Teaching Security Engineering Principles

Irvine, Cynthia E.; Levin, Timothy

Teaching Security Engineering Principles

Active / Technical Report | Accession Number: ADA483886 |

Open PDF

Abstract:

The design and construction of secure systems cannot be entirely captured in textbooks or class notes, but must be taught as an art which is learned through apprenticeship and practice. This paper describes a course in Secure Systems that uses the Flaw Hypothesis Methodology for penetration testing as a vehicle for motivating and teaching students fundamental principles of security engineering.

Author(s):

Irvine, Cynthia E. ; Levin, Timothy

Author Organization(s):

NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE

Descriptive Note:

Conference paper

Supplementary Note:

Presented at the World Conference on Information Security Education held in Perth, Australia in July 2001. Sponsored in part by DISA.

Pagination:

0016

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Monitor Series:

NAVEXOS

Subject Terms

Joint Capability Areas:

JCA_4.6_Engineering; JCA_8_Building Partnerships; JCA_8.2_Shape; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_1_Force Support; JCA_1.2_Force Preparation; JCA_5_Command and Control; JCA_4.6.1_General Engineering; JCA_5.3_Planning; JCA_1.2.2_Exercising; JCA_6.4.1_Secure Information Exchange; JCA_6_Net Centric; JCA_1.2.1_Training; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_3.2_Engagement; JCA_3_Force Application; JCA_1.2.3_Educating; JCA_3.2.2_Non-Kinetic Means; JCA_5.5.2_Task; JCA_5.5_Direct

Modernization Areas:

Cyber

Communities of Interest:

No COI(s) Identified

Descriptor(s):

*DATA PROCESSING SECURITY, *TEACHING METHODS, *SYSTEMS ENGINEERING, INFORMATION SECURITY, PENETRATION, SYMPOSIA

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

*FLAW HYPOTHESIS METHODOLOGY, *SECURITY ENGINEERING, PRINCIPLES, SECURE COMPUTER SYSTEMS, PENETRATION TESTING, EXERCISES

Report Date:

2001 Jul 01

Creation Date:

2008 Aug 06