| NSF Org: |
DGE Division Of Graduate Education |
| Recipient: |
|
| Initial Amendment Date: | September 8, 2015 |
| Latest Amendment Date: | September 8, 2015 |
| Award Number: | 1523017 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Victor Piotrowski
vpiotrow@nsf.gov (703)292-5141 DGE Division Of Graduate Education EDU Directorate for STEM Education |
| Start Date: | January 1, 2016 |
| End Date: | December 31, 2019 (Estimated) |
| Total Intended Award Amount: | $130,001.00 |
| Total Awarded Amount to Date: | $130,001.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
1400 TOWNSEND DR HOUGHTON MI US 49931-1200 (906)487-1885 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
1400 Townsend Dr. Houghton MI US 49931-1295 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.076 |
ABSTRACT
The proposed project will develop Visualization and Analysis of C Code Security (VACCS) tool to assist students with learning secure code programming. The proposal addresses the critical issue of learning secure coding through the development of a system for analyzing and visualizing C code and associated learning materials. VACCS will utilize static and dynamic program analysis to detect security vulnerabilities and warn programmers about the potential errors in their code. The research team has a significant experience in using visualization to teach computer science in such areas as parallel computing, geometric modeling and data encryption. The project will develop visualization and animation of common security vulnerabilities that can be customized for programmers with different level of programming experience. The project will evaluate the effectiveness of VACCS and instructional materials to improve students' learning of secure coding.
The outcomes of this research will provide a better understanding of the visualization impact on secure programming instruction within a computing curriculum, as well as a deployable VACCS tool for faculty to adopt. This research will inform the broader community on the visualization potential for positive effects on the quality of code developed by future computer scientists. The VACCS tool and educational materials including tutorials, lectures, projects and extensive examples of teaching secure software development will be disseminated to academic computing community. In addition, this project will teach students how to perform software security audits using VACCS and will train graduate students in the art of teaching computer security.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Cybersecurity is at the forefront of computer science. While research is identifying new ways to protect computer systems, most successful attacks exploit vulnerabilities that are well-known. This project addressed this problem by developing new tools and techniques to teach students how to avoid common vulnerabilties that arise in C programs. Low-level software that is fundamentally responsible for system protection is often written in C for performance reasons.
The sytem ls called Visualization and Analysis for C Code Security (VACCS). It leverages visualization to improve learning. The system is comprised of two parts: an analysis system and a visualization system. The visualization takes input from the analysis system in the form of events related to program security drawn from a program execution. Students can step through the events and watch their program execute. The system ties a source code line to its corresponding assembly language and the impact of its execution on memory, including the representation of integers and their corresponding decimal value.
The tools have been shown to help students understand how their C programs execute and how to avoid pervasive errors such as integer overflow and buffer overflows. Student feedback had been positive and students overwhelmingly felt that the tools enhanced the courses in which they were used. Improved learning through use of the VACCS system will help to secure the national cyberinfrastructure.
Last Modified: 03/31/2020
Modified by: Jean Mayo
Please report errors in award information by writing to: awardsearch@nsf.gov.
