GGrantIndex
← Search

SaTC: EDU: Learning Threat Perception through Build-Break-Fix Assignments

$499,828FY2024EDUNSF

University Of Wisconsin-Madison, Madison WI

Investigators

Abstract

Any software developer should have a realistic understanding of all potential security threats the software may face, a concept known as threat perception (TP). Unlike secure coding skills or a security mindset, TP provides the foundational knowledge necessary to teach and learn about these related concepts effectively. Current studies indicate that undergraduate computer science (CS) students in the U.S. often graduate without formal software security education and struggle to develop a security mindset while developing and managing software applications. Even when basic security attacks are taught, students tend to view them as a checklist rather than understanding their real-world implications. Research in the learning sciences shows that merely working through a checklist does not lead to a deeper understanding of how different threats emerge in the real world. This project addresses this gap by formalizing TP based on learning theory, developing methods to measure and assess TP, and designing educational interventions to improve TP learning among undergraduate CS students. By advancing TP education, this project supports the national interest by promoting the progress of science and securing national defense through better-prepared software developers. The project's primary goal is to formalize the concept of threat perception (TP) in software development, measure and assess students' TP, and design interventions to improve TP among undergraduate computer science (CS) students. The scope includes developing a mechanistic model of TP based on constructivist learning theory, analyzing how different code analysis tasks, such as "Build It, Break It, Fix It" (BiBiFi), affect students' TP, and creating a curricular unit that teaches TP through BiBiFi-style projects. The methods involve systematic analysis of students' learning processes and designing educational tools that can be integrated seamlessly into existing courses. This project aims to produce a comprehensive understanding of how students learn and apply TP in software development, providing valuable insights for educators and contributing to the development of more secure software systems. By demystifying the process of identifying and addressing security threats, this project will broaden participation in computer security education to all undergraduate CS students rather than a self-selected group of security-focused students. This effort will help foster a more inclusive and comprehensive understanding of computer security among future software developers, including those from underrepresented backgrounds. This project is supported by the Secure and Trustworthy Cyberspace (SaTC) program, which funds proposals that address cybersecurity and privacy, and in this case, cybersecurity education. The SaTC program aligns with the Federal Cybersecurity Research and Development Strategic Plan and the National Privacy Research Strategy to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →