| NSF Org: |
DGE Division Of Graduate Education |
| Recipient: |
|
| Initial Amendment Date: | September 8, 2015 |
| Latest Amendment Date: | November 30, 2018 |
| Award Number: | 1522883 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Victor Piotrowski
vpiotrow@nsf.gov (703)292-5141 DGE Division Of Graduate Education EDU Directorate for STEM Education |
| Start Date: | January 1, 2016 |
| End Date: | December 31, 2019 (Estimated) |
| Total Intended Award Amount: | $169,575.00 |
| Total Awarded Amount to Date: | $177,575.00 |
| Funds Obligated to Date: |
FY 2016 = $8,000.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
1903 W MICHIGAN AVE KALAMAZOO MI US 49008-5200 (269)387-8298 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
1903 W. Michigan Ave. Kalamazoo MI US 49008-5466 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
04001617DB NSF Education & Human Resource |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.076 |
ABSTRACT
The proposed project will develop Visualization and Analysis of C Code Security (VACCS) tool to assist students with learning secure code programming. The proposal addresses the critical issue of learning secure coding through the development of a system for analyzing and visualizing C code and associated learning materials. VACCS will utilize static and dynamic program analysis to detect security vulnerabilities and warn programmers about the potential errors in their code. The research team has a significant experience in using visualization to teach computer science in such areas as parallel computing, geometric modeling and data encryption. The project will develop visualization and animation of common security vulnerabilities that can be customized for programmers with different level of programming experience. The project will evaluate the effectiveness of VACCS and instructional materials to improve students' learning of secure coding.
The outcomes of this research will provide a better understanding of the visualization impact on secure programming instruction within a computing curriculum, as well as a deployable VACCS tool for faculty to adopt. This research will inform the broader community on the visualization potential for positive effects on the quality of code developed by future computer scientists. The VACCS tool and educational materials including tutorials, lectures, projects and extensive examples of teaching secure software development will be disseminated to academic computing community. In addition, this project will teach students how to perform software security audits using VACCS and will train graduate students in the art of teaching computer security.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
One of the most critical needs for software infrastructure is security. From e-commerce to the power grid, the potential for significant damage through attacks of insecure software systems is extensive. Unfortunately, computer software has seen little improvement in the effective reduction of software vulnerabilities. This has left our infrastructure at risk. Now is the time to act to
change this pattern.
This project helps address software security through the development of software tools to teach secure coding in C. Specifically, we have developed a system for the Visualization and Analysis for C Code Security (VACCS). VACCS will utilize static and dynamic program analysis to help detect potential security vulnerabilities and use visualization to help teach programmers about the
potential errors in their code. Thus, students will be able to learn by seeing what is wrong with their programs rather than just having it explained in words.
The major outcomes for this project are visualization tools for teaching various aspects of software security. Each of the tools has been tested in a classroom setting and shown to improve student learning. These tools include visualization of
1) Integer type conversions,
2) Process address space,
3) Operations on secure data, and
4) Management of memory
The project results could have a significant effect on software infrastructure. Training programmers to think about security and to detect and understand vulnerabilities will have significant positive effects on the quality of code developed by future computer scientists. Students with a better understanding of security and software will have a significant impact on our society. Fewer security holes in software will decrease costs to business and individuals and make the internet safer for everyone. The time to include secure software education for all computer scientists is now. We believe our project will improve the quality of that education and have a significant, positive impact on the future.
Last Modified: 01/15/2020
Modified by: Steven M Carr
Please report errors in award information by writing to: awardsearch@nsf.gov.
