Raising Security Awareness using Cybersecurity Challenges in Embedded Programming Courses

TL;DR

This paper extends the Sifu platform with embedded programming challenges to enhance security awareness among students, demonstrating their effectiveness and potential integration into curricula.

Contribution

It introduces three new cybersecurity challenges tailored for embedded courses and provides implementation details and evaluation results.

Findings

Challenges are suitable for academic use

Participants showed increased security awareness

Potential for inclusion in official curricula

Abstract

Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of awareness training. The Sifu platform was developed in the industry, for the industry, with the aim to raise software developers' awareness of secure coding. This paper extends the Sifu platform with three challenges that specifically address embedded programming courses, and describes how to implement these challenges, while also evaluating the usefulness of these challenges to raise security awareness in an academic setting. Our work presents technical details on the detection mechanisms for software vulnerabilities and gives practical advice on how to implement them. The evaluation of the challenges is performed through two trial runs with a total of 16 participants. Our preliminary results show that the challenges are suitable for academia, and can even potentially be included in official teaching curricula. One major finding is an indicator of the lack of awareness of secure coding by undergraduates. Finally, we compare our results with previous work done in the industry and extract advice for practitioners.