Browsing by Author "Sherman, Alan"
Now showing 1 - 3 of 3
Results Per Page
Sort Options
Item Phrase-Verified Voting: Verifiable Low-Tech Remote Boardroom Voting (How We Voted on Tenure & Promotion Cases during the Pandemic)(Taylor and Francis, 2021-11-17) Blanchard, Enka; Robucci, Ryan; Selker, Ted; Sherman, AlanWe present Phrase-Verified Voting, a voter-verifiable remote voting system assembled from commercial off-the-shelf software for small private elections. The system is transparent and enables each voter to verify that the tally includes their ballot selection without requiring any understanding of cryptography. This paper describes the system and its use in fall 2020, to vote remotely in promotion committees in a university. Each voter fills out a form in the cloud with their vote V (YES, NO, ABSTAIN) and a passphrase P—two words entered by the voter. The system generates a verification prompt of the (P,V) pairs and a tally of the votes, organized to help visualize how the votes add up. After the polls close, each voter verifies that this table lists their (P,V) pair and that the tally is computed correctly. The system is especially appropriate for any small group making sensitive decisions. Because the system would not prevent a coercer from demanding that their victim use a specified passphrase, it is not designed for applications where such malfeasance would be likely or go undetected. Results from 43 voters show that the system was wellaccepted, performed effectively for its intended purpose, and introduced users to the concept of voter-verified elections. Compared to the commonly-used alternatives of paper ballots or voting by email, voters found the system easier to use, and that it provided greater privacy and outcome integrity.Item The SFS Summer Research Study at UMBC: Project-Based Learning Inspires Cybersecurity Students(2018-11-12) Sherman, Alan; Golaszewski, Enis; LaFemina, Edward; Goldschen, Ethan; Khan, Mohammed; Mundy, Lauren; Rather, Mykah; Solis, Bryan; Tete, Wubnyonga; Valdez, Edwin; Weber, Brian; Doyle, Damian; O’Brien, Casey; Oliva, Linda; Roundy, Joseph; Suess, JackMay 30-June 2, 2017, Scholarship for Service (SFS) scholars at the University of Maryland, Baltimore County (UMBC) analyzed the security of a targeted aspect of the UMBC computer systems. During this hands-on study, with complete access to source code, students identified vulnerabilities, devised and implemented exploits, and suggested mitigations. As part of a pioneering program at UMBC to extend SFS scholarships to community colleges, the study helped initiate six students from two nearby community colleges, who transferred to UMBC in fall 2017 to complete their four-year degrees in computer science and information systems. The study examined the security of a set of "NetAdmin" custom scripts that enable UMBC faculty and staff to open the UMBC firewall to allow external access to machines they control for research purposes. Students discovered vulnerabilities stemming from weak architectural design, record overflow, and failure to sanitize inputs properly. For example, they implemented a record-overflow and code-injection exploit that exfiltrated the vital API key of the UMBC firewall. This report summarizes student activities and findings, and reflects on lessons learned for students, educators, and system administrators. Our students found the collaborative experience inspirational, students and educators appreciated the authentic case study, and IT administrators gained access to future employees and received free recommendations for improving the security of their systems. We hope that other universities can benefit from our motivational and educational strategy of teaming educators and system administrators to engage students in active project-based learning centering on focused questions about their university computer systems.Item Student Misconceptions about Cybersecurity Concepts: Analysis of Think-Aloud Interviews(DigitalCommons@Kennesaw State University, 2018) Thompson, Julia D.; Herman, Geoffrey L.; Scheponik, Travis; Oliva, Linda; Sherman, Alan; Golaszewski, Ennis; Phatak, DhananjayWe conducted an observational study to document student misconceptions about cybersecurity using thematic analysis of 25 think-aloud interviews. By understanding patterns in student misconceptions, we provide a basis for developing rigorous evidence-based recommendations for improving teaching and assessment methods in cybersecurity and inform future research. This study is the first to explore student cognition and reasoning about cybersecurity. We interviewed students from three diverse institutions. During these interviews, students grappled with security scenarios designed to probe their understanding of cybersecurity, especially adversarial thinking. We analyzed student statements using a structured qualitative method, novice-led paired thematic analysis, to document patterns in student misconceptions and problematic reasoning that transcend institutions, scenarios, or demographics. Themes generated from this analysis describe a taxonomy of misconceptions but not their causes or remedies. Four themes emerged: overgeneralizations, conflated concepts, biases, and incorrect assumptions. Together, these themes reveal that students generally failed to grasp the complexity and subtlety of possible vulnerabilities, threats, risks, and mitigations, suggesting a need for instructional methods that engage students in reasoning about complex scenarios with an adversarial mindset. These findings can guide teachers’ attention during instruction and inform the development of cybersecurity assessment tools that enable cross-institutional assessments that measure the effectiveness of pedagogies.