Preliminary Evaluation of a Software Security Learning Environment

Preliminary Evaluation of a Software Security Learning Environment

Atsuo Hazeyama (Department of Information Science, Tokyo Gakugei University, Japan) and Masahito Saito (Graduate School of Education, Tokyo Gakugei University, Japan)
Copyright: © 2014 |Pages: 14
DOI: 10.4018/ijsi.2014070103
OnDemand PDF Download:
No Current Special Offers


The importance of software security technologies is increasingly recognized with the increase in services available on the Internet. It is also important to foster human resources with knowledge and skills relevant to software security technologies. This article aims to construct a software security learning environment. It proposes a learning process for software security and constructed a learning environment that supported the learning process. This article describes a preliminary experiment to evaluate the learning process and the learning environment. It confirms usefulness of the learning process. It also identifies some improvements for the knowledge base system and learning environment, such as visualization support and traceability support.
Article Preview

We describe work related to this study from the viewpoint of development support for software security based on a knowledge management approach, and from the viewpoint of software security education.

Study of Development Support for Software Security Based on Knowledge Management Approach

The SHIELDS project aimed at constructing a repository-based secure software engineering environment (Hakon, et al., 2009). The goal of the project is to store and share security models that represent the expertise of experts. The repository model shown corresponds to the knowledge base we describe in this paper.

Barnum and McGraw proposed a knowledge structure for software security whose goal is to form an infrastructure for software security practices (Barnum & McGraw, 2005). They represented the knowledge structure as a class diagram of seven classes (“Principle,” “Guideline,” “Rule,” “Attack pattern,” “Vulnerability,” “Exploit,” and “Historical risk”) and their relationships. We think the knowledge structure proposed by Barnum and McGraw corresponds to the knowledge base we proposed. Our study aims at constructing a learning environment (storing artifacts, association of created artifacts with the knowledge base, and recording the rationale) in which learners conduct secure software development, referring to the knowledge base.

Complete Article List

Search this Journal:
Open Access Articles
Volume 10: 4 Issues (2022): 2 Released, 2 Forthcoming
Volume 9: 4 Issues (2021)
Volume 8: 4 Issues (2020)
Volume 7: 4 Issues (2019)
Volume 6: 4 Issues (2018)
Volume 5: 4 Issues (2017)
Volume 4: 4 Issues (2016)
Volume 3: 4 Issues (2015)
Volume 2: 4 Issues (2014)
Volume 1: 4 Issues (2013)
View Complete Journal Contents Listing