Guided Learning and Interactive Visualization for Teaching & Learning Stack Smashing Attacks & Defenses: Experiences and Evaluation

This Innovative Practice paper presents the design, deployment, and evaluation of a software security module that teaches stack smashing attacks and defenses using innovative pedagogical practices. Widely ubiquitous buffer overflow vul-nerabilities and stack smashing attacks that exploit them are cr...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Proceedings - Frontiers in Education Conference s. 1 - 9
Hlavní autoři: Ramaprasad, Harini, Sridhar, Meera, Dangeti, Sushma I, Pradhan, Soham, Obaidat, Islam
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 13.10.2024
Témata:
Buffer overflows
Computer security
descriptive statistics
Education
engaged ped-agogy
guided learning
Memory management
Software
software security
Springs
stack smashing
Statistical analysis
Surveys
Teamwork
ISSN:2377-634X
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:This Innovative Practice paper presents the design, deployment, and evaluation of a software security module that teaches stack smashing attacks and defenses using innovative pedagogical practices. Widely ubiquitous buffer overflow vul-nerabilities and stack smashing attacks that exploit them are critical components in advanced software security curricula, since buffer overflows can arise due to simple programmer oversight, and stack smashing can have dangerous consequences in critical systems. However, these topics are known to be difficult to teach and learn due to the vast amount of background needed, the difficulty of learning type-unsafe languages, and laborious memory address space calculations involved. In this work, we aim to bring innovative pedagogical practices to this advanced cybersecurity education topic through a suite of four guided learning activities that follow the Process Oriented Guided Inquiry Learning (POGIL) style, and DISSAV, an interactive visualization tool for modeling stack smashing attacks. This paper presents an evaluation of the module based on deploying it in multiple sections of an introductory undergraduate cybersecurity course in the UNC Charlotte in Fall 2022, Spring 2023, and Fall 2023. Our study finds that students have mostly positive perceptions about activity structure / design, content, and style, but that improvements may be needed to some aspects, including question phrasing, activity length, and teamwork facilitation.
ISSN:2377-634X
DOI:10.1109/FIE61694.2024.10892996