Integrating Formal Methods for Security in Software Security Education

As the number of software vulnerabilities discovered increases, the industry is facing difficulties to find specialists to cover the vacancies for security software developers. Considering relevant teaching and learning theories, along with existing approaches in software security education, we pres...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Informatics in education Ročník 19; číslo 3; s. 425 - 454
Hlavní autor: MODESTI, Paolo
Médium: Journal Article
Jazyk:angličtina
Vydáno: Vilnius Vilniaus Universiteto Leidykla 2020
Vilnius University Press
Institute of Mathematics and Informatics
Vilnius University Institute of Mathematics and Informatics, Lithuanian Academy of Sciences
Vilnius University
Témata:
Alliances
College Science
Computer science
Computer Science Education
Computer Security
Computer Software
Conceptual models
Concrete
constructivism
Constructivism (Learning)
Cryptography
Cybersecurity
Data integrity
Education
Educational Practices
Formal method
formal methods for security
Higher education
ICT Information and Communications Technologies
International Studies
Labor Force
Learning
Learning theories
Online Systems
Professional Education
Programming
programming abstractions
Representations
Research Tools
research-led teaching
Science education
Science Instruction
Security
Skill Development
Skills
Social Sciences
Software
Software development
software security education
Specialists
Systems Development
Teaching
Teaching methods
Vacancies
Workforce
programming abstractions
formal methods for security
constructivism
researchled teaching
software security education
ISSN:1648-5831, 2335-8971
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:As the number of software vulnerabilities discovered increases, the industry is facing difficulties to find specialists to cover the vacancies for security software developers. Considering relevant teaching and learning theories, along with existing approaches in software security education, we present the pedagogic rationale and the concrete implementation of a course on security protocol development that integrates formal methods for security research into the teaching practice. A novelty of the framework is the adoption of a conceptual model aligned with the level of abstraction used for the symbolic (high-level) representation of cryptographic and communication primitives. This is aimed not only at improving skills in secure software development, but also at bridging the gap between the formal representation and the actual implementation, making formal methods and tools more accessible to students and practitioners.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1648-5831
2335-8971
DOI:10.15388/infedu.2020.19