Asee peer logo

Infusing Software Security in Software Engineering

Download Paper |

Conference

2017 ASEE Annual Conference & Exposition

Location

Columbus, Ohio

Publication Date

June 24, 2017

Start Date

June 24, 2017

End Date

June 28, 2017

Conference Session

Software Engineering Division Technical Session 2

Tagged Division

Software Engineering Division

Tagged Topic

Diversity

Page Count

15

DOI

10.18260/1-2--28530

Permanent URL

https://peer.asee.org/28530

Download Count

121

Request a correction

Paper Authors

biography

Sushil Acharya Robert Morris University

visit author page

Acharya joined Robert Morris University in Spring 2005 after serving 15 years in the Software Industry. His teaching involvement and research interest are in the area of Software Engineering education, Software Verification & Validation, Data Mining, Neural Networks, and Enterprise Resource Planning. He also has interest in Learning Objectives based Education Material Design and Development. Acharya is a co-author of “Discrete Mathematics Applications for Information Systems Professionals- 2nd Ed., Prentice Hall”. He is a member of Nepal Engineering Association and is also a member of ASEE, and ACM. Acharya was the Principal Investigator of the 2007 HP grant for Higher Education at RMU. In 2013 Acharya received a National Science Foundation (NSF) Grant for developing course materials through an industry-academia partnership in the area of Software Verification and Validation. Acharya is also the Director of Research and Grants at RMU.

visit author page

biography

Walter W Schilling Jr. Milwaukee School of Engineering

visit author page

Walter Schilling is an Associate Professor in the Software Engineering program at the Milwaukee School of Engineering in Milwaukee, Wisconsin. He received his B.S.E.E. from Ohio Northern University and M.S. and Ph.D. from the University of Toledo. He worked for Ford Motor Company and Visteon as an Embedded Software Engineer for several years prior to returning for doctoral work. He has spent time at NASA Glenn Research Center in Cleveland, Ohio, and consulted for multiple embedded systems companies in the Midwest. In addition to one U.S. patent, Schilling has numerous publications in refereed international conferences and other journals. He received the Ohio Space Grant Consortium Doctoral Fellowship and has received awards from the IEEE Southeastern Michigan and IEEE Toledo Sections. He is a member of IEEE, IEEE Computer Society and ASEE. At MSOE, he coordinates courses in software quality assurance, software verification, software engineering practices, real time systems, secure software development, network security, and operating systems.

visit author page

Download Paper |

Abstract

Software is now ubiquitous and software security is now realized as a growing threat. It is important for software developers to fix software security problems, however more imperative is for software developers to understand that security features are not to be introduced as patchwork when a security situation arises but are to be addressed and handled very early in the software development lifecycle. Industry’s general lack of ignorance of software security benefits and more importantly the shortage of software practitioners possessing software security understanding creates multitude of problems in the software industry. Imparting real world experiences in the academia as well as the industry is a challenge due to lack of effective active learning tools (ALT). Riding on the success of developing and disseminating, 42 delivery hours of active learning tools in the area of software verification and validation the authors propose to partner with industry to develop 14 delivery hours of course modules developing ALTs in the form of class exercises, case studies, and case study videos and delivering them using a flipped classroom model.

Through a gap analysis exercise jointly carried out with industry partners a draft requirements list has being identified. Specific exercises are being developed using an iterative development methodology. Student understanding is proposed to be assessed through quizzes, exams, assignment, and a learning survey. Once developed the ALTs will be made publicly available through a website. This paper discusses continuing work on the gap analysis in software security education, presents proposed contents areas for ALT, shares structures of three developed/proposed ALTs, presents a sample of a survey instrument, and presents a sample ALT on case study video.

Acharya, S., & Schilling, W. W. (2017, June), Infusing Software Security in Software Engineering Paper presented at 2017 ASEE Annual Conference & Exposition, Columbus, Ohio. 10.18260/1-2--28530

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2017 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015