Security Education and Training at UCLA

 

Our Mission is to fundamentally advance the accessibility and quality of education and training in security to address an urgent, global need. 

 

Our approach is to develop and validate instructional resources that can be adopted into standard computer science and engineering curricula.  This includes lecture media, instructional challenges, and content compelling to students.

With the generous support of Intel, the UCLA Computer Science and Electrical Engineering Departments have performed work to advance education in computer science in many ways. Our current work focuses on improving students' understanding of computer security. Most knowledgeable parties feel that many graduating computer science students have insufficient understanding of computer security to function safely in today's dangerous cyberworld. They do not understand how to write secure programs, they do not understand how to determine if their software and systems are sufficiently protected, and they do not understand how to behave safely in cyberspace. This lack is not due to failings on the part of the students, but because too few institutions teach them about these vital subjects.

Currently, security training in higher education is not uniformly available.  This leaves significant risk of insufficient support for acutely needed training. Teaching a few more courses on cybersecurity in a handful of institutions whose faculty include specialists in this subject is not sufficient. Improved understanding of safe cyber practices is required for all computer professionals, not just a handful who take electives. Further, the field is producing insufficient numbers of security professionals at all levels, including the Ph.D. level, making it literally impossible for all institutions to have computer security specialists on their faculty. Cybersecurity, like other overarching topics in computer science, needs to reach into all aspects of the curriculum, and must be teachable by competent faculty who are not themselves specialists in this field.

Recognizing this need, Intel has funded a number of researchers, including UCLA faculty, to develop materials that will allow non-specialist faculty to introduce a stronger security orientation into their classes. UCLA has worked on this approach for both introductory programming classes and for upper division classes. Our concept is that this security orientation should be an ongoing element of an undergraduate's education in computer science, appearing not just at the beginning of his curriculum, but being touched on in appropriate places throughout. Further, we understand that to achieve widespread success, we must help faculty who are not themselves security experts to introduce this security orientation into their classes.

To that end, we are developing curriculum materials suitable for use in various classes, with the intention that professors at other institutions can adopt these materials and use them in their own classes. To ensure that we are producing materials that effectively insert useful security instruction into the classes, we are testing them in our own classes and gathering data from those class offerings to evaluate the degree to which students have improved their understanding of computer security by exposure to these materials. Further, we are working with another educational institution that does not have a computer security faculty member on staff (Harvey Mudd College) to demonstrate that materials can be effectively transitioned to such institutions.

To date, we have developed homework assignments for an introductory programming class, projects for an upper division class in operating systems, test questions for these kinds of classes, and questionnaires used to evaluate the effectiveness of our methods. We will make these materials available to any teachers at educational institutions who wish to use them. Since our materials include sample answers and other tools for performing grading, we make them available via a password protected site. Interested teachers should contact Dr. Peter Reiher (reiher@CS.UCLA.EDU).

Any educational institution that would be interested in closer participation in this work, including consultation with our researchers on how to use our materials or those created by other Intel partners, should contact Dr. Peter Reiher (reiher@CS.UCLA.EDU).

Some of our preliminary results on this approach have been published in a conference article and will shortly appear, in expanded form, in a journal. Our publication page for this project holds links to these papers. We anticipate further publications along these lines.

We are interested in recruiting other educational institutions who would like to participate in this work. We would like to help other such institutions actually make use of our materials, and would be happy to consult with them on how to add a security orientation to their curriculum. We would also appreciate input on what further materials (such as slides on particular topics, more sample homework assignments or exam questions, short instructional materials on important security topics, etc.) would be helpful in improving their students' understanding of computer security. Again, contact Dr. Peter Reiher for further information.