M. Menard, Tommy Nelson, Milan Shahi, Hugh Morton, Adam DeTavernier, Harvey P. Siy, Rui Zhao, Myoungkyu Song
{"title":"A Feasibility Study of Using Code Clone Detection for Secure Programming Education","authors":"M. Menard, Tommy Nelson, Milan Shahi, Hugh Morton, Adam DeTavernier, Harvey P. Siy, Rui Zhao, Myoungkyu Song","doi":"10.1109/COMPSAC54236.2022.00238","DOIUrl":null,"url":null,"abstract":"Secure library reuse is critical for modern ap-plications to protect private information in software security engineering. Teaching secure programming is also more critical to tackle the challenges of new and evolving threats. However, novice students often make mistakes by API misuses due to a lack of understanding of secure libraries or a false sense of security. In this paper, we study the feasibility of applying code clone detection (CCD) for finding relevant examples to effectively teach secure programming to computer science students. CCD is an emerging new technology that extracts syntactically or semantically similar code fragments to support many software engineering tasks, such as program understanding, code quality analysis, software evolution analysis, and bug detection. We have developed a prototype implementation ExTUTOR that allows students to search for relevant examples as feedback when they want to fix their programming issues or vulnerabilities. In our evaluation, we applied ExTUTOR to open source subject applications in the security domain. Our approach should help novice students gain benefits from feedback and identify how to effectively make use of APIs, encouraging students to fix their own security violations in their own applications.","PeriodicalId":330838,"journal":{"name":"2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/COMPSAC54236.2022.00238","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Secure library reuse is critical for modern ap-plications to protect private information in software security engineering. Teaching secure programming is also more critical to tackle the challenges of new and evolving threats. However, novice students often make mistakes by API misuses due to a lack of understanding of secure libraries or a false sense of security. In this paper, we study the feasibility of applying code clone detection (CCD) for finding relevant examples to effectively teach secure programming to computer science students. CCD is an emerging new technology that extracts syntactically or semantically similar code fragments to support many software engineering tasks, such as program understanding, code quality analysis, software evolution analysis, and bug detection. We have developed a prototype implementation ExTUTOR that allows students to search for relevant examples as feedback when they want to fix their programming issues or vulnerabilities. In our evaluation, we applied ExTUTOR to open source subject applications in the security domain. Our approach should help novice students gain benefits from feedback and identify how to effectively make use of APIs, encouraging students to fix their own security violations in their own applications.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
