The SFS summer research study at UMBC: Project-based learning inspires cybersecurity students. Issue 4 (4th July 2019)
- Record Type:
- Journal Article
- Title:
- The SFS summer research study at UMBC: Project-based learning inspires cybersecurity students. Issue 4 (4th July 2019)
- Main Title:
- The SFS summer research study at UMBC: Project-based learning inspires cybersecurity students
- Authors:
- Sherman, Alan
Golaszewski, Enis
LaFemina, Edward
Goldschen, Ethan
Khan, Mohammed
Mundy, Lauren
Rather, Mykah
Solis, Bryan
Tete, Wubnyonga
Valdez, Edwin
Weber, Brian
Doyle, Damian
O'Brien, Casey
Oliva, Linda
Roundy, Joseph
Suess, Jack - Abstract:
- Abstract: May 30–June 2, 2017, Scholarship for Service (SFS) scholars at the University of Maryland, Baltimore County (UMBC) analyzed the security of a targeted aspect of the UMBC computer systems. During this hands-on study, with complete access to source code, students identified vulnerabilities, devised and implemented exploits, and suggested mitigations. As part of a pioneering program at UMBC to extend SFS scholarships to community colleges, the study helped initiate six students from two nearby community colleges, who transferred to UMBC in fall 2017 to complete their 4-year degrees in computer science and information systems. The study examined the security of a set of "NetAdmin" custom scripts that enable UMBC faculty and staff to open the UMBC firewall to allow external access to machines they control for research purposes. Students discovered vulnerabilities stemming from weak architectural design, record overflow, and failure to sanitize inputs properly. For example, they implemented a record-overflow and code-injection exploit that exfiltrated the vital application programming interface (API) key of the UMBC firewall. This report summarizes student activities and findings and reflects on lessons learned for students, educators, and system administrators. Our students found the collaborative experience inspirational; students and educators appreciated the authentic case study; and IT administrators gained access to future employees and received freeAbstract: May 30–June 2, 2017, Scholarship for Service (SFS) scholars at the University of Maryland, Baltimore County (UMBC) analyzed the security of a targeted aspect of the UMBC computer systems. During this hands-on study, with complete access to source code, students identified vulnerabilities, devised and implemented exploits, and suggested mitigations. As part of a pioneering program at UMBC to extend SFS scholarships to community colleges, the study helped initiate six students from two nearby community colleges, who transferred to UMBC in fall 2017 to complete their 4-year degrees in computer science and information systems. The study examined the security of a set of "NetAdmin" custom scripts that enable UMBC faculty and staff to open the UMBC firewall to allow external access to machines they control for research purposes. Students discovered vulnerabilities stemming from weak architectural design, record overflow, and failure to sanitize inputs properly. For example, they implemented a record-overflow and code-injection exploit that exfiltrated the vital application programming interface (API) key of the UMBC firewall. This report summarizes student activities and findings and reflects on lessons learned for students, educators, and system administrators. Our students found the collaborative experience inspirational; students and educators appreciated the authentic case study; and IT administrators gained access to future employees and received free recommendations for improving the security of their systems. We hope that other universities can benefit from our motivational and educational strategy of teaming educators and system administrators to engage students in active project-based learning centering on focused questions about their university computer systems. … (more)
- Is Part Of:
- Cryptologia. Volume 43:Issue 4(2019)
- Journal:
- Cryptologia
- Issue:
- Volume 43:Issue 4(2019)
- Issue Display:
- Volume 43, Issue 4 (2019)
- Year:
- 2019
- Volume:
- 43
- Issue:
- 4
- Issue Sort Value:
- 2019-0043-0004-0000
- Page Start:
- 293
- Page End:
- 312
- Publication Date:
- 2019-07-04
- Subjects:
- code injection -- computer and network security -- cybersecurity -- CyberCorps: Scholarship for Service (SFS) -- firewalls -- NetAdmin -- project-based learning -- record overflow -- security evaluation -- UMBC SFS Summer Research Study
Cryptography -- Periodicals
652.8 - Journal URLs:
- http://www.tandfonline.com/toc/ucry20/current ↗
http://www.tandfonline.com/ ↗ - DOI:
- 10.1080/01611194.2018.1557298 ↗
- Languages:
- English
- ISSNs:
- 0161-1194
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3490.155480
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 10064.xml