Integrating Formal Methods for Security in Software Security Education

Paolo MODESTI

doi:10.15388/infedu.2020.19

Informatics in Education (Sep 2020)

Integrating Formal Methods for Security in Software Security Education

Paolo MODESTI

Affiliations

Paolo MODESTI: Department of Computer Science and Information Systems, Teesside University Middlesbrough, United Kingdom

DOI: https://doi.org/10.15388/infedu.2020.19
Journal volume & issue: Vol. 19, no. 3
pp. 425 – 454

Abstract

Read online

As the number of software vulnerabilities discovered increases, the industry is facing difficulties to find specialists to cover the vacancies for security software developers. Considering relevant teaching and learning theories, along with existing approaches in software security education, we present the pedagogic rationale and the concrete implementation of a course on security protocol development that integrates formal methods for security research into the teaching practice. A novelty of the framework is the adoption of a conceptual model aligned with the level of abstraction used for the symbolic (high-level) representation of cryptographic and communication primitives. This is aimed not only at improving skills in secure software development, but also at bridging the gap between the formal representation and the actual implementation, making formal methods and tools more accessible to students and practitioners.

Published in Informatics in Education

ISSN: 1648-5831 (Print); 2335-8971 (Online)
Publisher: Vilnius University
Country of publisher: Lithuania
LCC subjects: Education: Special aspects of education
Website: https://infedu.vu.lt/journal/INFEDU

About the journal

Abstract

Keywords