Sheikh K. Ghafoor

Empowering faculty to embed security topics into computer science courses

Security illiteracy is a very common problem among Computer Science (CS) graduates entering the nations digital workforce, which has contributed to a national cyber-infrastructure that could and should be more resilient to cyber-enemies than it is now. The Security Knitting Kit (SecKnitKit) project aims to improve security awareness, knowledge, and interest of undergraduate CS students by exposing them to computer security concepts and issues in their regular course of study. The project is developing, deploying, and disseminating a multi-faceted out-of-the-box instructional support system to empower non-security faculty. These are faculty who have no experience in teaching security but recognize the importance of security in todays world and want to broaden their teaching repertoire. This project enables them to weave relevant security topics traditional computer science courses seamlessly and effectively. The project is organized by the CS department at Tennessee Tech University (TTU) and supported by the National Science Foundation under grant DUE-1140864.

Integrating security in the computer science curriculum

With increased focus on the global computing infrastructures vulnerability to cyber-attacks - the time is right for security integration across the computer science curriculum to contribute to a cyber-ready workforce. The challenges to integrating security into computer science (CS) curriculum are significant---lack of faculty to teach security, a dearth of effective teaching resources, and little room to spare in CS curriculum. This article describes an initiative that aims to develop faculty expertise in cybersecurity, provide a library of resources for security education, and build a community of CS educators to prepare computing graduates to meet current and future cybersecurity challenges.

Integrity Based Intrusion Detection System for Enterprise and Cloud Environments

Virtualization enables the disconnect between software and hardware allowing multiple operating systems to safely execute simultaneously on a single machine. This creates many benefits including server consolidation, fault tolerance, and intrusion isolation. Although each virtual machine (VM) is isolated, an intrusion may give attackers access to sensitive information located on shared storage. A kernel-level root kit may be used to obtain continuous privileged access to the compromised VM due to its escalated privilege level and the detection difficulty. This paper presents the design and evaluation of the virtual system-level lightweight integrity monitor (vSLIM). vSLIM is an intrusion detection system (IDS) capable of detecting kernel-level root kits and adapting to updating kernels. Our evaluation shows that vSLIM detects many known root kits with minimal overhead.

CReST-Security Knitting Kit: Ready to Use Teaching Resources to Embed Security Topics into Upper Division CS Courses (Abstract Only)

Information Assurance and Security has been designated as a new knowledge area in the new ACM/IEEE-CS Curricula 2013. This is not a trivial task to accomplish, especially with lack of resources. With support from NSF (Award# DUE-1140864), we have developed a set of readily available resources called SecKnitKit (Security Knitting Kit, www.secknitkit.org), which offers a suite of instructional material for non-security faculty (faculty whose primary teaching/research focus is not security) to integrate security in upper division CS courses such as operating systems, software engineering, computer networks and databases. As part of the NSF CReST (CyberWorkshops: Resources and Strategies for Teaching Cybersecurity in Computer Science, DUE-1438861, www.crest4cs.org) project, this workshop will introduce CS faculty to the SecKnitKit resources that can be easily adaptable into any standard CS curriculum. The participants will receive access to all SecKnitKit materials (instructional and assessment) of interest and demonstrated use of the active learning exercises. Each participant will receive

CReST-Security Knitting Kit: Readily Available Teaching Resources to Integrate Security Topics into Traditional CS Courses (Abstract Only)

125.00 stipend for his/her time. Requires a Windows or Mac laptop. Enrollment is limited to 28 participants who teach at least one of these courses: operating systems, software engineering, computer networks and databases).

Instruction of introductory programming course using multiple contexts

Since security education is not required in CS curriculum, many CS undergraduates can successfully achieve their degree without being exposed to any security courses during their course of study and enter the digital workforce with no knowledge or basic understanding of information security -- one of the essential skill sets for the 21st century. To address this concern, Information Assurance and Security (IAS) has been designated as a new knowledge area in the new ACM/IEEE-CS Curricula 2013. This workshop empowers CS faculty to access and use freely available resources to integrate security in to their CS curriculum will help institutions to meet ACM/IEEE-CS guideline. With support from NSF (Award# DUE-1140864, #1438861), at the CyberSecurity Education, Research and Outreach Center at Tennessee Tech, we have developed a set of readily available resources called SecKnitKit (Security Knitting Kit, www.secknitkit.org), which offers a suite of instructional material for non-security faculty (faculty whose primary teaching/research focus is not security) to integrate security in upper division CS courses such as operating systems, software engineering, computer networks and databases. Resources include lecture slides with notes, assessment questions and homework/classroom assignments with all details and technical support. The participants will receive access to all SecKnitKit materials (instructional and assessment) of interest and demonstrated use of the active learning exercises. There are six participant slots for each of the four courses mentioned above and participants will have an option to select their courses of choice at registration time.

Integrating Parallel Computing in Introductory Programming Classes: An Experience and Lessons Learned

This paper describes the experience of redesigning a traditional CS1 programming course, utilizing traditional coding practices as well as microcontroller units (MCU) based coding, to provide multiple programming environments. The objective of this redesign is to improve the programming skills for engineering students by 1) providing them with program development experience in multiple contexts and 2) relating the initial programming experience to the typical notion of engineering through significant hardware experience. Typical CS1 courses are designed with an instructor led lecture focusing on the introduction of specific computer skills and languages while programming assignments and laboratories help strengthen these skills in the students. For this remodeling, in addition to the typical programming exercises, supplementary MCU based lab exercises were used to provide an additional, different programming target for increased learning and highlighting the complementary relationship between hardware and software. The outcomes of this effort demonstrate that the addition of a MCU to an introductory programming course can work as an effective motivator, providing the students with a secondary context to reinforce programming skills developed during the course, and that providing multiple contexts (traditional desktop programming and hardware-based programming) together can aid in learning and the transfer of knowledge.

LiquidEarth - river: a satellite based operational river height forecasting system for Bangladesh

Parallel and distributed computing (PDC) has become ubiquitous to the extent that even common users depend on parallel programming. This points to the need for every programmer to understand how parallelism and distributed programming affect problem solving, teaching only traditional sequential programming is no longer sufficient. To address the rapidly widening gap between emerging highly-parallel computer architectures and the sequential programming approach taught in traditional CS/CE courses, the Computer Science Department at Tennessee Technological University has integrated PDC into their introductory programming course sequence. This paper presents our implementation efforts, experience and lessons learned, as well as preliminary evaluation results.

Benchmark Exercise for Comparing the Computational Performance of Two-Dimensional Flood Models in CPU, Multi-CPU, and GPU Frameworks

Most of the worlds population lives near a freshwater source or on the coast and are thus vulnerable to the rise in water level. There are around 260 trans-boundary water bodies that cover more than 40% of the Earths land surface and account for 60% of global freshwater flow [1] [2]. Most developing countries located at the downstream end of a large river basin are often plagued with flooding problems that are trans-boundary because the flood waters are generated upstream in other nations. However, many large river basins in the developing world are mostly ungauged as they lack the necessary in-situ measurements required for the setting up of flood forecasting models. For such basins, using data from satellite may be the only alternative to overcome the lack of in-situ data. LiquidEarth-River [3] is a client-server based framework that aims to deliver surface-water relevant information such as river height, flood inundation, and reservoir storage directly to the user. LiquidEarth-River version 1.0 provides 8 days river height forecast at two in-situ points (Hardinge Bridge and Bahadurabad Ghat) in Bangladesh using satellite data at upstream locations in India where in-situ data is unavailable. The river levels in upstream locations are obtained from Jason-2 altimetry data (joint NASA-French Satellite). The value of LiquidEarth-River is in better understanding of the future (an 8 day lead time) of potential water levels near rivers, in light of the societal implications for water encroachment into homesteads and farmlands. LiquidEarth-River uses recent innovations in computer science such as multicore and GPU based desktops to solve computationally intensive problems such as river height forecasting. Typically, these problems are solved using traditional cluster or supercomputers. The server side of the application runs on a desktop that downloads Jason-2 data daily, and runs a forecasting scheme to provide the forecast. The client side of the application is a smart phone or a web app that provides a river height forecast to the user. The application has scope for expansion in two areas: 1) integration of new and multiple satellite altimeters, 2) addition of a more intuitive communication format that converts the information to knowledge (such as converting river level forecast to inundation and impact on villagers, houses, roads etc.). For example, farmers of Bangladesh need early warning of monsoonal floods to decide on early harvest or delayed sowing. Providing a visual map of what an X meter of river level means to a farmer, an 8 day forecast can provide a greater sense of empowerment for saving lives, and economic decision making. Currently, the warnings that farmers receive in most developing countries are not only lead-time limited, but are available only to highly skilled users, and are not so intuitive that makes it easy for a layman to understand the value of the warnings. LiquidEarth attempts to remove these barriers to interpretation by creating a highly intuitive and visual format readily accessible to the average farmer who has little time to get training or read a complicated manual.

A Matlab-Based Toolkit to Program Microcontrollers for Use in Teaching Mechanisms and Robotics

The objective of this study is to investigate the computational performance and accuracy of three different implementations of a 2D flood model: sequential (Flood2D-CPP), parallel (Flood2DPTH & Flood2D-OMP), and General Purpose Graphics Processing Unit (Flood2D-GPU). The model is based on shallow water equations (SWE) and uses an upwind-finite difference numerical formulation to simulate flood events. Two parallel versions of the model are implemented, one based on pthread and the other based on OpenMP. The GPU version has been developed using NVIDIAs CUDA library. For this study, these implementations are being applied to simulate a dam break event at the Taum Sauk pump-storage hydro-electric power plant in Missouri, which occurred on December 14, 2005. The GPU implementation provided a significant speed up, up to two orders of magnitude compared to the CPU model. As predicted, the sequential model (Flood2D-CPP) reported with the lowest performance compared to the parallel and GPGPU versions, because it would take longer for a single CPU thread to perform all the calculations as opposed to multiple threads or through multiple GPU cores . Results indicate that the computational performance of both Flood2D-PTH and Flood2D-OMP improves with increase in the number CPU threads. The speedups of Flood2D-PTH and Flood2D-OMP are maximized at 8 threads, but much less than the theoretical maximum. In general, even though Flood2D-GPU had significance performance the comparison indicated the potential for optimizing Flood2D-PTH and Flood2D-OMP models to simulate larger computational domains.