Creating a Multifarious Cyber Science Major

Existing approaches to computing-based cyber undergraduate majors typically take one of two forms: a broad exploration of both technical and human aspects, or a deep technical exploration of a single discipline relevant to cybersecurity. This paper describes the creation of a third approach—a multifarious major, consistent with Cybersecurity Curricula 2017, the ABET Cybersecurity Program Criteria, and the National Security Agency Center for Academic Excellence—Cyber Operations criteria. Our novel curriculum relies on a 10-course common foundation extended by one of five possible concentrations, each of which is delivered through a disciplinary lens and specialized into a highly relevant computing interest area serving society’s diverse cyber needs. The journey began years ago when we infused cybersecurity education throughout our programs, seeking to keep offerings and extracurricular activities relevant in society’s increasingly complex relationship with cyberspace. This paper details the overarching design principles, decision-making process, benchmarking, and feedback elicitation activities. A surprising key step was merging several curricula proposals into a single hybrid option. The new major attracted a strong initial cohort, meeting our enrollment goals and exceeding our diversity goals. We provide several recommendations for any institution embarking on a process of designing a new cyber-named major

CS50 Sandbox: Secure Execution of Untrusted Code

We introduce CS50 Sandbox, an environment for secure execution of untrusted code. Implemented as an asynchronous HTTP server, CS50 Sandbox offers clients the ability to execute programs (both interactive and non-interactive) written in any compiled or interpreted language in a tightly controlled, resource-constrained environment. CS50 Sandbox’s HTTP-based API takes files, command lines, and standard input as inputs and returns standard output and error plus exit codes as outputs. Atop CS50 Sandbox, we have built CS50 Run, a web- based code editor that enables students to write code in a browser in any language, whether compiled or interpreted, that’s executed server-side within a sandboxed environment. And we have built CS50 Check, an autograding framework that supports black- and white-box testing of students’ code, leveraging CS50 Sandbox to run series of checks against students’ programs, no matter the language of implementation. We present in this work the pedagogical motivations for each of these tools, along with the underlying designs thereof. Each is available as open source.Engineering and Applied Science

Shuffle, cut, and learn: Crypto Go, a card game for teaching cryptography

This article belongs to the Special Issue Mathematical Modeling and Simulation in Science and Engineering Education II.Cryptography is the mathematical core of information security. It serves both as a source of hard computational problems and as precise language allowing for the formalization of sound security models. While dealing with the mathematical foundations of cybersecurity is only possible in specialized courses (tertiary level and beyond), it is essential to promote the role of mathematics in this field at early educational stages. With this in mind, we introduce Crypto Go, a physical card game that may be used both as a dissemination and as an educational tool. The game is carefully devised in order to entertain and stimulate players, while boosting their understanding on how basic cryptographic tools work and interplay. To get a preliminary assessment of our design, we collected data from a series of test workshops, which engaged over two hundred players from different ages and educational backgrounds. This basic evaluation indeed confirms that Crypto Go significantly improves students' motivation and has a positive impact in their perception and understanding of the field.The printouts of Crypto Go decks, and some of the experimental workshops described in this paper have been financially supported by several institutions: Instituto Nacional de Ciberseguridad (INCIBE; contract 2018/00520/001), Fundación Madri+d (Science Week), and Universidad Carlos III de Madrid (Technological Fridays). M.I.G.V.'s work is funded by the NATO Science for Peace and Security Programme, grant number G5448 and by MINECO under Grant MTM2016-77213-R

Development of Peer Instruction Material for a Cybersecurity Curriculum

Cybersecurity classes focus on building practical skills alongside the development of the open mindset that is essential to tackle the dynamic cybersecurity landscape. Unfortunately, traditional lecture-style teaching is insufficient for this task. Peer instruction is a non-traditional, active learning approach that has proven to be effective in computer science courses. The challenge in adopting peer instruction is the development of conceptual questions. This thesis presents a methodology for developing peer instruction questions for cybersecurity courses, consisting of four stages: concept identification, concept trigger, question presentation, and development. The thesis analyzes 279 questions developed over two years for three cybersecurity courses: introduction to computer security, network penetration testing, and introduction to computer forensics. Additionally, it discusses examples of peer instruction questions in terms of the methodology. Finally, it summarizes the usage of a workshop for testing a selection of peer instruction questions as well as gathering data outside of normal courses

Women’s Sense of Belonging in Computer Science Education:The Need for a Collective Response

The gender imbalance in Computing education continues to be concerning, with women hugely underrepresented in the field. Prior research on improving gender equality in the discipline discusses the need to improve women's sense of belonging. However, this has seldom included women's understanding of what a sense of belonging is for them - nor have solutions for fostering belonging been co-created with women. In this paper, we report on the findings of four innovative focus groups with thirteen women, students and staff, in a university Computer Science department - uncovering their experiences of belonging and their proposed solutions to improving it. Through these focus groups, we present the experiences impacting our participants' sense of belonging, alongside our participants' solutions for fostering belonging within Computing. From this, we discuss the need for a collective response to fostering a sense of belonging in Computer Science, specifically through having a collective understanding of the barriers to a sense of belonging, applying a collective of solutions to foster belonging, and taking collective responsibility for improving equality

Breakout group allocation schedules and the social golfer problem with adjacent group sizes

The current pandemic has led schools and universities to turn to online meeting software solutions such as Zoom and Microsoft Teams. The teaching experience can be enhanced via the use of breakout rooms for small group interaction. Over the course of a class (or over several classes), the class will be allocated to breakout groups multiple times over several rounds. It is desirable to mix the groups as much as possible, the ideal being that no two students appear in the same group in more than one round. In this paper, we discuss how the problem of scheduling balanced allocations of students to sequential breakout rooms directly corresponds to a novel variation of a well-known problem in combinatorics (the social golfer problem), which we call the social golfer problem with adjacent group sizes. We explain how solutions to this problem can be obtained using constructions from combinatorial design theory and how they can be used to obtain good, balanced breakout room allocation schedules. We present our solutions for up to 50 students and introduce an online resource that educators can access to immediately generate suitable allocation schedules