Issue No.03 - May/June (2009 vol.7)
Michael E. Locasto , George Mason University
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.66
It's a difficult mental exercise to simultaneously envision how a system could be forced to fail while you're busy designing how it's meant to work. At George Mason University, instructors give their students practice at this skill by requiring them to write attack scripts for all their assignments. Creating an attack script is a mental exercise for the student in which they align themselves with an attacker's perspective to formulate a structured plan of attack: a series of tasks and experiments that gain information about the internal state of the probed system. The purpose of this exercise is to help the student nurture a mindset in which they can appreciate how systems might be attacked in all their aspects, from design and implementation to runtime configuration.
Education, security, privacy, attack scripts, coding
Michael E. Locasto, "Helping Students 0wn Their Own Code", IEEE Security & Privacy, vol.7, no. 3, pp. 53-56, May/June 2009, doi:10.1109/MSP.2009.66