Teaching the principles of the hacker curriculum to undergraduates

Bratus, Sergey; Shubina, Anna; Locasto, Michael E.

doi:10.1145/1734263.1734303

Cited by 26 publications

(22 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This approach is predicated on the utility of understanding failure modes. Rather than teaching students the "success" cases, we attempt to deliver a culture shock that makes them disrespect API boundaries and adopt a cross-layer view of the CS discipline as described by Bratus et al [3]. We also routinely encourage our students to adopt a dual frame of mind (attacker and defender) when solving problems to prevent artificial abstraction layers from becoming boundaries of competence [20].…”

Section: Related Workmentioning

confidence: 99%

Teaching Cybersecurity Analysis Skills in the Cloud

Weiss

Boesen

Sullivan

et al. 2015

Proceedings of the 46th ACM Technical Symposium on Computer Science Education

Self Cite

View full text Add to dashboard Cite

This paper reports on the experience of using the EDURange framework, a cloud-based resource for hosting on-demand interactive cybersecurity scenarios. Our framework is designed especially for the needs of teaching faculty. The scenarios we have implemented each are designed specifically to nurture the development of analysis skills in students as a complement to both theoretical security concepts and specific software tools.Our infrastructure has two features that make it unique compared to other cybersecurity educational frameworks. First, EDURange is scalable because it is hosted on a commercial, large-scale cloud environment. Second, EDURange supplies instructors with the ability to dynamically change the parameters and characteristics of exercises so they can be replayed and adapted to multiple classes. Our framework has been used successfully in classes and workshops for students and faculty. We present our experiences building the system, testing it, and using feedback from surveys to improve the system and boost user interest.

show abstract

Section: Related Workmentioning

confidence: 99%

Teaching Cybersecurity Analysis Skills in the Cloud

Weiss

Boesen

Sullivan

et al. 2015

Proceedings of the 46th ACM Technical Symposium on Computer Science Education

Self Cite

View full text Add to dashboard Cite

show abstract

“…[10] One methodology for incorporating cyber ethics into an information security program is the introduction of students to ethical hacking techniques. With the growth of the Internet from computers to phones to tablets there is an increase in the types of security threats around the world, challenging the academic world to prepare qualified information security and information assurance professionals (graduates) who also incorporate ethics into their skill sets [11][12][13]. Such techniques build a sense of responsibility for the security of all online users as a whole and teach students to find vulnerabilities in a responsible manner, including the reporting of those vulnerabilities to the appropriate parties.…”

Section: Need For Cyber Ethics In Information Security Curriculamentioning

confidence: 99%

Personal Denial of Service Attacks (PDOS) and Online Misbehavior: The Need for Cyber Ethics and Information Security Education on University Campuses

Podhradsky

LeBlanc

Bartolacci

2014

JCSM

View full text Add to dashboard Cite

The authors examine the need to provide basic information security and cyber ethics training for all university students, not just those pursuing an information security-related degree. The authors also discuss the need to include ethical hacking, as part of an emphasis on cyber ethics, into information security degree programs. Both of these topics are discussed within the context of a new category of cyber crime, a Personal Denial of Service Attack (PDOS) that the authors have identified, along with other types of cyber crime, that are endemic to university campuses.

show abstract

“…Consequently, students trained in offensive techniques do not necessarily become malicious hackers, but rather become competent security professionals. The fact of not studying and applying the techniques, tactics, and methodologies of attackers would leave large gaps in the knowledge base of graduates (Brutus et al, 2010;Ledin, 2011). However, it is obvious that there is no guarantee that very few of the students who have been taught offensive techniques in schools will be hackers in the future and perform malicious hacking activities against systems and networks.…”

Section: University Email Servers (14%)mentioning

confidence: 99%

“…However, there is growing interest in offensive techniques which were originally developed by hackers (Bishop, 1997;Brutus, Shubina, & Locasto, 2010;Hill, Carver, Humphries, & Pooch, 2001;Ledin, 2011;Mullins et al, 2002;Trabelsi, 2011;Yuan & Zhong, 2008). In fact, ethical hacking techniques are central for better understanding the ways in which security systems fail.…”

Section: Introductionmentioning

confidence: 99%

A Hands-on Approach for Teaching Denial of Service Attacks: A Case Study

Trabelsi¹,

Ibrahim²

2013

JITE:IIP

View full text Add to dashboard Cite

Executive SummaryNowadays, many academic institutions are including ethical hacking in their information security and Computer Science programs. Information security students need to experiment common ethical hacking techniques in order to be able to implement the appropriate security solutions. This will allow them to more efficiently protect the confidentiality, integrity, and availability of computer systems and assets.This paper presents a case study of the implementation of comprehensive ethical hacking handson lab exercises, which are fundamental to security education. The exercises are about three common Denial of Service (DoS) attacks, namely, the Land, the TCP (transmission control protocol) SYN (synchronization) flood, and the Teardrop attacks. DoS attacks are important topics for security courses teaching ethical hacking and intrusion detection techniques. The paper discusses also common defense techniques for detecting DoS attacks, including Intrusion Detection Systems (IDS) and Software tools. Snort tool is used as the IDS defense solution during the hands-on lab exercises. The learning objective of the hands-on lab exercises is for students to learn how to implement and detect the DoS attacks in an isolated network laboratory environment.Adding ethical hacking to an information security curriculum raises a variety of ethical and legal issues. Some students will use the acquired offensive hands-on skills in inappropriate and sometimes illegal ways. Hence, students may threaten their careers, hurt others, and put their institution's entire information security program at risk. Also, schools and educators may be held liable for the actions of their students. To contribute to improving the chances of having a successful and problem free information security programs that teach ethical hacking techniques, the paper lists a number of steps that should be taken by schools and educators to ensure that students are responsible for their actions and educate students on the consequences of any misconduct.The impact of offering the exercises on the students' performance in terms of achieving the course outcomes is also discussed. The course assessment results show that the offered hands-on lab exercises allowed students to better anatomize the attacks and assimilate the concepts learned from the lecture. The students have learned better with the exercises which had a positive effect on their performance.An anonymous questionnaire was administered to students who participated in the hands-on lab exercises to measure their satisfaction level and collect theirMaterial published as part of this publication, either on-line or in print, is copyrighted by the Informing Science Institute. Permission to make digital or paper copy of part or all of these works for personal or classroom use is granted without fee provided that the copies are not made or distributed for profit or commercial advantage AND that copies 1) bear this notice in full and 2) give the full citation on the first page. It is permissible to abstract ...

show abstract

Teaching the principles of the hacker curriculum to undergraduates

Cited by 26 publications

References 8 publications

Teaching Cybersecurity Analysis Skills in the Cloud

Teaching Cybersecurity Analysis Skills in the Cloud

Personal Denial of Service Attacks (PDOS) and Online Misbehavior: The Need for Cyber Ethics and Information Security Education on University Campuses

A Hands-on Approach for Teaching Denial of Service Attacks: A Case Study

Contact Info

Product

Resources

About