Guided Learning and Interactive Visualization for Teaching & Learning Stack Smashing Attacks & Defenses: Experiences and Evaluation
This Innovative Practice paper presents the design, deployment, and evaluation of a software security module that teaches stack smashing attacks and defenses using innovative pedagogical practices. Widely ubiquitous buffer overflow vul-nerabilities and stack smashing attacks that exploit them are cr...
Gespeichert in:
| Veröffentlicht in: | Proceedings - Frontiers in Education Conference S. 1 - 9 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Tagungsbericht |
| Sprache: | Englisch |
| Veröffentlicht: |
IEEE
13.10.2024
|
| Schlagworte: | |
| ISSN: | 2377-634X |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | This Innovative Practice paper presents the design, deployment, and evaluation of a software security module that teaches stack smashing attacks and defenses using innovative pedagogical practices. Widely ubiquitous buffer overflow vul-nerabilities and stack smashing attacks that exploit them are critical components in advanced software security curricula, since buffer overflows can arise due to simple programmer oversight, and stack smashing can have dangerous consequences in critical systems. However, these topics are known to be difficult to teach and learn due to the vast amount of background needed, the difficulty of learning type-unsafe languages, and laborious memory address space calculations involved. In this work, we aim to bring innovative pedagogical practices to this advanced cybersecurity education topic through a suite of four guided learning activities that follow the Process Oriented Guided Inquiry Learning (POGIL) style, and DISSAV, an interactive visualization tool for modeling stack smashing attacks. This paper presents an evaluation of the module based on deploying it in multiple sections of an introductory undergraduate cybersecurity course in the UNC Charlotte in Fall 2022, Spring 2023, and Fall 2023. Our study finds that students have mostly positive perceptions about activity structure / design, content, and style, but that improvements may be needed to some aspects, including question phrasing, activity length, and teamwork facilitation. |
|---|---|
| AbstractList | This Innovative Practice paper presents the design, deployment, and evaluation of a software security module that teaches stack smashing attacks and defenses using innovative pedagogical practices. Widely ubiquitous buffer overflow vul-nerabilities and stack smashing attacks that exploit them are critical components in advanced software security curricula, since buffer overflows can arise due to simple programmer oversight, and stack smashing can have dangerous consequences in critical systems. However, these topics are known to be difficult to teach and learn due to the vast amount of background needed, the difficulty of learning type-unsafe languages, and laborious memory address space calculations involved. In this work, we aim to bring innovative pedagogical practices to this advanced cybersecurity education topic through a suite of four guided learning activities that follow the Process Oriented Guided Inquiry Learning (POGIL) style, and DISSAV, an interactive visualization tool for modeling stack smashing attacks. This paper presents an evaluation of the module based on deploying it in multiple sections of an introductory undergraduate cybersecurity course in the UNC Charlotte in Fall 2022, Spring 2023, and Fall 2023. Our study finds that students have mostly positive perceptions about activity structure / design, content, and style, but that improvements may be needed to some aspects, including question phrasing, activity length, and teamwork facilitation. |
| Author | Pradhan, Soham Dangeti, Sushma I Obaidat, Islam Sridhar, Meera Ramaprasad, Harini |
| Author_xml | – sequence: 1 givenname: Harini surname: Ramaprasad fullname: Ramaprasad, Harini email: hramapra@charlotte.edu organization: UNC Charlotte,Charlotte,North Carolina,USA – sequence: 2 givenname: Meera surname: Sridhar fullname: Sridhar, Meera email: msridhar@charlotte.edu organization: UNC Charlotte,Charlotte,North Carolina,USA – sequence: 3 givenname: Sushma I surname: Dangeti fullname: Dangeti, Sushma I email: sdangeti@charlotte.edu organization: UNC Charlotte,Charlotte,North Carolina,USA – sequence: 4 givenname: Soham surname: Pradhan fullname: Pradhan, Soham email: spradh11@charlotte.edu organization: UNC Charlotte,Charlotte,North Carolina,USA – sequence: 5 givenname: Islam surname: Obaidat fullname: Obaidat, Islam email: iaobaidat@ncat.edu organization: NC Agricultural and Technical State University,Greensboro,North Carolina,USA |
| BookMark | eNpFkEtPAkEQhEejiYD8A2Pm5G1xHrvz8EZwQRISD6DxRnpne3UUBrKzEPXqHxdQ46nT6a-rUtUmJ2EVkJBLznqcM3s9HOeKK5v2BBNpjzNjhbXqiHSttkZmTGY8Y_qYtITUOlEyfToj7RhfGWPSKN0iX6ONL7GkE4Q6-PBMIZR0HBqswTV-i_TRxw0s_Cc0fhVotarpDMG97NGr_69pA-6NTpcQD5d-s9_jjrjFCkPEeEPz9zXWHoPDeDDJt7DYHFTPyWkFi4jd39khD8N8NrhLJvej8aA_STxnqkkKoVEXnFVGlxzRGlXsoqsCMq0kmlQLhZWFtMokCm6dYSVzHA130mljUtkhFz-6HhHn69ovof6Y_5UmvwFbo2Q- |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/FIE61694.2024.10892996 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE/IET Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Education |
| EISBN | 9798350351507 |
| EISSN | 2377-634X |
| EndPage | 9 |
| ExternalDocumentID | 10892996 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: UNC Charlotte funderid: 10.13039/100010942 |
| GroupedDBID | -~X 6IE 6IF 6IH 6IK 6IL 6IM 6IN AAJGR AAWTH ABLEC ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IJVOP IPLJI OCL RIE RIL RIO RNS |
| ID | FETCH-LOGICAL-i106t-b27e7b10f87d1ee986b1696ba5763e84726ef9a4f53e219c80d0c1e81c3c78843 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 0 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001447128100147&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Mar 05 06:01:44 EST 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i106t-b27e7b10f87d1ee986b1696ba5763e84726ef9a4f53e219c80d0c1e81c3c78843 |
| PageCount | 9 |
| ParticipantIDs | ieee_primary_10892996 |
| PublicationCentury | 2000 |
| PublicationDate | 2024-Oct.-13 |
| PublicationDateYYYYMMDD | 2024-10-13 |
| PublicationDate_xml | – month: 10 year: 2024 text: 2024-Oct.-13 day: 13 |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings - Frontiers in Education Conference |
| PublicationTitleAbbrev | FIE |
| PublicationYear | 2024 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0003867 |
| Score | 1.8854964 |
| Snippet | This Innovative Practice paper presents the design, deployment, and evaluation of a software security module that teaches stack smashing attacks and defenses... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Buffer overflows Computer security descriptive statistics Education engaged ped-agogy guided learning Memory management Software software security Springs stack smashing Statistical analysis Surveys Teamwork |
| Title | Guided Learning and Interactive Visualization for Teaching & Learning Stack Smashing Attacks & Defenses: Experiences and Evaluation |
| URI | https://ieeexplore.ieee.org/document/10892996 |
| WOSCitedRecordID | wos001447128100147&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07T8MwELZoxQALUIp4ywNiS7Fj13bYELTAUlWioG5VbF9QhEhRk_IH-OPYbtrCwMAWRzlZusT3yn3fIXTBNeVdw3jUVYmMPPtIpCUhkSWWE-1Cdp6aMGxCDgZqPE6GNVg9YGEAIDSfQcdfhn_5dmrmvlTmTrhy3jwRDdSQUizAWiuzy5SQNQSYkuSq_9gTVCS-bBLzzlLy1wyV4EL6O__cfBe112A8PFy5mT20AUXLD1uuGzNaaPsHp-A--rqf5xYsrolTX3FaWBzqfmkwbfglLz2QcgG_xC5mxaO6oxJfrqVcEGre8NP7YtYSvqn8unRP3EHmMl8or_GaJbkMm_RWxOFt9NzvjW4fonrSQpS7lLCKdCxBakoyJS0FSJTQTndCpy4bYeAcWCwgS1KedRk4E2cUscRQUNQw43Jozg5Qs5gWcIiwEFqkTAFTlvJMxy6_S0kWZ3GSpU7OHKG21-3kY0GmMVmq9fiP-ydoy79B7y4oO0XNajaHM7RpPqu8nJ2HT-AbJsSylA |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1NT8IwGG4UTdSLihi_7cF4G7Zr6TpvRkGISEhEw42s7TuzGMEw8A_4x23LAD148LYte9Ok296vvc_zIHTBFeU1zXhQk3EUOPaRQEWEBIYYTpRN2XmivdhE1OnIfj_uFmB1j4UBAD98BlV36P_lm5GeulaZ_cKljeaxWEVrTjqrgGstHC-TIipAwJTEV41WXVARu8ZJyKtz218qKj6INLb_ufwOqizheLi7CDS7aAWGZSe3XIxmlNHWD1bBPfR1P80MGFxQp77iZGiw7_wl3rnhlyx3UMoZABPbrBX3iplKfLm0smmofsNP7zO1JXwzcee5veMOUlv7Qn6NlzzJuV-kvqAOr6DnRr132wwKrYUgs0XhJFBhBJGiJJWRoQCxFMrunVCJrUcY2BAWCkjjhKc1BtbJaUkM0RQk1UzbKpqzfVQajoZwgLAQSiRMApOG8lSFtsJLSBqmYZwm1k4foorb28HHjE5jMN_Woz-un6ONZu-xPWi3Og_HaNM9TRc8KDtBpcl4CqdoXX9Osnx85l-Hb56ftd0 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+-+Frontiers+in+Education+Conference&rft.atitle=Guided+Learning+and+Interactive+Visualization+for+Teaching+%26+Learning+Stack+Smashing+Attacks+%26+Defenses%3A+Experiences+and+Evaluation&rft.au=Ramaprasad%2C+Harini&rft.au=Sridhar%2C+Meera&rft.au=Dangeti%2C+Sushma+I&rft.au=Pradhan%2C+Soham&rft.date=2024-10-13&rft.pub=IEEE&rft.eissn=2377-634X&rft.spage=1&rft.epage=9&rft_id=info:doi/10.1109%2FFIE61694.2024.10892996&rft.externalDocID=10892996 |