External Research: Trustworthy Computing Curriculum 2005 Awards

Microsoft Research
Trustworthy Computing Curriculum 2005 Awards

Microsoft Research selected 15 proposals totaling $750,000 that focused on the �pillars� of trustworthy computing and secure software engineering. Three proposals were funded in each of the areas of security, reliability, privacy, business integrity, and secure software engineering. The proposal outcomes ranged from full undergraduate and graduate courses to a set of discrete teaching modules.

Trustworthy Computing Curriculum Award Recipients

TrustSPBU.NET — A Set of Courses on Secure Software Engineering and Trustworthy Computing
Vladimir Safonov
St. Petersburg University, Russia

The purpose of the project is to integrate advanced topics of secure software engineering and trustworthy computing into an existing curriculum — the four courses on software engineering, Microsoft.NET, compilers, and operating systems developed and disseminated by the MSDNAA Web site as the result of the SPBU.NET project supported by Microsoft Research in 2003 due to the Microsoft Research Curriculum 2003.

Enhancing Information Privacy Protection and the Fair Use of Information via Trustworthy Computing
Beomsoo Kim
Yonsei University, South Korea

Information privacy and the protection of individuals� rights are crucial issues underlying the Digital Information Economy. A consumer trust in privacy protection is essential in establishing a trustworthy computing relationship, while such need for protection must be balanced with the fair use of information from the perspective of consumer, business, and the economy. The curriculum for �Enhancing Information Privacy Protection and the Fair Use of Information via Trustworthy Computing� approaches the issue of privacy protection and the fair use of information from a comparative, cross-cultural perspective. This curriculum analyzes industry-wide and government-based privacy protection practices in Asia, Europe, and the U.S. The course content includes modules on the fundamentals of information privacy, current practices/best practices for information privacy protection, technologies for privacy protection, and evaluating privacy practices. The proposed curriculum will be featured in a new course taught in the fall of 2006 at the Graduate School of Information, a leading research and teaching school on information technologies at Yonsei University, South Korea premier private university. While considerable research and curricular offerings are available on the technological aspects of privacy and security, this course aims to fill the existing void for curricular material on business and social perspectives on the topics of information privacy, business practices, and regulations.

Development of New Course: Usable Privacy and Security
Lorrie Cranor
Carnegie Mellon University

We plan to develop a new course on usable privacy and security to be offered by the Carnegie Mellon School of Computer Science beginning in the Spring of 2006. This course will be designed to introduce students to a variety of usability and user interface problems related to privacy and security and to give them experience in designing and conducting studies aimed at helping to evaluate usability issues in security and privacy systems. Topics to be covered include human-computer interaction methods for design and evaluation, secure interaction design, trust and semantic attacks, design for privacy, making privacy visible, Web browser privacy and security, authentication and alternatives to text passwords, PKIs and usability, usable secure communications systems, and usable tools for security administration. Students will analyze usability issues related to a number of deployed security and privacy systems. In addition, students will learn about security and privacy research projects underway at Carnegie Mellon and conduct usability analyses and pilot user studies to aid in improving the usability of systems developed as part of these projects.

A Hands-On Course on Trustworthy Networking
Guevara Noubir
Northeastern University

Information Assurance is a topic that requires as much attention to its real-world implications as its theoretical underpinnings. As such, Northeastern University�s College of Computer and Information Science has endeavored to provide students in the undergraduate and graduate curriculum with a program that gives them opportunity to explore the practical elements of information security awareness and related design, and deployment decisions in a supervised laboratory, while simultaneously acquiring a strong conceptual knowledge of the underlying theory in the more traditional classroom environment. Using this approach of teaching, we propose to develop, implement, and share the material of an undergraduate course on �Trustworthy Networking.� This course extends our existing undergraduate network security course to other facets of trustworthy networking such as secure networked software design and implementation. We will adapt, expand, and integrate the laboratory material and competition developed for our graduate network security course to the undergraduate setting. The Trustworthy Networking course will have lectures and problems sets addressing conceptual aspects, and laboratory assignments and a competition to provide hands-on experience to the students, in a supervised relatively large scale and challenging environment. In the laboratory, each team of students is provided computers, software, and routers. The interconnection infrastructure is managed by the instructor. Both the conceptual aspects and laboratory assignments will rely on multiple Microsoft technologies such as Microsoft Windows Server 2003, Virtual PC, and .NET Framework Security.

Reusable Teaching Modules on Selected Advanced Software Security Topics
Frank Piessens
Katholieke Universiteit Leuven, Belgium

This proposal solicits support for the creation of four advanced teaching modules that will become part of the secure software track of the Master of Computer Science at the K.U. Leuven in Belgium. The four modules address countermeasures for C/C++ vulnerabilities, improving software quality through lightweight specifications, aspect-orientation for security, and threat modeling.

Integrated Modular Trustworthy Computing Curriculum Development
Yan Chen
Northwestern University

Despite some recent efforts of the PIs, the area of information security is underrepresented in the current curriculum of Northwestern University. This project is designed to fill that gap by offering a series of discrete teaching modules that could be integrated into other core courses in the Computer Science major program at this or any other institutes. The goal is to create an �Immersive Trustworthy Computing Learning Environment� so that students receive continuous security education throughout their undergraduate study. Our aim is educate generations of students that will not only understand main security treats, but that would be capable of treating security as one of the key parameters when building systems. We will involve at least six courses to introduce the trustworthy computing principles and their implications in the six different domains. Through such re-iteration of trustworthy computing instruction in different principles, students will gain deep understanding of security, privacy, reliability, business integrity, and secure software engineering from an interdisciplinary perspective.

Collaborative Proposal for Course Development in Trustworthy Computing
Connie Justice, Indiana University Purdue University Indianapolis
Linda Morales, Texas A&M University

There is an urgent societal need for students to develop a sense of ethical responsibility and trustworthy behavior as users of information technology. Texas A&M University-Commerce and Indiana University-Purdue University Indianapolis propose to address this need through collaborative proposals to develop course modules in information security ethics. The issues discussed in the modules are a critical part of all students� knowledge base. We hope to contribute to the production of mature, ethically responsible graduates as a result. The materials will be developed in a way to allow them to be used for teaching ethics modules within a variety of computing and technology courses, or grouped together for a dedicated course in ethics in computing and technology. Students will explore their ethical responsibilities and rights in the context of the four pillars of trustworthy computing: security, privacy, reliability and business integrity.

Integrating OS Reliability & Security Teaching Modules in a Computer Architecture Course
Tao Li
University of Florida

Trustworthy computing has created entirely new fields in IT industries and with it a need for an entirely new cadre of trained professionals, who are familiar with hardware, software, and the theory/concept of reliability and information security. However, most students today are not trained in a truly interdisciplinary manner, but rather must acquire additional skills on their own. This has created a shortage of students with the right interdisciplinary training to enter this demanding field. In the proposed teaching modules, I will focus on introducing the concept of integrated hardware/software design and optimization for reliable and secure computing platform and making the intellectual connection between hardware (architecture), software (operating system), and the emerging challenges in trustworthy computing (e.g., semiconductor soft error and malicious attack). Specifically, the following curriculum development and educational programs will be pursued during the term of the award period: develop a teaching module on analyzing and modeling operating system reliability in the presence of semiconductor transit faults and evaluating reliability-aware architecture design; develop a teaching module to showcase that with appropriate architecture support, the operating system security can be significantly enhanced; enhance an existing computer architecture course to embrace interaction of the operating system and the above reliability and security teaching modules; and provide wide access to the developed teaching modules and course projects.

Improving a Trustworthy Computing Curriculum (TCC) for Undergraduate/Graduate Computer Science
Mehmet Sahinoglu
Troy University

The objective of this proposal is to strengthen and validate an already existing course on Reliability and Security in the CS Department of TROY�s Montgomery Campus generally serving adult and working students in IT to meet the most current trends of the academia and IT industry. Other local campuses in Troy, Dothan, and Phoenix City, and 62 world campuses including those of distance learning will benefit. We aim to provide our students with collaborative guidance by a local IT firm for hands-on-training through the creation of a cyber-security lab. Compensated graduate students will play an active role in the TCC improvement, assisted by the PI�s current book writing activity on Reliability and Security.

i-Safety: Network Security Begins in the Classroom
Nora Rifon
Michigan State University

Young Internet users in their high school and college years are especially vulnerable to privacy threats. Adolescent users frequently engage in risky behaviors, such as MP3 downloads, and often fall prey to online scams that imperil both themselves and their families. With so many online threats perpetuated by the every day actions of young Internet users, it is only logical to enlist them in the cause of privacy protection, but how? We define the problem as one of i-Safety. Our premise is that the key to reaching the young users is to translate online security from an abstract technical issue into a social issue and a personal problem that will involve the average online user. Safety and privacy are intertwined. Online safety threats inevitably produce unwanted disclosures of information or present unwanted intrusions on the private cyberspaces inside our computers, impacting the two basic dimensions of privacy. Many of the same behaviors that assure online safety, such as erasing spy ware and managing spam and cookies, are also essential privacy protection behaviors. By framing the safety issue in privacy terms, we can thus make the abstract issues of network security both socially relevant and personally tangible to young users who find privacy especially salient. To address these issues, we propose to prepare curriculum materials for introductory information technology courses at both the high school and college levels. Based on our on-going research sponsored by the National Science Foundation, the modules will be tailored to individual differences in i-Safety knowledge and attitudes by administering online self-assessments that will link learners to custom-tailored instructional units. This will minimize the entry level knowledge problems that can arise when computer novices are confused by the presentation of advanced material while the computer savvy lose interest in covering basic knowledge they already possess. The modules will be tested and validated for high school students at Holt High School in Michigan. The high school curriculum materials will be disseminated through contacts with administrators and faculty responsible for basic computer instruction throughout the State of Michigan. We will visit selected school districts for in-service training activities. We will publicize our project through Michigan State University�s public relations departments and place stories in news outlets throughout the state. We will also develop contacts with formal (e.g., Michigan Education Association) and informal networks of educators involved in computer science education. We have connections with a public-private partnership aimed at promoting high tech education (GLIMA). Results will be disseminated at local (e.g., Michigan Association of Computer Users through Learning), national, and international conferences, such as ACM and CISSE.

Practicing Trustworthy Computing in Advanced Computer Networks
Aura Ganz
University of Massachusetts

The main objective in this proposal is to develop educational material that promotes awareness of trustworthy computing: security, privacy, reliability, and business integrity. We will introduce concepts on secure design, development, and deployment, and focus on illustrating these principles through the ever developing field of computer networks. The course will be introduced in the ECE department and offered to senior/graduate students. The novelty in the curriculum would be a mix of technical details and business value. We will supplement the course by using use case studies (of different networking applications of varied business needs), and a hands-on experience of practicing secure software engineering principles from the ground up in developing an application.

Integration of Network Survivability Concepts in an MS in Computer Networking Curriculum
George Rouskas
North Carolina State University

The growing societal dependence on large-scale, highly-distributed network systems amplifies the consequences of failures and service disruptions, whether due to fiber cuts, equipment or software failures, natural disasters, or attacks. We feel that every student who specializes in telecommunications and networking must be educated on the fundamentals, design principles, and operation of survivable networks that withstand adverse conditions and can be relied upon to provide continuous service. We will develop a new graduate course on the theory, architectures, algorithms, and protocols for survivable networks. We will also develop a suite of appropriate learning modules for integrating network survivability concepts throughout the curriculum of the interdisciplinary Master of Science in Computer Networking (MSCN) program at North Carolina State University. The proposed plan will build a solid foundation in the MSCN program toward our goal of creating a new MSCN concentration on secure and survivable networking. This proposal addresses the �Reliability� pillar of the Microsoft Trustworthy Computing Curriculum initiative.

TwC: A Deep Dive into Medical data Security Using Web Services
Alfred Weaver
University of Virginia

To produce students with practical experience in implementing computer systems security in a medical context, we propose the establishment of two new, intensive, computer science project courses (CS551 for undergraduates and CS651 for graduate students) that will take a hands-on approach to the creation of a secure computing environment for the digital medical enterprise. Rather than just exposing the principles of trustworthy computing, student groups will actually build specific components of a trustworthy system. The collection of projects will deal with four core components of security: user authentication of people and software, dynamic authorization of resource requests, federation of identity across trust domains, and strong encryption of transmitted data. Each project will require a deep understanding of the requirements of system security, and especially of medical data security; an analysis and selection of extant Web service techniques, protocols, and standards that are applicable to that problem; a coding solution using C# and .NET; and extensive testing to verify that the proposed solution satisfies system security requirements.

The Law and Policy of Trustworthy Computing
Paul Schwartz
University of California at Berkeley

In 2005, Trusted Computing moved to the forefront of a broad range of policy, business, and legal areas. The debate about building trusted computing components into software and hardware is also marked, however, by significant privacy concerns. The concern of civil libertarians is that anonymous identities and pseudonymous identities alike will not be possible in new trusted environments. This proposal for a Trusted Computing Curriculum, �The Law and Policy of Trustworthy Computing,� seeks first to educate law students about the nature of secure networks and the threats that make trustworthiness in computing and computer networks important. It also explores the promise and perils of this area, including the possible unintended consequences of emerging technology and regulatory proposals. While it covers all �pillars� of the award, it emphasizes the security and privacy principles.

 > Collaboration > Opportunities