View in EDS

Good Examples Help; Bad Tools Hurt: Lessons for Teaching Computer Security Skills to Undergraduates

Saved in:
Bibliographic Details
Title: Good Examples Help; Bad Tools Hurt: Lessons for Teaching Computer Security Skills to Undergraduates
Language: English
Authors: Sharman, Jonathan, Acemyan, Claudia Ziegler, Kortum, Philip, Wallach, Dan
Source: International Journal of Computer Science Education in Schools. Dec 2021 5(2).
Availability: International Journal of Computer Science Education in Schools. 83 Dollis Road, London N3 1RD, UK. 2-mail: info@ijcses.org; Web site: http://www.ijcses.org
Peer Reviewed: Y
Page Count: 14
Publication Date: 2021
Document Type: Journal Articles
Reports - Research
Education Level: Higher Education
Postsecondary Education
Descriptors: Teaching Methods, Computer Science Education, Undergraduate Students, Computer Software, Computer Security, Usability, Comparative Analysis, Cooperative Learning, Validity, Programming, Scoring Rubrics
Geographic Terms: Texas (Houston)
ISSN: 2513-8359
Abstract: Software security is inevitably dependent on developers' ability to to design and implement software without security bugs. Perhaps unsurprisingly, developers often fail to do this. Our goal is to understand this from a usability perspective, identifying how we might best train developers and equip them with the right software tools. To this end, we conducted two comparatively large-scale usability studies with undergraduate CS students to assess factors that affect success rates in securing web applications against cross-site request forgery (CSRF) attacks. First, we examined the impact of providing students with example code and/or a testing tool. Next, we examined the impact of working in pairs. We found that access to relevant secure code samples gave significant benefit to security outcomes. However, access to the tool alone had no significant effect on security outcomes, and surprisingly, the same held true for the tool and example code combined. These results confirm the importance of quality example code and demonstrate the potential danger of using security tools in the classroom that have not been validated for usability. No individual differences predicted one's ability to complete the task. We also found that working in pairs had a significant positive effect on security outcomes. These results provide useful directions for teaching computer security programming skills to undergraduate students.
Abstractor: As Provided
Entry Date: 2022
Accession Number: EJ1339044
Database: ERIC
FullText Text:
  Availability: 0
CustomLinks:
  – Url: https://eric.ed.gov/contentdelivery/servlet/ERICServlet?accno=EJ1339044
    Name: ERIC Full Text
    Category: fullText
    Text: Full Text from ERIC
Header DbId: eric
DbLabel: ERIC
An: EJ1339044
AccessLevel: 3
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Good Examples Help; Bad Tools Hurt: Lessons for Teaching Computer Security Skills to Undergraduates
– Name: Language
  Label: Language
  Group: Lang
  Data: English
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Sharman%2C+Jonathan%22">Sharman, Jonathan</searchLink><br /><searchLink fieldCode="AR" term="%22Acemyan%2C+Claudia+Ziegler%22">Acemyan, Claudia Ziegler</searchLink><br /><searchLink fieldCode="AR" term="%22Kortum%2C+Philip%22">Kortum, Philip</searchLink><br /><searchLink fieldCode="AR" term="%22Wallach%2C+Dan%22">Wallach, Dan</searchLink>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="SO" term="%22International+Journal+of+Computer+Science+Education+in+Schools%22"><i>International Journal of Computer Science Education in Schools</i></searchLink>. Dec 2021 5(2).
– Name: Avail
  Label: Availability
  Group: Avail
  Data: International Journal of Computer Science Education in Schools. 83 Dollis Road, London N3 1RD, UK. 2-mail: info@ijcses.org; Web site: http://www.ijcses.org
– Name: PeerReviewed
  Label: Peer Reviewed
  Group: SrcInfo
  Data: Y
– Name: Pages
  Label: Page Count
  Group: Src
  Data: 14
– Name: DatePubCY
  Label: Publication Date
  Group: Date
  Data: 2021
– Name: TypeDocument
  Label: Document Type
  Group: TypDoc
  Data: Journal Articles<br />Reports - Research
– Name: Audience
  Label: Education Level
  Group: Audnce
  Data: <searchLink fieldCode="EL" term="%22Higher+Education%22">Higher Education</searchLink><br /><searchLink fieldCode="EL" term="%22Postsecondary+Education%22">Postsecondary Education</searchLink>
– Name: Subject
  Label: Descriptors
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Teaching+Methods%22">Teaching Methods</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+Science+Education%22">Computer Science Education</searchLink><br /><searchLink fieldCode="DE" term="%22Undergraduate+Students%22">Undergraduate Students</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+Software%22">Computer Software</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+Security%22">Computer Security</searchLink><br /><searchLink fieldCode="DE" term="%22Usability%22">Usability</searchLink><br /><searchLink fieldCode="DE" term="%22Comparative+Analysis%22">Comparative Analysis</searchLink><br /><searchLink fieldCode="DE" term="%22Cooperative+Learning%22">Cooperative Learning</searchLink><br /><searchLink fieldCode="DE" term="%22Validity%22">Validity</searchLink><br /><searchLink fieldCode="DE" term="%22Programming%22">Programming</searchLink><br /><searchLink fieldCode="DE" term="%22Scoring+Rubrics%22">Scoring Rubrics</searchLink>
– Name: Subject
  Label: Geographic Terms
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Texas+%28Houston%29%22">Texas (Houston)</searchLink>
– Name: ISSN
  Label: ISSN
  Group: ISSN
  Data: 2513-8359
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Software security is inevitably dependent on developers' ability to to design and implement software without security bugs. Perhaps unsurprisingly, developers often fail to do this. Our goal is to understand this from a usability perspective, identifying how we might best train developers and equip them with the right software tools. To this end, we conducted two comparatively large-scale usability studies with undergraduate CS students to assess factors that affect success rates in securing web applications against cross-site request forgery (CSRF) attacks. First, we examined the impact of providing students with example code and/or a testing tool. Next, we examined the impact of working in pairs. We found that access to relevant secure code samples gave significant benefit to security outcomes. However, access to the tool alone had no significant effect on security outcomes, and surprisingly, the same held true for the tool and example code combined. These results confirm the importance of quality example code and demonstrate the potential danger of using security tools in the classroom that have not been validated for usability. No individual differences predicted one's ability to complete the task. We also found that working in pairs had a significant positive effect on security outcomes. These results provide useful directions for teaching computer security programming skills to undergraduate students.
– Name: AbstractInfo
  Label: Abstractor
  Group: Ab
  Data: As Provided
– Name: DateEntry
  Label: Entry Date
  Group: Date
  Data: 2022
– Name: AN
  Label: Accession Number
  Group: ID
  Data: EJ1339044
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=eric&AN=EJ1339044
RecordInfo BibRecord:
  BibEntity:
    Languages:
      – Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 14
    Subjects:
      – SubjectFull: Teaching Methods
        Type: general
      – SubjectFull: Computer Science Education
        Type: general
      – SubjectFull: Undergraduate Students
        Type: general
      – SubjectFull: Computer Software
        Type: general
      – SubjectFull: Computer Security
        Type: general
      – SubjectFull: Usability
        Type: general
      – SubjectFull: Comparative Analysis
        Type: general
      – SubjectFull: Cooperative Learning
        Type: general
      – SubjectFull: Validity
        Type: general
      – SubjectFull: Programming
        Type: general
      – SubjectFull: Scoring Rubrics
        Type: general
      – SubjectFull: Texas (Houston)
        Type: general
    Titles:
      – TitleFull: Good Examples Help; Bad Tools Hurt: Lessons for Teaching Computer Security Skills to Undergraduates
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Sharman, Jonathan
      – PersonEntity:
          Name:
            NameFull: Acemyan, Claudia Ziegler
      – PersonEntity:
          Name:
            NameFull: Kortum, Philip
      – PersonEntity:
          Name:
            NameFull: Wallach, Dan
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 12
              Type: published
              Y: 2021
          Identifiers:
            – Type: issn-electronic
              Value: 2513-8359
          Numbering:
            – Type: volume
              Value: 5
            – Type: issue
              Value: 2
          Titles:
            – TitleFull: International Journal of Computer Science Education in Schools
              Type: main
ResultId 1