This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Helping Students 0wn Their Own Code
May/June 2009 (vol. 7 no. 3)
pp. 53-56
Michael E. Locasto, George Mason University
It's a difficult mental exercise to simultaneously envision how a system could be forced to fail while you're busy designing how it's meant to work. At George Mason University, instructors give their students practice at this skill by requiring them to write attack scripts for all their assignments. Creating an attack script is a mental exercise for the student in which they align themselves with an attacker's perspective to formulate a structured plan of attack: a series of tasks and experiments that gain information about the internal state of the probed system. The purpose of this exercise is to help the student nurture a mindset in which they can appreciate how systems might be attacked in all their aspects, from design and implementation to runtime configuration.

1. S. Bratus, "Hacker Curriculum: How Hackers Learn Networking," IEEE Distributed Systems Online, vol. 8, no. 10, 2007; http://dsonline.computer.org/portal/pages/ dsonline/2007/10ox002edu.html.
2. S. Bratus, "What Hackers Learn that the Rest of Us Don't: Notes on Hacker Curriculum," IEEE Security &Privacy, vol. 5, no. 4, 2007, pp. 72–75.
3. G. White and G. Nordstrom, "Security across the Curriculum: Using Computer Security to Teach Computer Science Principles," Proc. 19th Nat'l Information Systems Security Conf., US Nat'l Inst. Standards and Tech., 1996, pp. 483–488.
4. G. Vigna, "Teaching Network Security through Live Exercises," Proc. 3rd Ann. World Conf. Information Security Education (WISE 03), C. Irvine, and H. Armstrong eds., Kluwer Academic, 2003, pp. 3–18.
5. S. Swoyer, "Users Enthusiastic about Microsoft Security Initiative," Jan. 2002; http://redmondmag.com/newsarticle.asp?EditorialsID=5168 .

Index Terms:
Education, security, privacy, attack scripts, coding
Citation:
Michael E. Locasto, "Helping Students 0wn Their Own Code," IEEE Security & Privacy, vol. 7, no. 3, pp. 53-56, May-June 2009, doi:10.1109/MSP.2009.66
Usage of this product signifies your acceptance of the Terms of Use.