Is attack better than defense?: Teaching information security the right way

Proceedings of the 2006 Information Security Curriculum Development Conference, InfoSecCD '06

Volumn , Issue , 2007, Pages 44-48

  Mink, Martin ^a   Freiling, Felix C ^b  

^a RWTH AACHEN UNIVERSITY   (Germany)

^b UNIVERSITY OF MANNHEIM   (Germany)

Author keywords

Computer forensics; Empirical measurement; Offensive techniques; Security education; Security lab; Summerschool

Indexed keywords

COMPUTER CRIME; CURRICULA; ENGINEERING EDUCATION; RESEARCH LABORATORIES; TEACHING;

COMPUTER FORENSICS; EMPIRICAL MEASUREMENT; OFFENSIVE TECHNIQUES; SECURITY EDUCATION; SECURITY LABORATORIES;

SECURITY OF DATA;

EID: 34748843427     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1231047.1231056     Document Type: Conference Paper

References (23)

1. Black Hat briefings, training and consulting. http://www.blackhat.com.
2. Defcon hacking event, Las Vegas, http://www.defcon.org.
3. I. Arce and G. McGraw. Guest Editors' introduction: Why attacking systems is a good idea. IEEE Security & Privacy, 2(4): 17-19, July Aug. 2004.
4. K. P. Arnett and M. B. Schmidt. Busting the ghost in the machine. Communications of the ACM, 48(8):92-95, Aug. 2005.
5. J. Bortz and N. Döring. Forschungsmethoden und Evaluation für Human- und Sozialwissenschaftler. Springer, 3rd edition, 2003.
6. G. Conti. Why computer scientists should attend hacker conferences. Communications of the ACM, 48(3):23-24, Mar. 2005.
7. G. Conti. Hacking and innovation (guest editor's introduction). Communications of the ACM, June 2006.
8. Digital Evolution. Homepage "Digital Evolution". http://www.dievo.org/. Accessed. March 2006.
9. R. Dodge, D. J. Ragsdale, and C Reynolds. Organization and training of a cyber security team. In Proceedings of the 2003 IEEE International Conference on Systems, Man & Cybernetics, 2003.
10. D. Farmer and W. Venema. Improving the security of your site by breaking into it. Usenet Posting to comp.security.unix, 3. Dec. 1993.
11. M. Dornseif, F. C. Freiling, M. Mink, and L. Pimenidis. Teaching data security at university degree level. In Proceedings of the Fourth World Conference on Information Security Education, pages 213-222, 2005.
12. M. Dornseif, F. C. Gärtner, T. Holz, and M. Mink. An Offensive Approach to teaching Information Security: "Aachen Summer School Applied IT Security". Technical Report AIB-2005-02, RWTH Aachen, Jan. 2005.
13. Ghetto Hackers. Homepage "Root-Fu". http://www.ghettohackers. net/rootfu/. Accessed April 2006.
14. Hack this page. Homepage "Hack this page". http://www.hackthi. spage.tk/. Accessed May 2006.
15. P. G. Neumann. The risks-forum digest. http://catless.ncl.ac.uk/ris.ks.
16. P. G. Neumann. Inside risks: the big picture. Communications of the ACM, 47(9): 112, Sept. 2004.
17. D. Rost. Interpretation und Bewertung pädagogischpsychologischer Studien. Beltz, 2005.
18. W. Schepens and J. James. Architecture of a cyber defense competition. In Proceedings of the 2003 IEEE International Conference on Systems, Man & Cybernetics, 1998.
19. M. Schumacher, M.-L. Moschgath, and U. Roedig. Angewandte Informationssicherheit: Ein Hacker-Praktikum an Universitäten. Informatik Spektrum, 6(23), June 2000.
20. T. Slewe and M. Hoogenboom. Who will rob you on the digital highway? Communications of the ACM, 47(5):56-60, May 2004.
21. UCSB. Homepage "UCSB Capture The Flag". http://www.cs.ucsb.edu/ ~vigna/CTF/. Accessed May 2006.
22. G. Vigna. Teaching network security through live exercises. In C. E. Irvine and H. L. Armstrong, editors, World Conference on Information Security Education, volume 253 of IFIP Conference Proceedings, pages 3-18. Kluwer, 2003.
23. G. White and G. Nordstrom. Security across the curriculum: Using computer security to teach computer science principles. In Proceedings of the 19th International Information Systems Security Conference, pages 519-525, 1998.