NSF Security Grant: Modules

Project Modules

This module provides an overview and interactive treatment of the buffer overflow module specifically directed toward educators and students, but also accessible to managers, journalists, and technology analysts.

The heart of the module is an interactive demonstration of how a few kinds of buffer overflow occur. As you work your way through the interaction, you'll see the inner workings of a simple program with input coming from an outside attacker.

The module also provides economic background, leads to current defensive techniques, and instructions for its use. The module may be used stand-alone by different types of users or its core demonstration may be used in a classroom setting by an instructor. We call this interactive software a "module" because it's intended to be used as a small part of a course, a software engineer's continuing education, or a non-engineer's introduction to the topic.

Resources: Presentations, Defense Tools, Exercises, Quizzes
NCISSE 2002 PowerPoint Overview: nsfsecurity.pr.erau.edu/Talks/ncisse2002.ppt

Encryption is a way of hiding secrets by applying mathematical functions to plain text to produce text that is difficult to decrypt. This module describes the mechanics of the DES (Data Encryption Standard) using several Java applets. Other facets of encryption are also demonstrated. As is, the module may be used by an instructor familiar with the concepts of cryptography needing some interactive demonstrations for classroom or laboratory work.

The first version of the cryptography module will include history, standards and evolution, an overview of the DES algorithm, keysize issues, confusion and diffusion, block size, key size, number of rounds, subkey generation algorithm, the avalanche effect, cryptanalysis, Feistel structures, round functions, S-boxes, and hardware encryption vs. software encryption.

Computer security does not stand alone, the most highly trusted software in the world can't protect against electronic eavesdropping, for example. The full scope of measures necessary to protect digital information involves personnel security, physical security, cryptography, operations security, and several other disciplines as well, all in addition to the technical aspects of digital INFOSEC.

This module includes a series of Powerpoint presentations defining the full set of these disciplines and discusses their interactions and inter-dependencies. The key technical concepts and issues associated with each are defined, with significantly greater emphasis and depth on INFOSEC itself, since other modules being developed under this grant address several of these other areas in greater detail (e.g., cryptography and personnel security).

Interactive elements of the module include an interactive game-like scenario where the user tries chooses among various individual security measures only to have the attackers discover another flaw and exploit it, forcing the user to deploy another countermeasure, and so on. Also available are interactive online self assessment tools in the form of quizzes and even a crossword puzzle of security terms and concepts.

Security Personnel
Richard Bloom, bloom@erau.edu

This module provides background on personnel issues.

Our modern transportation networks are complex and intermodal, involving combinations of automobiles, buses, airplanes, and light and heavy rail. Today's transportation managers and public policy makers require both strong intuition and operational knowledge to prepare for and respond to bioterrorism attacks on this critical infrastructure.

This module provides an interactive model for understanding intermodal transportation networks and predicting patterns for travelers subjected to a bioterrorism release. Using these tools, people will acquire knowledge relating to a variety of modes of transportation and understand some of the differing characteristics of the vehicles that serve these important terminals, stations, and depots. This model is the key to grasping the gravity of the bioterrorism threat in our society. Furthermore, the model will help people to comprehend interrelationships between the different modes of transportation and related critical security concerns.

The initial version of this module is a step toward helping students to synthesize a variety of data relating to human biology, transportation systems, public administration, and emergency response. With further experience, students will operationalize the knowledge gained in order to determine preventative strategies and implement corrective actions.