Issue No.03 - May/June (2009 vol.7)
pp: 53-56
Michael E. Locasto , George Mason University
It's a difficult mental exercise to simultaneously envision how a system could be forced to fail while you're busy designing how it's meant to work. At George Mason University, instructors give their students practice at this skill by requiring them to write attack scripts for all their assignments. Creating an attack script is a mental exercise for the student in which they align themselves with an attacker's perspective to formulate a structured plan of attack: a series of tasks and experiments that gain information about the internal state of the probed system. The purpose of this exercise is to help the student nurture a mindset in which they can appreciate how systems might be attacked in all their aspects, from design and implementation to runtime configuration.
Education, security, privacy, attack scripts, coding
Michael E. Locasto, "Helping Students 0wn Their Own Code", IEEE Security & Privacy, vol.7, no. 3, pp. 53-56, May/June 2009, doi:10.1109/MSP.2009.66
1. S. Bratus, "Hacker Curriculum: How Hackers Learn Networking," IEEE Distributed Systems Online, vol. 8, no. 10, 2007; dsonline/2007/10ox002edu.html.
2. S. Bratus, "What Hackers Learn that the Rest of Us Don't: Notes on Hacker Curriculum," IEEE Security &Privacy, vol. 5, no. 4, 2007, pp. 72–75.
3. G. White and G. Nordstrom, "Security across the Curriculum: Using Computer Security to Teach Computer Science Principles," Proc. 19th Nat'l Information Systems Security Conf., US Nat'l Inst. Standards and Tech., 1996, pp. 483–488.
4. G. Vigna, "Teaching Network Security through Live Exercises," Proc. 3rd Ann. World Conf. Information Security Education (WISE 03), C. Irvine, and H. Armstrong eds., Kluwer Academic, 2003, pp. 3–18.
5. S. Swoyer, "Users Enthusiastic about Microsoft Security Initiative," Jan. 2002; .