'01). ACM Press, Charlotte, NC, 31--35.

Digital Library

[28]

Mullins, P., Wolfe, J., Fry, M., Wynters, E., Calhoun, W., Montante, R., and Oblitey, W. 2002. Panel on integrating security concepts into existing computer courses. In Proceedings of the 33rd Technical Symposium on Computer Science Education (SIGCSE'02). ACM Press, Cincinnati, KY, 365--366.

Digital Library

[29]

O'Leary, M. 2006. A laboratory based capstone course in computer security for undergraduates. In Proceedings of the 37th Technical Symposium on Computer Science Education (SIGCSE'06). Houston, TX.

Digital Library

[30]

Romney, G. W. and Stevenson, B. R. 2004. An isolated, multi-platform network sandbox for teaching it security system engineers. In Proceedings of the 5th Conference on Information Technology Education (CITCS'04). Salt Lake City, UT.

Digital Library

[31]

Ross, K. 2005. CS393/682: Network Security. http://isis.poly.edu/courses/cs393-s2005/.

[32]

Schafer, J., Ragsdale, D. J., Surdu, J. R., and Carver, C. A. 2001. The iwar range: a laboratory for undergraduate information assurance education. J. Comput. Small Coll. 16, 4, 223--232.

Digital Library

[33]

SUN Microsystems, Inc. 2001. White paper: RBAC in the Solaris operating environment. Available at http://www.sun.com/software/whitepapers/wp-rbac/wp-rbac.pdf.

[34]

Tanenbaum, A. S. and Woodhull, A. S. 1997. Operating Systems Design and Implementation, 2nd ed. Number 0136386776. Prentice Hall, Upper Saddle River, NJ.

Digital Library

[35]

Vaughn Jr., R. B. 2000. Application of security to the computing science classroom. In Proceedings of the 31st Technical Symposium on Computer Science Education (SIGCSE'00). Austin, TX, 90--94.

Digital Library

[36]

Wagner, P. J. and Wudi, J. M. 2004. Designing and implementing a cyberwar laboratory exercise for a computer security course. In Proceedings of the 35th Technical Symposium on Computer Science Education (SIGCSE'04). ACM Press, Norfolk, VA, 402--406.

Digital Library

Cited By

Jois TAlmogbil AKostick LStephenson BStone JBattestilli LRebelsky SShoop L(2024)Root the (Ballot) Box: Designing Security Engineering Courses with E-VotingProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 210.1145/3626253.3635518(1696-1697)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3626253.3635518
Petullo W(2022)Courses as Code: The Aquinas Learning SystemProceedings of the 15th Workshop on Cyber Security Experimentation and Test10.1145/3546096.3546099(30-38)Online publication date: 8-Aug-2022
https://dl.acm.org/doi/10.1145/3546096.3546099
Wang JBrylow DPerouli DMerkle LDoyle MSheard JSoh LDorn B(2022)Reversing Our Ways from x86 VM Configurations onto ARM-Based Raspberry PisProceedings of the 53rd ACM Technical Symposium on Computer Science Education V. 210.1145/3478432.3499124(1139-1139)Online publication date: 3-Mar-2022
https://dl.acm.org/doi/10.1145/3478432.3499124
Show More Cited By

Index Terms

SEED: A Suite of Instructional Laboratories for Computer Security Education
1. Social and professional topics
  1. Professional topics
    1. Computing education
      1. Computing education programs
        Computer science education
        Information science education

Recommendations

SEED: a suite of instructional laboratories for computer SEcurity EDucation
SIGCSE '07: Proceedings of the 38th SIGCSE technical symposium on Computer science education

To provide students with hands-on exercises in computer security education, we have developed a laboratory environment (SEED) for computer security education. It is based on VMware, Minix, and linux, all of which are free for educational uses. Based on ...
Technology workshops by in-service teachers for pre-service teachers
SIGUCCS '01: Proceedings of the 29th annual ACM SIGUCCS conference on User services

This project was an initiative through university courses to have graduate in-service teachers, who have learned the use of technology for classroom instruction, offer workshops to undergraduate pre-service teachers. The goals of the project were two-...
Expanding security awareness in introductory computer science courses
InfoSecCD '09: 2009 Information Security Curriculum Development Conference

Information Security is typically reserved for upper division courses in Computer Science (CS) and Computer Information System (IS) programs. It is often an elective or graduate level course. Information Security is an important topic that can be ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Journal on Educational Resources in Computing

Journal on Educational Resources in Computing Volume 8, Issue 1

March 2008

48 pages

ISSN:1531-4278

EISSN:1531-4278

DOI:10.1145/1348713

Issue’s Table of Contents

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 March 2008

Accepted: 01 January 2008

Revised: 01 November 2007

Received: 01 June 2007

Published in JERIC Volume 8, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

45
Total Citations
View Citations
1,249
Total Downloads

Downloads (Last 12 months)25
Downloads (Last 6 weeks)4

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jois TAlmogbil AKostick LStephenson BStone JBattestilli LRebelsky SShoop L(2024)Root the (Ballot) Box: Designing Security Engineering Courses with E-VotingProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 210.1145/3626253.3635518(1696-1697)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3626253.3635518
Petullo W(2022)Courses as Code: The Aquinas Learning SystemProceedings of the 15th Workshop on Cyber Security Experimentation and Test10.1145/3546096.3546099(30-38)Online publication date: 8-Aug-2022
https://dl.acm.org/doi/10.1145/3546096.3546099
Wang JBrylow DPerouli DMerkle LDoyle MSheard JSoh LDorn B(2022)Reversing Our Ways from x86 VM Configurations onto ARM-Based Raspberry PisProceedings of the 53rd ACM Technical Symposium on Computer Science Education V. 210.1145/3478432.3499124(1139-1139)Online publication date: 3-Mar-2022
https://dl.acm.org/doi/10.1145/3478432.3499124
Rauf IPetre MTun TLopez TLunn PVan Der Linden DTowse JSharp HLevine MRashid ANuseibeh B(2021)The Case for Adaptive Security InterventionsACM Transactions on Software Engineering and Methodology10.1145/347193031:1(1-52)Online publication date: 28-Sep-2021
https://dl.acm.org/doi/10.1145/3471930
Raja AGalvan JLi YYuan JLunt BHansen DMorrey P(2021)UCLPProceedings of the 22nd Annual Conference on Information Technology Education10.1145/3450329.3476852(23-28)Online publication date: 6-Oct-2021
https://dl.acm.org/doi/10.1145/3450329.3476852
Vekaria KCalyam PWang SPayyavula RRockey MAhmed N(2021)Cyber Range for Research-Inspired Learning of “Attack Defense by Pretense” Principle and PracticeIEEE Transactions on Learning Technologies10.1109/TLT.2021.309190414:3(322-337)Online publication date: 1-Jun-2021
https://doi.org/10.1109/TLT.2021.3091904
Alexander CMa LCai ZCheng W(2021)Eureka Labs: Enhancing Cybersecurity Education through Inquiry-based Hands-on Activities2021 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/IOP/SCI)10.1109/SWC50871.2021.00082(552-557)Online publication date: Oct-2021
https://doi.org/10.1109/SWC50871.2021.00082
Vykopal JČeleda PSeda PŠvábenský VTovarňák D(2021)Scalable Learning Environments for Teaching Cybersecurity Hands-on2021 IEEE Frontiers in Education Conference (FIE)10.1109/FIE49875.2021.9637180(1-9)Online publication date: 13-Oct-2021
https://dl.acm.org/doi/10.1109/FIE49875.2021.9637180
Hosler RZou XBishop M(2021)Electronic Voting Technology Inspired Interactive Teaching and Learning Pedagogy and Curriculum Development for Cybersecurity EducationInformation Security Education for Cyber Resilience10.1007/978-3-030-80865-5_3(27-43)Online publication date: 7-Jul-2021
https://doi.org/10.1007/978-3-030-80865-5_3
Kalyanam RYang BWillis CLambert MKirkpatrick C(2020)CHEESE: Cyber Human Ecosystem of Engaged Security Education2020 IEEE Frontiers in Education Conference (FIE)10.1109/FIE44824.2020.9273931(1-7)Online publication date: 21-Oct-2020
https://doi.org/10.1109/FIE44824.2020.9273931
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents