Asee peer logo

Implementation of Security Modules with Model-Eliciting Activities in Computer Science Courses

Download Paper |


2020 ASEE Virtual Annual Conference Content Access


Virtual On line

Publication Date

June 22, 2020

Start Date

June 22, 2020

End Date

June 26, 2021

Tagged Division

Computing and Information Technology

Page Count




Permanent URL

Download Count


Request a correction

Paper Authors


Jeong Yang Texas A&M University-San Antonio Orcid 16x16

visit author page

Dr. Jeong Yang is an assistant professor in the Department of Computing and Cyber Security at Texas A&M University-San Antonio. She earned her Ph.D. in Computer Science and Software Engineering from Auburn University. Her current research interests include secure code analysis and visualization, and software security on various platforms such as stand-alone software systems and cloud-based or mobile applications. Her research also focuses on computing and cybersecurity education including the participation of women. She is an author or co-author of over 30 peer-reviewed journals and conference proceedings in these areas. She is a member of the IEEE Computer Society, ACM, ACM-W, Women in Cyber Security (WiCys), SWE(Society of Women Engineers), and NCWIT(National Center of Women in Technology).

visit author page

author page

Brandon Earwood Texas A&M University-San Antonio


Young Rae Kim Texas A&M University-San Antonio

visit author page

Young Rae Kim,, is an assistant professor of mathematics education in the Department of Curriculum and Instruction in the College of Education and Human Development at Texas A&M University-San Antonio. His research interests focus on how students’ mathematical thinking develops and how teachers can use such thinking as a base for instruction. Storytelling and Model-Eliciting Activities (MEAs) are central to his recent research.

visit author page


Akhtar Lodgher Texas A&M University - San Antonio

visit author page

Dr. Akhtar Lodgher is an A&M Regents Professor of Computing and Cyber Security and the Chair of the Department of Computing and Cyber Security (CCS) at Texas A&M University – San Antonio. His current research interests are in cyber security and software engineering. He has worked on several NSA and NSF funded grants for creating modules for infusing cyber security concepts into all core subjects of computer science education.

visit author page

Download Paper |


Security is a critical aspect in the design, development, and testing of software systems. Due to the increasing need for security-related skills within software systems and engineering, there is a growing demand for these skills to be taught at the university level. A series of 41 security modules was developed to assess the impact of these modules on teaching critical cyber security topics to students. This paper presents the implementation and outcomes of the first set of six security modules in a Freshman level course. This set consists of five modules presented in lectures as well as a sixth module emphasizing encryption and decryption used as the semester project for the course. Each module is a collection of concepts related to cyber security. The individual cyber security concepts are presented with a general description of a security issue to avoid, sample code with the security issue written in the Java programming language, and a second version of the code with an effective solution. The set of these modules was implemented in Computer Science I during the Fall 2019 semester. Incorporating each of the concepts in these modules into lectures depends on both the topic covered and the approach to resolving the related security issue.

Students were introduced to computing concepts related to both the security issue and the appropriate solution to fully grasp the overall concept. After presenting the materials to students, continual review with students is also essential. This reviewal process requires exploring use-cases for the programming mechanisms presented as solutions to the security issues discussed. In addition to the security modules presented in lectures, students were given a hands-on approach to understanding the concepts through Model-Eliciting Activities (MEAs). MEAs are open-ended, problem-solving activities in which groups of three to four students work to solve realistic complex problems in a classroom setting. The semester project related to encryption and decryption was implemented into the course as an MEA.

To assess the effectiveness of incorporating security modules with the MEA project into the curriculum of Computer Science I, two sections of the course were used as a control group and a treatment group. The treatment group included the security modules in lectures and the MEA project while the control group did not. To measure the overall effectiveness of incorporating security modules with the MEA project, both the instructor’s effectiveness as well as the student’s attitudes and interest were measured. For instructors, the primary question to address was to what extent do instructors change their attitudes towards student learning and their teaching practices because of the implementation of cyber security modules through MEAs. For students, the primary question to address was how the inclusion of security modules with the MEA project improved their understanding of the course materials and their interests in computer science. After implementing security modules with the MEA project, students showed a better understanding of cyber security concepts and a greater interest in broader computer science concepts. The instructor’s beliefs about teaching, learning, and assessment shifted from teacher-centered to student-centered, during his experience with the security modules and MEA.

Yang, J., & Earwood, B., & Kim, Y. R., & Lodgher, A. (2020, June), Implementation of Security Modules with Model-Eliciting Activities in Computer Science Courses Paper presented at 2020 ASEE Virtual Annual Conference Content Access, Virtual On line . 10.18260/1-2--34776

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2020 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015