Some “Secure Programming” Exercises for an Introductory Programming Class

Abstract : Ideally, computer security should be an integral part of all programming courses. Beginning programming classes pose a particular challenge, because the students are learning basic concepts of programming. Thus, teaching them about buffer overflows as security problems, requiring an explanation of concepts such as “smashing the stack,” will confuse students more than motivate them to check array bounds. Advanced concepts such as race conditions require more background than the students have, or will have, when taking introductory programming classes. An alternate approach is to teach the underlying concepts of robust programming; preventing crashes or errors is central to such a course. This paper presents some exercises that illustrate this approach, and some thoughts on what constitutes “secure programming”.
Type de document :
Communication dans un congrès
Ronald C. Dodge; Lynn Futcher. 8th World Conference on Information Security Education (WISE), Jul 2009, Bento Gonçalves, Brazil. Springer, IFIP Advances in Information and Communication Technology, AICT-406, pp.226-232, 2013, Information Assurance and Security Education and Training. 〈10.1007/978-3-642-39377-8_26〉
Liste complète des métadonnées

Littérature citée [2 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01463642
Contributeur : Hal Ifip <>
Soumis le : jeudi 9 février 2017 - 15:45:03
Dernière modification le : jeudi 9 février 2017 - 15:51:56
Document(s) archivé(s) le : mercredi 10 mai 2017 - 14:32:41

Fichier

978-3-642-39377-8_26_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Matt Bishop. Some “Secure Programming” Exercises for an Introductory Programming Class. Ronald C. Dodge; Lynn Futcher. 8th World Conference on Information Security Education (WISE), Jul 2009, Bento Gonçalves, Brazil. Springer, IFIP Advances in Information and Communication Technology, AICT-406, pp.226-232, 2013, Information Assurance and Security Education and Training. 〈10.1007/978-3-642-39377-8_26〉. 〈hal-01463642〉

Partager

Métriques

Consultations de la notice

64

Téléchargements de fichiers

17