Guided Learning and Interactive Visualization for Teaching & Learning Stack Smashing Attacks & Defenses: Experiences and Evaluation

This Innovative Practice paper presents the design, deployment, and evaluation of a software security module that teaches stack smashing attacks and defenses using innovative pedagogical practices. Widely ubiquitous buffer overflow vul-nerabilities and stack smashing attacks that exploit them are cr...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Proceedings - Frontiers in Education Conference s. 1 - 9
Hlavní autori: Ramaprasad, Harini, Sridhar, Meera, Dangeti, Sushma I, Pradhan, Soham, Obaidat, Islam
Médium: Konferenčný príspevok..
Jazyk:English
Vydavateľské údaje: IEEE 13.10.2024
Predmet:
Buffer overflows
Computer security
descriptive statistics
Education
engaged ped-agogy
guided learning
Memory management
Software
software security
Springs
stack smashing
Statistical analysis
Surveys
Teamwork
ISSN:2377-634X
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:This Innovative Practice paper presents the design, deployment, and evaluation of a software security module that teaches stack smashing attacks and defenses using innovative pedagogical practices. Widely ubiquitous buffer overflow vul-nerabilities and stack smashing attacks that exploit them are critical components in advanced software security curricula, since buffer overflows can arise due to simple programmer oversight, and stack smashing can have dangerous consequences in critical systems. However, these topics are known to be difficult to teach and learn due to the vast amount of background needed, the difficulty of learning type-unsafe languages, and laborious memory address space calculations involved. In this work, we aim to bring innovative pedagogical practices to this advanced cybersecurity education topic through a suite of four guided learning activities that follow the Process Oriented Guided Inquiry Learning (POGIL) style, and DISSAV, an interactive visualization tool for modeling stack smashing attacks. This paper presents an evaluation of the module based on deploying it in multiple sections of an introductory undergraduate cybersecurity course in the UNC Charlotte in Fall 2022, Spring 2023, and Fall 2023. Our study finds that students have mostly positive perceptions about activity structure / design, content, and style, but that improvements may be needed to some aspects, including question phrasing, activity length, and teamwork facilitation.
ISSN:2377-634X
DOI:10.1109/FIE61694.2024.10892996