Integrating Formal Methods for Security in Software Security Education
Gespeichert in:
| Titel: | Integrating Formal Methods for Security in Software Security Education |
|---|---|
| Autoren: | Paolo Modesti |
| Quelle: | Informatics in Education, Vol 19, Iss 3, Pp 425-454 (2020) |
| Verlagsinformationen: | Vilnius University Press, 2020. |
| Publikationsjahr: | 2020 |
| Schlagwörter: | programming abstractions, LC8-6691, constructivism, 4. Education, 05 social sciences, 0102 computer and information sciences, Special aspects of education, 0503 education, 01 natural sciences, software security education, formal methods for security, research-led teaching |
| Beschreibung: | As the number of software vulnerabilities discovered increases, the industry is facing difficulties to find specialists to cover the vacancies for security software developers. Considering relevant teaching and learning theories, along with existing approaches in software security education, we present the pedagogic rationale and the concrete implementation of a course on security protocol development that integrates formal methods for security research into the teaching practice. A novelty of the framework is the adoption of a conceptual model aligned with the level of abstraction used for the symbolic (high-level) representation of cryptographic and communication primitives. This is aimed not only at improving skills in secure software development, but also at bridging the gap between the formal representation and the actual implementation, making formal methods and tools more accessible to students and practitioners. |
| Publikationsart: | Article |
| Sprache: | English |
| ISSN: | 2335-8971 1648-5831 |
| DOI: | 10.15388/infedu.2020.19 |
| Zugangs-URL: | https://infedu.vu.lt/journal/INFEDU/article/657/file/pdf https://doaj.org/article/7a29cad2cd9f4f5c8670f20232889540 https://doaj.org/article/7a29cad2cd9f4f5c8670f20232889540 https://www.ceeol.com/search/article-detail?id=896120 https://doi.org/10.15388/infedu.2020.19 https://research.tees.ac.uk/en/publications/integrating-formal-methods-for-security-in-software-security-educ http://files.eric.ed.gov/fulltext/EJ1267761.pdf |
| Rights: | CC BY |
| Dokumentencode: | edsair.doi.dedup.....9e2d3ec2b77ce5ad56a26bb0940826d3 |
| Datenbank: | OpenAIRE |
Full Text Finder 
Nájsť tento článok vo Web of Science | Abstract: | As the number of software vulnerabilities discovered increases, the industry is facing difficulties to find specialists to cover the vacancies for security software developers. Considering relevant teaching and learning theories, along with existing approaches in software security education, we present the pedagogic rationale and the concrete implementation of a course on security protocol development that integrates formal methods for security research into the teaching practice. A novelty of the framework is the adoption of a conceptual model aligned with the level of abstraction used for the symbolic (high-level) representation of cryptographic and communication primitives. This is aimed not only at improving skills in secure software development, but also at bridging the gap between the formal representation and the actual implementation, making formal methods and tools more accessible to students and practitioners. |
|---|---|
| ISSN: | 23358971 16485831 |
| DOI: | 10.15388/infedu.2020.19 |