Integrating Formal Methods for Security in Software Security Education

Integrating Formal Methods for Security in Software Security Education

As the number of software vulnerabilities discovered increases, the industry is facing difficulties to find specialists to cover the vacancies for security software developers. Considering relevant teaching and learning theories, along with existing approaches in software security education, we pres...

Full description

Bibliographic Details
Main Author: Paolo MODESTI
Format: Article
Language:English
Published: Vilnius University 2020-09-01
Series:Informatics in Education
Subjects:
software security education
formal methods for security
programming abstractions
research-led teaching
constructivism
Online Access:https://infedu.vu.lt/journal/INFEDU/article/657/info
id doaj-7a29cad2cd9f4f5c8670f20232889540
record_format Article
spelling doaj-7a29cad2cd9f4f5c8670f202328895402021-01-02T09:58:19ZengVilnius UniversityInformatics in Education1648-58312335-89712020-09-0119342545410.15388/infedu.2020.19Integrating Formal Methods for Security in Software Security EducationPaolo MODESTI0Department of Computer Science and Information Systems, Teesside University Middlesbrough, United KingdomAs the number of software vulnerabilities discovered increases, the industry is facing difficulties to find specialists to cover the vacancies for security software developers. Considering relevant teaching and learning theories, along with existing approaches in software security education, we present the pedagogic rationale and the concrete implementation of a course on security protocol development that integrates formal methods for security research into the teaching practice. A novelty of the framework is the adoption of a conceptual model aligned with the level of abstraction used for the symbolic (high-level) representation of cryptographic and communication primitives. This is aimed not only at improving skills in secure software development, but also at bridging the gap between the formal representation and the actual implementation, making formal methods and tools more accessible to students and practitioners.https://infedu.vu.lt/journal/INFEDU/article/657/infosoftware security educationformal methods for securityprogramming abstractionsresearch-led teachingconstructivism
collection DOAJ
language English
format Article
sources DOAJ
author Paolo MODESTI
spellingShingle Paolo MODESTI
Integrating Formal Methods for Security in Software Security Education
Informatics in Education
software security education
formal methods for security
programming abstractions
research-led teaching
constructivism
author_facet Paolo MODESTI
author_sort Paolo MODESTI
title Integrating Formal Methods for Security in Software Security Education
title_short Integrating Formal Methods for Security in Software Security Education
title_full Integrating Formal Methods for Security in Software Security Education
title_fullStr Integrating Formal Methods for Security in Software Security Education
title_full_unstemmed Integrating Formal Methods for Security in Software Security Education
title_sort integrating formal methods for security in software security education
publisher Vilnius University
series Informatics in Education
issn 1648-5831
2335-8971
publishDate 2020-09-01
description As the number of software vulnerabilities discovered increases, the industry is facing difficulties to find specialists to cover the vacancies for security software developers. Considering relevant teaching and learning theories, along with existing approaches in software security education, we present the pedagogic rationale and the concrete implementation of a course on security protocol development that integrates formal methods for security research into the teaching practice. A novelty of the framework is the adoption of a conceptual model aligned with the level of abstraction used for the symbolic (high-level) representation of cryptographic and communication primitives. This is aimed not only at improving skills in secure software development, but also at bridging the gap between the formal representation and the actual implementation, making formal methods and tools more accessible to students and practitioners.
topic software security education
formal methods for security
programming abstractions
research-led teaching
constructivism
url https://infedu.vu.lt/journal/INFEDU/article/657/info
work_keys_str_mv AT paolomodesti integratingformalmethodsforsecurityinsoftwaresecurityeducation
_version_ 1724355808927416320

Similar Items