Synthesising end-to-end security schemes through endorsement intermediaries

Composing secure interaction protocols dynamically for e-commerce continue to pose a number of challenges, such as lack of standard notations for expressing requirements and the difficulty involved in enforcing them. Furthermore, interaction with unknown entities may require finding common trusted intermediaries. Securing messages sent through such intermediaries require schemes that provide end-to-end security guarantees. In the past, e-commerce protocols such as SET were created to provide such end-to-end guarantees. However, such complex hand crafted protocols proved difficult to model check. This thesis addresses the end-to-end problems in an open dynamic setting where trust relationships evolve, and requirements of interacting entities change over time. Before interaction protocols can be synthesised, a number of research questions must be addressed. Firstly, to meet end-to-end security requirements, the security level along the message path must be made to reflect the requirements. Secondly, the type of endorsement intermediaries must reflect the message category. Thirdly, intermediaries must be made liable for their endorsements. This thesis proposes a number of solutions to address the research problems. End-to-end security requirements were arrived by aggregating security requirements of all interacting parties. These requirements were enforced by interleaving and composing basic schemes derived from challenge-response mechanisms. The institutional trust promoting mechanism devised allowed all vital data to be endorsed by authorised category specific intermediaries. Intermediaries were made accountable for their endorsements by being required to discharge or transfer proof obligations placed on them. The techniques devised for aggregating and enforcing security requirements allow dynamic creation of end-to-end security schemes. The novel interleaving technique devised allows creation of provably secure multiparty schemes for any number of recipients. The structured technique combining compositional approach with appropriate invariants and preconditions makes model checking of synthesised schemes unnecessary. The proposed framework combining endorsement trust with schemes making intermediaries accountable provides a way to alleviate distrust between previously unknown e-commerce entities

Transforming learning of programming: A mentoring project

Programming is central to Computer Science and cognate disciplines, and poses early-learning challenges in problem-solving and coding. Since the recent past the School of Computer Science & Information Technology (RMIT University) has provided a student mentoring service to assist novice student programmers with their programming, indeed, to build up their confidence in programming. The service has received favourable feedback from students and, as an interesting aside, has had the added benefit of increasing mentors' confidence and improving mentors' communication skills. Mentors volunteer their services under a University leadership initiative, and are not paid to assist students. In light of such success, we secured a University action-research teaching and learning grant, to investigate aspects of the service delivered to date. While mentoring has been shown to be helpful for novice student programmers to learn and improve their programming, less recognised, but of equal importance, is the value to mentors through the skills and experience they gain. This paper reports early findings of a dual-purpose research investigation into the mentoring service. The research project seeks to discover ways to improve the mentoring service for novice student programmers, as well as to enhance a range of qualities in mentors

Evolving Project based Learning to Suit Diverse Student Cohorts

Software engineering courses are increasingly moving towards a project-based learning (PBL) approach. PBL allows abstract software engineering principles and practices to be learnt experientially making the course more appealing to diverse student cohorts. Employers favor PBL as students get exposed to current industry practices, processes and tools, thus narrowing the industry-academia gap. PBL however, poses a number of challenges. Academic staff need to find efficient ways of managing many additional tasks related to PBL such as getting licenses, developing technical materials, managing projects and handling team issues. Students involved in PBL need to be exposed to teamwork and project management skills concurrently. In this paper we present our experience evolving a hybrid-teaching model by using the action research cycle plan-act-observe-reflect over 3 semesters. The main novelty of our approach is the use of projects with varying levels of scaffolding, which made it possible for students with limited programming background to have an enjoyable and beneficial project experience. To ensure fairness, projects with high levels of scaffolding required implementation of more complex use cases to get higher grades. Student surveys reveal such an approach is effective for diverse undergraduate students

Supporting diverse novice programming cohorts through flexible and incremental visual constructivist pathways

Novice programmers rely mainly on formative assignments to develop their problem solving skills. Such assignments can be made more engaging by structuring them into visual tasks with instant feedback. Constructivist theory however, suggests such tasks can facilitate learning only if they are designed considering student mental models. Designing such tasks is difficult given the diversity of students in introductory programming courses. This paper presents a flexible and incremental visual constructivist model that enables different pathways for individual students. Formative and summative evaluations based on assignment tasks suggest such an approach can help improve learning outcomes and student satisfaction significantly even when students have varying cognitive abilities

Imparting software engineering design skills

Teaching software engineering design to large diverse cohorts poses many challenges. Many students lacking object oriented programming skills find UML designs difficult, while large class sizes limit opportunities for interaction. The need to consider different design aspects such as reusability, extensibility etc., makes the manual assignment feedback a slow process. Moreover, such feedback is subjective, being a reflection of the individual marker's view about various design aspects. There have been little or no past attempts to provide instant and consistent feedback using constructivist tools as with programming tasks mainly because a good or correct design is difficult to define and verify. This paper presents the result of our action research to improve student design skills. Our approach combines project-based learning with weekly quizzes, tests and active learning tasks. Quiz questions tagged with underlying concepts and cognitive levels allowed us to identify common misconceptions. Quizzes set at analysis and synthesis levels appear to foster better software design skills. Active learning tools devised helped to correct common misconceptions by providing immediate and holistic feedback. The new teaching approach helped us to improve student retention, satisfaction and performance substantially

Synthesising end-to-end security protocols

E-commerce transactions rely on end-to-end protocols to provide security guarantees when messages are sent through intermediaries. If autonomous entities with different security requirements are to collaborate, protocols providing end-to-end security must be synthesized at runtime. However, such an approach is predicated on finding security primitives and ways of expressing interdependencies between semantics and security. The proposed approach defines fine-grained security properties by combining basic properties and enforcing them in a predefined order. The use of standard security properties allows autonomous entities to reason about security requirements. Furthermore, the novel propagation rules defined allow end-to-end security properties to be derived from entity security requirements. By using proven schemes designed to enforce such requirements, this approach allows end-to-end security protocols similar to the SET purchase protocol to be created at runtime

An endorsement trust model

Inspired by the role endorsements play in traditional commerce, the institutional trust promoting mechanism proposed allows all vital data to be endorsed by category specific endorsement intermediaries with established trust relationships. The resulting endorsement trust provides a much stronger basis for e-commerce trust propagation than past transitive trust models. The centralized trust network modeling trust as a derived value based on past conduct, trust disposition and trusting beliefs allows trust paths to be generated in real time

CS for All: Catering to Diversity of Master's Students through Assignment Choices

Increasingly, students enrolled into foundational CS courses such as programming fundamentals include those from many non-CS majors including Data Analytics, Business, Science and Social Sciences. Staff teaching foundational programming courses must therefore cater for varying student backgrounds, cognitive abilities and interests while teaching abstract concepts such as encapsulation, inheritance and polymorphism. In the past assignments played a major role in learning such abstract concepts as they allowed students to construct their own meanings experientially. However, a single assignment in a given domain pitched at an average student cannot cater effectively to students with varying cognitive abilities and backgrounds resulting in poor learning outcomes and student satisfaction. In this paper we report our experience, substantially improving learning outcomes and student satisfaction in a Master's level introductory programming course with weak learning outcomes and poor student satisfaction by offering a choice of assignments. Our novel approach requires designing assignments which take into account the interests of students and their zone of proximal development which determines the extent to which a learner can grasp new concepts. Our pre and post assignment tests and survey feedback clearly show a substantial improvement in learning outcomes and student perception

Adaptive remediation for novice programmers through personalized prescriptive quizzes

Learning to program is a cognitively demanding activity. Students need to combine mental models of various concepts and constructs to solve problems. Many students new to IT and CS programs have little or no prior experience with abstract reasoning and problemsolving. Instructors attempt to present the core concepts early to allow adequate time for students to complete their programming assignments. However, misconceptions of basic concepts formed in the early stages often get propagated blocking any further progress. Such students often begin to form poor opinions about their capability leading to low self-esteem and performance. This paper proposes a framework to help individual students to overcome their misconceptions through personalized prescriptive quizzes. These quizzes are generated by combining the rich meta-data captured by each quiz question with analysis of past responses to class quizzes. The personalized prescriptive quizzes generated helped to improve student engagement and performance substantially. Over 91% of the students surveyed indicated that personalized quizzes helped them to clarify their own misconceptions and made them more confident of their progress. Students using the prescriptive quizzes performed significantly better than others in subsequent class assessments and the final exam

Student and supervisor perceptions of writing competencies for a Computer Science PhD

A PhD in any discipline requires a student to produce a substantial written document, which is then assessed by a group of experts in the specific discipline. In the discipline of computer science, it has often been noted anecdotally that many students struggle with the English writing skill needed to produce a thesis (and other documents, such as scientific papers). English writing skill issues seem particularly acute for students for whom English is not their first language, especially as undergraduate degrees in computer science generally do not require students to undertake significant amounts of English writing. In this project, we investigated the level of competence in written English that is appropriate for Australian PhD students enrolled in Computer Science. In particular, we sought to determine the appropriate level of writing skill required, how the level of skill may change during the students' candidature, and the reasons for this change, as perceived by both students and supervisors. We approached these questions by surveying both students and PhD supervisors from a variety of Australian universities, to determine both their perceptions of the writing skill requirements that are appropriate, difficulties encountered, and support services, in the context of the English language learning background of all participants. We also analysed the performance of students on a given writing task, which was assessed by experienced PhD Computer Science supervisors, English for Academic Purposes support staff and by an IELTS examiner. We found insufficient awareness of the writing supports available, a need for writing support targeted at technical writing, and an average supervisor expectation of IELTS 6.5 for writing at PhD commencement