• Login
    View Item 
    •   Maryland Shared Open Access Repository Home
    • ScholarWorks@UMBC
    • UMBC Academic Centers and Institutes
    • UMBC Center for Cybersecurity
    • View Item
    •   Maryland Shared Open Access Repository Home
    • ScholarWorks@UMBC
    • UMBC Academic Centers and Institutes
    • UMBC Center for Cybersecurity
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    The SFS Summer Research Study at UMBC: Project-Based Learning Inspires Cybersecurity Students

    Thumbnail
    Links to Files
    https://arxiv.org/abs/1811.04794
    Permanent Link
    http://hdl.handle.net/11603/14295
    Collections
    • About UMBC and Its People
    • UMBC Center for Cybersecurity
    • UMBC Center for Information Security and Assurance (CISA)
    • UMBC Education Department
    • UMBC Faculty Collection
    • UMBC Instructional Technology & New Media
    • UMBC Office of the Vice President of Information Technology
    • UMBC Student Collection
    Metadata
    Show full item record
    Author/Creator
    Sherman, Alan
    Golaszewski, Enis
    LaFemina, Edward
    Goldschen, Ethan
    Khan, Mohammed
    Mundy, Lauren
    Rather, Mykah
    Solis, Bryan
    Tete, Wubnyonga
    Valdez, Edwin
    Weber, Brian
    Doyle, Damian
    O’Brien, Casey
    Oliva, Linda
    Roundy, Joseph
    Suess, Jack
    Date
    2018-11-12
    Type of Work
    18 pages
    Text
    journal articles preprints
    Citation of Original Publication
    Alan Sherman, et.al, The SFS Summer Research Study at UMBC: Project-Based Learning Inspires Cybersecurity Students, Cryptography and Security, 2018, https://arxiv.org/abs/1811.04794
    Rights
    This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
    Subjects
    Code injection
    computer and network security
    cybersecurity
    CyberCorps: Scholarship for Service (SFS)
    firewalls
    NetAdmin
    project-based learning
    record overflow
    security evaluation
    UMBC SFS Summer Research Study
    UMBC Federal Cybercorps Scholarship for Service (SFS)
    Abstract
    May 30-June 2, 2017, Scholarship for Service (SFS) scholars at the University of Maryland, Baltimore County (UMBC) analyzed the security of a targeted aspect of the UMBC computer systems. During this hands-on study, with complete access to source code, students identified vulnerabilities, devised and implemented exploits, and suggested mitigations. As part of a pioneering program at UMBC to extend SFS scholarships to community colleges, the study helped initiate six students from two nearby community colleges, who transferred to UMBC in fall 2017 to complete their four-year degrees in computer science and information systems. The study examined the security of a set of "NetAdmin" custom scripts that enable UMBC faculty and staff to open the UMBC firewall to allow external access to machines they control for research purposes. Students discovered vulnerabilities stemming from weak architectural design, record overflow, and failure to sanitize inputs properly. For example, they implemented a record-overflow and code-injection exploit that exfiltrated the vital API key of the UMBC firewall. This report summarizes student activities and findings, and reflects on lessons learned for students, educators, and system administrators. Our students found the collaborative experience inspirational, students and educators appreciated the authentic case study, and IT administrators gained access to future employees and received free recommendations for improving the security of their systems. We hope that other universities can benefit from our motivational and educational strategy of teaming educators and system administrators to engage students in active project-based learning centering on focused questions about their university computer systems.


    Albin O. Kuhn Library & Gallery
    University of Maryland, Baltimore County
    1000 Hilltop Circle
    Baltimore, MD 21250
    www.umbc.edu/scholarworks

    Contact information:
    Email: scholarworks-group@umbc.edu
    Phone: 410-455-3021


    If you wish to submit a copyright complaint or withdrawal request, please email mdsoar-help@umd.edu.

     

     

    My Account

    LoginRegister

    Browse

    This CollectionBy Issue DateTitlesAuthorsSubjectsType

    Statistics

    View Usage Statistics


    Albin O. Kuhn Library & Gallery
    University of Maryland, Baltimore County
    1000 Hilltop Circle
    Baltimore, MD 21250
    www.umbc.edu/scholarworks

    Contact information:
    Email: scholarworks-group@umbc.edu
    Phone: 410-455-3021


    If you wish to submit a copyright complaint or withdrawal request, please email mdsoar-help@umd.edu.