Browsing by Subject "Computer Security"

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Developing a Concept Inventory and Active Learning for Common Computer Security Misconceptions
    (2021-01) Geraci, Brandon
    Cybersecurity incidents are on the rise. Tracing these security breaches back, we linked them to people making an error due to a commonsense misconception. There is no one standard tool that gauges a student's understanding of security topics. In this research, we surveyed 75 security experts about security novices' misconceptions, coded the results, and identified 17 top misconceptions. We created open-ended questions and labs/active learning to identify and remediate those misconceptions. After revising the open-ended questions, we gave them to undergraduate students and successfully extracted real-world instances of the misconceptions in practice. We created a ten-question multiple-choice exam by converting the open-ended questions into multiple-choice with many distractors drawn from students' misconceptions. We then conducted "think-aloud interviews" with students to make sure that the questions were clear. After integrating their feedback, we administered multiple-choice exams to two groups of students; 114 CS 1 students with no formal security education and 28 students from a security course. Almost 30% of CS 1 students failed to answer more than one question correctly, and only 3.5% of CS 1 students passed with a score of 60 (a D-). However, only 21.4% of the security students passed, and no individual student got more than seven out of ten correct. Our results show that both groups of students have these common security misconceptions. While security students earned markedly higher scores, our test unequivocally shows that students are leaving the security course retaining significant misconceptions, pointing the way for improvements in teaching.
  • Thumbnail Image
    Item
    Oral History with Paul Kocher
    (Charles Babbage Institute, 2023-06-29) Kocher, Paul
    This oral history interview is sponsored by and a part of NSF 2202484 “Mining a Useable Past: Perspectives, Paradoxes, and Possibilities with Security and Privacy,” at the Charles Babbage Institute, University of Minnesota. It is an interview with Paul Kocher by videoconference. The interview begins with Kocher’s interest and experience programming prior to attending Stanford University, his interests in math and biology, and his goal to be a veterinarian. He relates summer jobs he had while at Stanford, first at software company Symantec and then at RSA Data Security. He discusses meeting Hellman at Stanford in his second year, support and encouragement from Hellman, and his participation as a student in a group at Stanford of Silicon Valley cryptographers. Hellman referred consulting opportunities to Kocher during the early the growth of the Internet and Web, which enabled to Kocher to pursue cryptography as an early career. Kocher formed Cryptography Research Inc. in 1995, initially with just him doing consulting but soon adding others and branching beyond consulting. Kocher discusses various projects, including his pathbreaking work with Taher Elgamal on Secure Sockets Layer (SSL) 3.0/Transport Layer Security (TLS) 1.0, a protocol to protect communications over the Internet. He relates how his knowledge and exposure to many areas like statistics without a focus in one contributed to his discovery of timing channel attacks and power analysis attacks (both categories of side channel attacks). The interview also explores the growth of the company, the variety of technical projects it did for clients, and how consulting led to opportunities to also explore other security research. He recounts the context of the Spectre paper. He also reflects upon the field of computer security broadly in terms complexity adding to vulnerabilities/risks and the economics of computer security. He highlights that he was able to work with many great people who together achieved impactful new technologies, techniques, and understandings in the field of computer security. Kocher tells of how, as the company grew larger, it needed to internally expand more of the infrastructure typical of larger corporations, or be acquired by another corporation. The latter made more sense and Cryptography Research, Inc. merged with Rambus in 2011. Finally, he mentions how the success of the company and the merger allowed him to become more involved in philanthropy.