Award Abstract # 2310179
Authentic Learning Modules for DevOps Security Education

NSF Org: DGE
Division Of Graduate Education
Recipient: AUBURN UNIVERSITY
Initial Amendment Date: January 4, 2023
Latest Amendment Date: January 4, 2023
Award Number: 2310179
Award Instrument: Standard Grant
Program Manager: ChunSheng Xin
cxin@nsf.gov
 (703)292-7353
DGE
 Division Of Graduate Education
EDU
 Directorate for STEM Education
Start Date: January 15, 2023
End Date: June 30, 2026 (Estimated)
Total Intended Award Amount: $154,006.00
Total Awarded Amount to Date: $154,006.00
Funds Obligated to Date: FY 2022 = $154,006.00
History of Investigator:
  • Akond Ashfaque Rahman (Principal Investigator)
    akond.rahman.buet@gmail.com
Recipient Sponsored Research Office: Auburn University
321-A INGRAM HALL
AUBURN
AL  US  36849
(334)844-4438
Sponsor Congressional District: 03
Primary Place of Performance: Auburn University
321-A INGRAM HALL
AUBURN
AL  US  36849-0001
Primary Place of Performance
Congressional District:
03
Unique Entity Identifier (UEI): DMQNDJDHTDG4
Parent UEI: DMQNDJDHTDG4
NSF Program(s): Secure &Trustworthy Cyberspace
Primary Program Source: 04002223DB NSF Education & Human Resource
Program Reference Code(s): 025Z
Program Element Code(s): 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.076

ABSTRACT

Information technology (IT) organizations use development and operations (DevOps) to deliver software-based services rapidly to end-users. During software development, various documents are often created. These materials, referred to as software artifacts, may include design documents, source code, risk assessments, and other project plans or documentation. Software artifacts used in DevOps yield tremendous benefits for IT organizations. However, without the secure development of these artifacts, deployed software can contain security vulnerabilities which malicious users can exploit to cause serious consequences for organizations. Therefore, students who are poised to become next-generation professionals need to be educated on (i) the consequences of security weaknesses that are commonplace in DevOps artifacts and (ii) how security weaknesses can be mitigated through secure development. This project aims to create an engaging and motivating learning environment that encourages all computer science students to learn cybersecurity integration into artifacts used for DevOps. The project has the potential to transform computer science education in the cross-cutting areas of software engineering and cybersecurity and grow a cybersecurity workforce that is well-versed in secure software development practices and techniques.

Principal investigators from Tennessee Tech University, Kennesaw State University, and Tuskegee University will collaborate on developing and deploying authentic learning-based modules for DevOps security education (ALAMOSE). The ALAMOSE project will leverage authentic learning, which provides students with practical knowledge to solve real-world problems. Pre-lab content dissemination, hands-on exercise, and post-lab activities will be included. The modules will be deployed in existing cybersecurity, software engineering, and IT system security courses across the three institutions, potentially impacting students from diverse backgrounds. Faculty workshops and outreach webinars will be employed to promote the adoption of the modules and to gather and present lessons learned and experiential feedback. In addition, the modules will be available to educators nationwide through code and container sharing platforms, such as GitHub and DockerHub.

This project is supported by the Secure and Trustworthy Cyberspace (SaTC) program, which funds proposals that address cybersecurity and privacy, and in this case specifically cybersecurity education. The SaTC program aligns with the Federal Cybersecurity Research and Development Strategic Plan and the National Privacy Research Strategy to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

(Showing: 1 - 10 of 12)
Rahman, Md_Mostafizur and Barek, Md_Abdul and Akter, Mst_Shapna and Riad, Abm_Kamrul_Islam and Rahman, Md_Abdur and Shahriar, Hossain and Rahman, Akond and Wu, Fan "Authentic Learning on DevOps Security with Labware: Git Hooks To Facilitate Automated Security Static Analysis" Proc. of The 48th IEEE International Conference on Computers, Software, and Applications (COMPSAC 2024) , 2024 Citation Details
Barek, MD_Abdul and Rahman, Md_Mostafizur and Akter, Mst_Shapna and Riad, A_B_M_Kamrul_Islam and Rahman, Md_Abdur and Hossain, Shahriar and Rahman, Akond and Wu, Fan "Mitigating Insecure Outputs in Large Language Models (LLMs): A Practical Educational Module" IEEE International Conference on Computers, Software, and Applications (COMPSAC 2024) , 2024 Citation Details
Farhana, Effat and Wu, Fan and Shahriar, Hossain and Karmaker_Santu, Shubhra Kanti and Rahman, Akond "Challenges and Preferences of Learning Machine Learning: A Student Perspective" , 2024 https://doi.org/10.1109/FIE61694.2024.10893530 Citation Details
Hassan, Md Mahadi and Salvador, John and Santu, Shubhra_Kanti Karmaker and Rahman, Akond "State Reconciliation Defects in Infrastructure as Code" Proceedings of the ACM on Software Engineering , v.1 , 2024 https://doi.org/10.1145/3660790 Citation Details
Mendis, Pemsith and Reeves, Wilson and Babar, Muhammad Ali and Zhang, Yue and Rahman, Akond "Evaluating the Quality of Open Source Ansible Playbooks: An Executability Perspective" , 2024 https://doi.org/10.1145/3663530.3665019 Citation Details
Rahman, Akond and Bose, Dibyendu Brinto and Barsha, Farhat Lamia and Pandita, Rahul "Defect Categorization in Compilers: A Multi-vocal Literature Review" ACM Computing Surveys , v.56 , 2024 https://doi.org/10.1145/3626313 Citation Details
Rahman, Akond and Bose, Dibyendu Brinto and Zhang, Yue and Pandita, Rahul "An empirical study of task infections in Ansible scripts" Empirical Software Engineering , v.29 , 2024 https://doi.org/10.1007/s10664-023-10432-6 Citation Details
Rahman, Akond and Parnin, Chris "Detecting and Characterizing Propagation of Security Weaknesses in Puppet-based infrastructure Management" IEEE Transactions on Software Engineering , v.49 , 2023 https://doi.org/10.1109/TSE.2023.3265962 Citation Details
Rahman, Akond and Shamim, Shazibul Islam and Bose, Dibyendu Brinto and Pandita, Rahul "Security Misconfigurations in Open Source Kubernetes Manifests: An Empirical Study" ACM Transactions on Software Engineering and Methodology , 2023 https://doi.org/10.1145/3579639 Citation Details
Rahman, Akond and Wu, Fan and Shahriar, Hossain "Students Perceptions of Authentic Learning for Learning Information Flow Analysis" , 2024 https://doi.org/10.1109/FIE61694.2024.10893298 Citation Details
Rahman, Akond and Zhang, Yue and Wu, Fan and Shahriar, Hossain "Student Perceptions of Authentic Learning to Learn White-box Testing" Proceedings of the 55th ACM Technical Symposium on Computer Science Education , 2024 https://doi.org/10.1145/3626253.3635584 Citation Details
(Showing: 1 - 10 of 12)

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page