The SFS Summer Research Study at UMBC: Project-Based Learning Inspires Cybersecurity Students

dc.contributor.authorSherman, Alan
dc.contributor.authorGolaszewski, Enis
dc.contributor.authorLaFemina, Edward
dc.contributor.authorGoldschen, Ethan
dc.contributor.authorKhan, Mohammed
dc.contributor.authorMundy, Lauren
dc.contributor.authorRather, Mykah
dc.contributor.authorSolis, Bryan
dc.contributor.authorTete, Wubnyonga
dc.contributor.authorValdez, Edwin
dc.contributor.authorWeber, Brian
dc.contributor.authorDoyle, Damian
dc.contributor.authorO’Brien, Casey
dc.contributor.authorOliva, Linda
dc.contributor.authorRoundy, Joseph
dc.contributor.authorSuess, Jack
dc.date.accessioned2019-06-24T17:22:18Z
dc.date.available2019-06-24T17:22:18Z
dc.date.issued2018-11-12
dc.description.abstractMay 30-June 2, 2017, Scholarship for Service (SFS) scholars at the University of Maryland, Baltimore County (UMBC) analyzed the security of a targeted aspect of the UMBC computer systems. During this hands-on study, with complete access to source code, students identified vulnerabilities, devised and implemented exploits, and suggested mitigations. As part of a pioneering program at UMBC to extend SFS scholarships to community colleges, the study helped initiate six students from two nearby community colleges, who transferred to UMBC in fall 2017 to complete their four-year degrees in computer science and information systems. The study examined the security of a set of "NetAdmin" custom scripts that enable UMBC faculty and staff to open the UMBC firewall to allow external access to machines they control for research purposes. Students discovered vulnerabilities stemming from weak architectural design, record overflow, and failure to sanitize inputs properly. For example, they implemented a record-overflow and code-injection exploit that exfiltrated the vital API key of the UMBC firewall. This report summarizes student activities and findings, and reflects on lessons learned for students, educators, and system administrators. Our students found the collaborative experience inspirational, students and educators appreciated the authentic case study, and IT administrators gained access to future employees and received free recommendations for improving the security of their systems. We hope that other universities can benefit from our motivational and educational strategy of teaming educators and system administrators to engage students in active project-based learning centering on focused questions about their university computer systems.en_US
dc.description.sponsorshipThis project was supported in part by the National Science Foundation under SFS grant 1241576. Sherman was also supported by the U.S. Department of Defense under CAE-R grant H98230-17-1-0349 and IASP grant H98230-17-1-0387.en_US
dc.description.urihttps://arxiv.org/abs/1811.04794en_US
dc.format.extent18 pagesen_US
dc.genrejournal articles preprintsen_US
dc.identifierdoi:10.13016/m2zcl7-ob4u
dc.identifier.citationAlan Sherman, et.al, The SFS Summer Research Study at UMBC: Project-Based Learning Inspires Cybersecurity Students, Cryptography and Security, 2018, https://arxiv.org/abs/1811.04794en_US
dc.identifier.urihttp://hdl.handle.net/11603/14295
dc.language.isoen_USen_US
dc.relation.isAvailableAtThe University of Maryland, Baltimore County (UMBC)
dc.relation.ispartofUMBC Center for Cybersecurity
dc.relation.ispartofUMBC Faculty Collection
dc.relation.ispartofUMBC Student Collection
dc.relation.ispartofUMBC Computer Science and Electrical Engineering Department
dc.relation.ispartofAbout UMBC and Its People
dc.relation.ispartofUMBC Center for Information Security and Assurance (CISA)
dc.relation.ispartofUMBC Division of Information Technology
dc.relation.ispartofUMBC Education Department
dc.rightsThis item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
dc.subjectCode injectionen_US
dc.subjectcomputer and network securityen_US
dc.subjectcybersecurityen_US
dc.subjectCyberCorps: Scholarship for Service (SFS)en_US
dc.subjectfirewallsen_US
dc.subjectNetAdminen_US
dc.subjectproject-based learningen_US
dc.subjectrecord overflowen_US
dc.subjectsecurity evaluationen_US
dc.subjectUMBC SFS Summer Research Studyen_US
dc.subjectUMBC Federal Cybercorps Scholarship for Service (SFS)en_US
dc.titleThe SFS Summer Research Study at UMBC: Project-Based Learning Inspires Cybersecurity Studentsen_US
dc.typeTexten_US

Files

License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
2.56 KB
Format:
Item-specific license agreed upon to submission
Description: