Raising security awareness using cybersecurity challenges in embedded programming courses

Detalhes bibliográficos
Autor(a) principal: Gasiba, T. E.
Data de Publicação: 2021
Outros Autores: Hodzic, S., Lechner, U., Pinto-Albuquerque, M.
Idioma: eng
Título da fonte: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Texto Completo: http://hdl.handle.net/10071/27230
Resumo: Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of awareness training. The Sifu platform was developed in the industry, for the industry, with the aim to raise software developers' awareness of secure coding. This paper extends the Sifu platform with three challenges that specifically address embedded programming courses, and describes how to implement these challenges, while also evaluating the usefulness of these challenges to raise security awareness in an academic setting. Our work presents technical details on the detection mechanisms for software vulnerabilities and gives practical advice on how to implement them. The evaluation of the challenges is performed through two trial runs with a total of 16 participants. Our preliminary results show that the challenges are suitable for academia, and can even potentially be included in official teaching curricula. One major finding is an indicator of the lack of awareness of secure coding by undergraduates. Finally, we compare our results with previous work done in the industry and extract advice for practitioners.
id RCAP_b259f25fbf5ce94d489402c7ce26d40b
oai_identifier_str oai:repositorio.iscte-iul.pt:10071/27230
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Raising security awareness using cybersecurity challenges in embedded programming coursesSecure codingSoftware qualityEmbedded programmingTrainingCybersecurity challengeEducationSecurity bugSecurity bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of awareness training. The Sifu platform was developed in the industry, for the industry, with the aim to raise software developers' awareness of secure coding. This paper extends the Sifu platform with three challenges that specifically address embedded programming courses, and describes how to implement these challenges, while also evaluating the usefulness of these challenges to raise security awareness in an academic setting. Our work presents technical details on the detection mechanisms for software vulnerabilities and gives practical advice on how to implement them. The evaluation of the challenges is performed through two trial runs with a total of 16 participants. Our preliminary results show that the challenges are suitable for academia, and can even potentially be included in official teaching curricula. One major finding is an indicator of the lack of awareness of secure coding by undergraduates. Finally, we compare our results with previous work done in the industry and extract advice for practitioners.IEEE2023-01-14T23:05:27Z2021-01-01T00:00:00Z20212023-01-14T23:04:23Zconference objectinfo:eu-repo/semantics/publishedVersionapplication/pdfhttp://hdl.handle.net/10071/27230eng978-1-7281-8476-010.1109/ICCQ51190.2021.9392965Gasiba, T. E.Hodzic, S.Lechner, U.Pinto-Albuquerque, M.info:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2024-07-07T02:37:32Zoai:repositorio.iscte-iul.pt:10071/27230Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T18:02:29.000981Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Raising security awareness using cybersecurity challenges in embedded programming courses
title Raising security awareness using cybersecurity challenges in embedded programming courses
spellingShingle Raising security awareness using cybersecurity challenges in embedded programming courses
Gasiba, T. E.
Secure coding
Software quality
Embedded programming
Training
Cybersecurity challenge
Education
Security bug
title_short Raising security awareness using cybersecurity challenges in embedded programming courses
title_full Raising security awareness using cybersecurity challenges in embedded programming courses
title_fullStr Raising security awareness using cybersecurity challenges in embedded programming courses
title_full_unstemmed Raising security awareness using cybersecurity challenges in embedded programming courses
title_sort Raising security awareness using cybersecurity challenges in embedded programming courses
author Gasiba, T. E.
author_facet Gasiba, T. E.
Hodzic, S.
Lechner, U.
Pinto-Albuquerque, M.
author_role author
author2 Hodzic, S.
Lechner, U.
Pinto-Albuquerque, M.
author2_role author
author
author
dc.contributor.author.fl_str_mv Gasiba, T. E.
Hodzic, S.
Lechner, U.
Pinto-Albuquerque, M.
dc.subject.por.fl_str_mv Secure coding
Software quality
Embedded programming
Training
Cybersecurity challenge
Education
Security bug
topic Secure coding
Software quality
Embedded programming
Training
Cybersecurity challenge
Education
Security bug
description Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of awareness training. The Sifu platform was developed in the industry, for the industry, with the aim to raise software developers' awareness of secure coding. This paper extends the Sifu platform with three challenges that specifically address embedded programming courses, and describes how to implement these challenges, while also evaluating the usefulness of these challenges to raise security awareness in an academic setting. Our work presents technical details on the detection mechanisms for software vulnerabilities and gives practical advice on how to implement them. The evaluation of the challenges is performed through two trial runs with a total of 16 participants. Our preliminary results show that the challenges are suitable for academia, and can even potentially be included in official teaching curricula. One major finding is an indicator of the lack of awareness of secure coding by undergraduates. Finally, we compare our results with previous work done in the industry and extract advice for practitioners.
publishDate 2021
dc.date.none.fl_str_mv 2021-01-01T00:00:00Z
2021
2023-01-14T23:05:27Z
2023-01-14T23:04:23Z
dc.type.driver.fl_str_mv conference object
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10071/27230
url http://hdl.handle.net/10071/27230
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 978-1-7281-8476-0
10.1109/ICCQ51190.2021.9392965
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv IEEE
publisher.none.fl_str_mv IEEE
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833597147766849536

Registros relacionados