当前位置:
X-MOL 学术
›
arXiv.cs.SE
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Raising Security Awareness using Cybersecurity Challenges in Embedded Programming Courses
arXiv - CS - Software Engineering Pub Date : 2021-02-20 , DOI: arxiv-2102.10436 Tiago Espinha Gasiba, Samra Hodzic, Ulrike Lechner, Maria Pinto-Albuquerque
arXiv - CS - Software Engineering Pub Date : 2021-02-20 , DOI: arxiv-2102.10436 Tiago Espinha Gasiba, Samra Hodzic, Ulrike Lechner, Maria Pinto-Albuquerque
Security bugs are errors in code that, when exploited, can lead to serious
software vulnerabilities. These bugs could allow an attacker to take over an
application and steal information. One of the ways to address this issue is by
means of awareness training. The Sifu platform was developed in the industry,
for the industry, with the aim to raise software developers' awareness of
secure coding. This paper extends the Sifu platform with three challenges that
specifically address embedded programming courses, and describes how to
implement these challenges, while also evaluating the usefulness of these
challenges to raise security awareness in an academic setting. Our work
presents technical details on the detection mechanisms for software
vulnerabilities and gives practical advice on how to implement them. The
evaluation of the challenges is performed through two trial runs with a total
of 16 participants. Our preliminary results show that the challenges are
suitable for academia, and can even potentially be included in official
teaching curricula. One major finding is an indicator of the lack of awareness
of secure coding by undergraduates. Finally, we compare our results with
previous work done in the industry and extract advice for practitioners.
中文翻译:
利用嵌入式编程课程中的网络安全挑战来提高安全意识
安全错误是代码中的错误,一旦被利用,就会导致严重的软件漏洞。这些错误可能使攻击者可以接管应用程序并窃取信息。解决此问题的方法之一是通过意识培训。Sifu平台是针对该行业而开发的,旨在提高软件开发人员对安全编码的认识。本文为Sifu平台扩展了三个挑战,这些挑战专门针对嵌入式编程课程,并描述了如何实现这些挑战,同时还评估了这些挑战在学术环境中提高安全意识的有用性。我们的工作提供了有关软件漏洞检测机制的技术细节,并提供了有关如何实施这些漏洞的实用建议。挑战的评估是通过两次试验进行的,共有16名参与者。我们的初步结果表明,这些挑战适合于学术界,甚至有可能包含在官方教学课程中。一个主要发现是表明缺乏对大学生对安全编码的认识。最后,我们将我们的结果与行业中以前的工作进行比较,并为从业者提供建议。
更新日期:2021-02-23
中文翻译:
利用嵌入式编程课程中的网络安全挑战来提高安全意识
安全错误是代码中的错误,一旦被利用,就会导致严重的软件漏洞。这些错误可能使攻击者可以接管应用程序并窃取信息。解决此问题的方法之一是通过意识培训。Sifu平台是针对该行业而开发的,旨在提高软件开发人员对安全编码的认识。本文为Sifu平台扩展了三个挑战,这些挑战专门针对嵌入式编程课程,并描述了如何实现这些挑战,同时还评估了这些挑战在学术环境中提高安全意识的有用性。我们的工作提供了有关软件漏洞检测机制的技术细节,并提供了有关如何实施这些漏洞的实用建议。挑战的评估是通过两次试验进行的,共有16名参与者。我们的初步结果表明,这些挑战适合于学术界,甚至有可能包含在官方教学课程中。一个主要发现是表明缺乏对大学生对安全编码的认识。最后,我们将我们的结果与行业中以前的工作进行比较,并为从业者提供建议。