Developing an Applied, Security-oriented Computing Curriculum
- Conference
- Location
-
San Antonio, Texas
- Publication Date
-
June 10, 2012
- Start Date
-
June 10, 2012
- End Date
-
June 13, 2012
- ISSN
-
2153-5965
- Conference Session
- Tagged Division
-
Electrical and Computer
- Page Count
-
16
- Page Numbers
-
25.420.1 - 25.420.16
- DOI
-
10.18260/1-2--21178
- Permanent URL
-
https://peer.asee.org/21178
- Download Count
-
380
Paper Authors
Marcin Lukowiak Rochester Institute of Technology
Marcin Lukowiak is an Assistant Professor in the Computer Engineering Department at Rochester Institute of Technology in Rochester, N.Y. His research interests are concentrated in the applied cross-disciplinary area related to reconfigurable computing, hardware and hardware-software systems, cryptographic engineering, high performance computing, and hardware-assisted image and video processing. Lukowiak obtained his Ph.D. in technical sciences from the Poznan University of Technology in Oct. 2001.
Andrew Meneely Rochester Institute of Technology
Stanislaw P. Radziszowski Rochester Institute of Technology
Stanislaw Radziszowski is a professor in the Department of Computer Science since 1995. He earned Ph.D. from the Institute of Informatics at the University of Warsaw. During the years 1980-1984, he worked in IIMAS at the National Autonomous University of Mexico in Mexico City, and since 1984, at the RIT. In the 1990s, he held three times six-week visiting positions at the Australian National University in Canberra and maintained collaborations with universities in Poland. His main research interest is in combinatorial computing: solving classical problems in combinatorics, graph theory, and design theory, usually with the help of massive computations. Bounds on Ramsey numbers are his favorite. His survey titled "Small Ramsey Numbers," which is a regularly updated living article at the Electronic Journal of Combinatorics, became a standard reference in this area. He teaches mostly theory-oriented courses, including very popular courses on cryptography, both at undergraduate and graduate levels. His recent work on applied cryptography led to joint projects with the Computer Engineering Department.
James R. Vallino Rochester Institute of Technology
Jim Vallino has academic and industrial experience across a broad range of engineering disciplines. His academic training includes a B.E. in mechanical engineering, a M.S. in electrical and computer engineering, and after more than 16 years in industry, received a M.S. and Ph.D. in computer science. While in industry, he worked in small and large companies doing product development and industrial research. His responsibilities included both hardware and software development at AT&T Bell Laboratories, Siemens Corporate Research, and AVL, including microcode for a graphics processor, real-time medical image processing, and data acquisition and communications protocols for semiconductor process control. Since 1997, he has been a faculty member in Rochester Institute of Technology's Department of Software Engineering, now in the position of Chair. His professional interests are in the engineering of software for real-time and embedded systems. He was a recipient of RIT's 2010 Eisenhart Award for Outstanding Teaching.
Christopher A. Wood Rochester Institute of Technology
Abstract
Developing an Applied, Security-Oriented Computing CurriculumSoftware and hardware security is a reality that all stakeholders must face, from hardwareengineers to software developers to customers. As a direct result, the technology industry isfacing a growing need for graduates who have an understanding of security principles at varyinglevels of abstraction. These graduates will need security-oriented perspectives stemming fromboth theoretical and practical disciplines, including Software Engineering, ComputerEngineering, and Computer Science. Unfortunately, in traditional academic settings, securesoftware and hardware are typically taught by separate departments despite being intertwined inpractice. Consequently, the objective of this initiative is to prepare students to apply a security-oriented awareness to every aspect of hardware and software systems by developing a multi-disciplinary curriculum involving three departments. Our efforts focus on integrating securityinto software design and implementations, hardware design and implementations, and hardware-software co-design. In this paper, we describe changes we made to an existing introductorycryptography course, report on a recently-developed course entitled “Hardware and SoftwareDesign for Cryptographic Applications”, and present our plans for a “Secure SoftwareEngineering” course.For several years, we have been offering coursework in cryptography in the Department ofComputer Science. Cryptography I, a traditional introductory course, covers block ciphers, hashfunctions, and public-key systems together with the mathematics behind it. In the last offering ofCryptography I, we introduced a new thread on efficiency and secure implementations ofcryptographic algorithms. This new material encourages students to enroll in one or both of thenew courses discussed below.The goal of the “Hardware and Software Design for Cryptographic Applications” is to buildknowledge and skills necessary for efficient and secure implementations of cryptographicprimitives on reconfigurable hardware. The implementation platform is a field programmablegate array (FPGA) containing a general purpose processor and additional reconfigurable fabricfor implementations of custom hardware accelerators. Student teams design selectedcryptographic primitives followed by comparison and contrast of various implementationalternatives, such as software, custom FPGA hardware, and hybrid hardware-software co-design.Project teams are ideally composed of one Computer Engineering student and one Software Engineeringor Computer Science student. Topics include: binary finite field arithmetic, block ciphers, hashfunctions, modes of operation for block ciphers, public key cryptosystems, hardware-softwareco-design methodologies with FPGAs, software development and profiling, high level synthesis,FPGA-based embedded system architectures, hardware/software interfaces, and customhardware accelerators.The goal of the “Secure Software Engineering” course is to equip students for applying securityprinciples to every phase of the software development lifecycle. Topics include: threat modeling,risk analysis, secure requirements, secure designs, defensive coding techniques, cryptographicalgorithm deployment, penetration testing, static source code analysis, and security assessment.Students will learn sound security fundamentals by conducting case studies on real-worldsoftware and by using cutting-edge tools and technologies.
Lukowiak, M., & Meneely, A., & Radziszowski, S. P., & Vallino, J. R., & Wood, C. A. (2012, June), Developing an Applied, Security-oriented Computing Curriculum Paper presented at 2012 ASEE Annual Conference & Exposition, San Antonio, Texas. 10.18260/1-2--21178
ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2012 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015