Helping Students 0wn Their Own Code

Michael E. Locasto

doi:10.1109/MSP.2009.66

Security&Privacy
2009
Issue No. 3 - May/June
Abstract - Helping Students 0wn Their Own Code

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Michael E. Locasto

Helping Students 0wn Their Own Code

May/June 2009 (vol. 7 no. 3)

pp. 53-56

	ASCII Text	x
	Michael E. Locasto, "Helping Students 0wn Their Own Code," IEEE Security & Privacy, vol. 7, no. 3, pp. 53-56, May/June, 2009.

	BibTex	x
	@article{ 10.1109/MSP.2009.66, author = {Michael E. Locasto}, title = {Helping Students 0wn Their Own Code}, journal ={IEEE Security & Privacy}, volume = {7}, number = {3}, issn = {1540-7993}, year = {2009}, pages = {53-56}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2009.66}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Helping Students 0wn Their Own Code IS - 3 SN - 1540-7993 SP53 EP56 EPD - 53-56 A1 - Michael E. Locasto, PY - 2009 KW - Education KW - security KW - privacy KW - attack scripts KW - coding VL - 7 JA - IEEE Security & Privacy ER -

Michael E. Locasto, George Mason University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.66

It's a difficult mental exercise to simultaneously envision how a system could be forced to fail while you're busy designing how it's meant to work. At George Mason University, instructors give their students practice at this skill by requiring them to write attack scripts for all their assignments. Creating an attack script is a mental exercise for the student in which they align themselves with an attacker's perspective to formulate a structured plan of attack: a series of tasks and experiments that gain information about the internal state of the probed system. The purpose of this exercise is to help the student nurture a mindset in which they can appreciate how systems might be attacked in all their aspects, from design and implementation to runtime configuration.

1. S. Bratus, "Hacker Curriculum: How Hackers Learn Networking," IEEE Distributed Systems Online, vol. 8, no. 10, 2007; http://dsonline.computer.org/portal/pages/ dsonline/2007/10ox002edu.html.
2. S. Bratus, "What Hackers Learn that the Rest of Us Don't: Notes on Hacker Curriculum," IEEE Security &Privacy, vol. 5, no. 4, 2007, pp. 72–75.
3. G. White and G. Nordstrom, "Security across the Curriculum: Using Computer Security to Teach Computer Science Principles," Proc. 19th Nat'l Information Systems Security Conf., US Nat'l Inst. Standards and Tech., 1996, pp. 483–488.
4. G. Vigna, "Teaching Network Security through Live Exercises," Proc. 3rd Ann. World Conf. Information Security Education (WISE 03), C. Irvine, and H. Armstrong eds., Kluwer Academic, 2003, pp. 3–18.
5. S. Swoyer, "Users Enthusiastic about Microsoft Security Initiative," Jan. 2002; http://redmondmag.com/newsarticle.asp?EditorialsID=5168 .

Index Terms:

Education, security, privacy, attack scripts, coding

Citation:

Michael E. Locasto, "Helping Students 0wn Their Own Code," IEEE Security & Privacy, vol. 7, no. 3, pp. 53-56, May-June 2009, doi:10.1109/MSP.2009.66

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.