Learning Objectives

Define cybersecurity principles: system integrity and confidentiality
Describe potential security threats to system integrity
Understand attack vectors related to unsafe use of memory in lower-level languages
Design exploits that can compromise the system integrity
Understand the relationship between system integrity and confidentiality

Activity

Initially, in the course of Computer Organization, students learn and practice assembly programming and understanding how native code is executed by a processor. Here students replicate a heap spraying attack on a vulnerable browser. Students apply their knowledge of instruction set architectures and system call conventions to produce machine code that executes the attack, then they write JavaScript code to place the attack payload into the victim’s heap. Thus students gain exposure to the internals of an attack. Click activity Content to access the slides and activities associated with level 3.

Surveys

A pre-test was conducted before the sessions were organized. Both the pre and post-tests were structured to capture the students’ demographic information, their perception of the learning objectives, the extent to which they consider the course to be useful and interesting. Besides, their grasp of the concepts was tested with some content questions relevant to the module. Ultimately, an analysis of the test results helped us evaluate the effectiveness of cybersecurity project. Click Pre Survey and Post Survey to download the pdf documents of the survey

Results

A total of about 150 students have taken the level 3 pre and post tests
Students perceive cyber security to be more useful
Students’ performance on content based questions has been similar in pre and post tests
More information can be obtained from the SIGCSE paper