Outcomes-Based Assessment as an Assurance Education Tool
- 285 Downloads
The goal of Syracuse University’s Certificate of Advanced Study in Systems Assurance (CASSA) program is to develop students who (1) comprehend the concepts underlying security and system assurance; (2) can apply those concepts to construct assured systems; and (3) can critically analyze and evaluate systems’ conformance to their requirements. Because of this third requirement, a key component of the CASSA program is an emphasis on using formal mathematics and logic to provide a rigorous basis for the assurance of information and information systems.
Our purpose in writing this paper is twofold. The first is to report on our progress in delivering an assurance curriculum with a strong emphasis on logic and formal methods. Specifically, we describe what we are teaching in two of our foundational courses, as well as what our students are learning. The second and broader purpose is to advocate the use of an outcome-based approach when developing IA courses and curricula. We have found that focusing on the desired educational outcomes from the outset has made it easier to identify what is working and what is not, and we wish to share our experiences.
Key wordsFormal methods educational outcomes assessment of student learning assurance.
- [BAN90]Michael Burrows, Martin Abadi, and Roger Needham. A logic of authentication. Technical report, SRC Research Report 39, Systems Research Center, Digital Equipment Corporation, Palo Alto, CA, 1990.Google Scholar
- [B1o74]Benjamin S. Bloom. The Taxonomy of Educational Objectives: Affective and Cognitive Domains. David McKay, New York, 1974.Google Scholar
- [Dia98]Robert M. Diamond. Designing & Assessing Courses & Curricula: A Practical Guide. Jossey-Boss, revised edition, 1998.Google Scholar
- [FK92]David Ferraiolo and D. Richard Kuhn. Role based access control. In Proceedings of 15th Annual Conference on National Computer Security, pages 554–563, Gaithersburg, MD, 1992. National Institute of Standards and Technology.Google Scholar
- [For97]Formal Systems (Europe) Ltd, Oxford. Failures-Divergence Refinement: FDR2 User Manual, October 1997.Google Scholar
- [For98]Formal Systems (Europe) Ltd, Oxford. Process Behaviour Explorer: ProBE User Manual, March 1998.Google Scholar
- [FSG+00]David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. A proposed standard for role-based access control. Technical report, National Institute of Standards and Technology, December 2000.Google Scholar
- [HK00]Jon Howell and David Kotz. A formal semantics for spki. Technical Report TR 2000–363, Dept. of Computer Science, Dartmouth College, Hanover, NH, March 2000.Google Scholar
- [Hoa85]C.A.R. Hoare. Communicating Sequential Processes. Series in Computer Science. Prentice Hall, London, 1985.Google Scholar
- [LABW92]Butler Lampson, Martin Abadi, Michael Burrows, and Edward Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10 (4): 265–310, November 1992.Google Scholar
- [Lam71]Butler Lampson. Protection. In Proceedings of the 5th Princeton Conference on Information Sciences and Systems, Princeton, NJ, 1971.Google Scholar
- [Low96]Gavin Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. Software Concepts and Tools, 17:93–102, 1996. 196 Outcomes-based Assessment as an Assurance Education Tool Google Scholar
- [Mi180]Robin Milner. A Calculus of Communicating Systems, volume 92 of Lecture Notes in Computer Science. Springer-Verlag, 1980.Google Scholar
- [OC02]Susan Older and Shiu-Kai Chin. Building a rigorous foundation for assurance into information assurance education. In Proceedings of 6th National Colloquium for Information Systems Security Education, volume 1. George Washington University Journal of Information Security, 2002.Google Scholar
- [Ros98]A.W. Roscoe. The Theory and Practice of Concurrency. Series in Computer Science. Prentice Hall, London, 1998.Google Scholar
- [Sch00]Steve Schneider. Concurrent and Real-Time Systems: The CSP Approach. John Wiley & Sons, 2000.Google Scholar
- [Sta99]William Stallings. Cryptography and Network Security, Second Edition. Prentice-Hall, 1999.Google Scholar
- [Syr98]Syracuse University Department of Electrical Engineering and Computer Science. Developing curricula to meet the needs of the next millenium: Preliminary report of the EECS Curriculum & Course Development Committee, 1998.Google Scholar