Due to the increasing number of computing jobs and national demands, we are seeing a surge of non-traditional students (aged over 25), entering the online CS1 courses. We are at a large metropolitan public research university, where 30% of the students are non-traditional students. However, the online CS1 course usually consists of 70-75% of non-traditional students. We carried out a study in that course for the last 5 semesters where we interviewed non-traditional students to better understand their characteristics and how those are related to their learning goals and performance. This paper is an attempt to identify the unique characteristics of non-traditional students that can help Computing-ED researchers and admins to design online CS1 courses with appropriate pedagogy, so a better learning experience can be provided to them and their retention rates can be increased
{"title":"Understanding Barriers and Motivations of Non-Traditional Students Learning Programming in an Online CS1 Course","authors":"Farzana Rahman","doi":"10.1145/3368308.3415455","DOIUrl":"https://doi.org/10.1145/3368308.3415455","url":null,"abstract":"Due to the increasing number of computing jobs and national demands, we are seeing a surge of non-traditional students (aged over 25), entering the online CS1 courses. We are at a large metropolitan public research university, where 30% of the students are non-traditional students. However, the online CS1 course usually consists of 70-75% of non-traditional students. We carried out a study in that course for the last 5 semesters where we interviewed non-traditional students to better understand their characteristics and how those are related to their learning goals and performance. This paper is an attempt to identify the unique characteristics of non-traditional students that can help Computing-ED researchers and admins to design online CS1 courses with appropriate pedagogy, so a better learning experience can be provided to them and their retention rates can be increased","PeriodicalId":374890,"journal":{"name":"Proceedings of the 21st Annual Conference on Information Technology Education","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126064639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Certificate Authority (CA) is a single point of failure in the trust model of X.509 Public Key Infrastructure (PKI), since CA is the only entity to sign and distribute public key certificates and no one else is involved in certificate verification. In response, recent fixes based on public logs have been successful in making certificate management more transparent and publicly verifiable. However, more recent researches have shown that none of existing solutions is fully satisfactory due to different security flaws and operational challenges. In this study, we propose a domain-aware alternative to mitigate those issues by involving domain owner in digital signature and certificate verification. Our proposal is based on current PKI design and business model with critical extensions of domain awareness. In order to engage domain owner in its certificate verification, we propose that each domain maintains its own certificate logs. A certificate is co-signed by a CA and its domain with a domain master key. To prove the authenticity of a certificate, a client first verifies the CA's digital signature, then the domain signature, and finally sends a query about the certificate status to its domain owner for further confirmation. By engaging domain owner in co-signing and verifying its certificates, we distribute the trust for certificate authenticity between the CA that signed this certificate and its domain owner. With these extensions, it will be extremely hard, if not impossible, for an adversary to make a successful attack to a client, and the damage of a successful attack is limited to this single client only. In this paper, we present a framework of our proposal, analyze its security gains and compare it with existing solutions.
{"title":"DomainPKI","authors":"Xinli Wang, M. El-Said","doi":"10.1145/3368308.3415401","DOIUrl":"https://doi.org/10.1145/3368308.3415401","url":null,"abstract":"Certificate Authority (CA) is a single point of failure in the trust model of X.509 Public Key Infrastructure (PKI), since CA is the only entity to sign and distribute public key certificates and no one else is involved in certificate verification. In response, recent fixes based on public logs have been successful in making certificate management more transparent and publicly verifiable. However, more recent researches have shown that none of existing solutions is fully satisfactory due to different security flaws and operational challenges. In this study, we propose a domain-aware alternative to mitigate those issues by involving domain owner in digital signature and certificate verification. Our proposal is based on current PKI design and business model with critical extensions of domain awareness. In order to engage domain owner in its certificate verification, we propose that each domain maintains its own certificate logs. A certificate is co-signed by a CA and its domain with a domain master key. To prove the authenticity of a certificate, a client first verifies the CA's digital signature, then the domain signature, and finally sends a query about the certificate status to its domain owner for further confirmation. By engaging domain owner in co-signing and verifying its certificates, we distribute the trust for certificate authenticity between the CA that signed this certificate and its domain owner. With these extensions, it will be extremely hard, if not impossible, for an adversary to make a successful attack to a client, and the damage of a successful attack is limited to this single client only. In this paper, we present a framework of our proposal, analyze its security gains and compare it with existing solutions.","PeriodicalId":374890,"journal":{"name":"Proceedings of the 21st Annual Conference on Information Technology Education","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115085171","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sang-Keun Oh, Nathaniel Stickney, Daniel Hawthorne-Madell, Suzanne J. Matthews
Cyber ranges are an important tool for teaching cyber security techniques. However, setting up a cyber range for classroom use can be costly. Prior work on lowering the cost of cyber ranges focuses on open source solutions and virtual machines. Yet, these solutions do not reduce the cost of physical components - namely, the underlying hardware used to build the range. In this paper, we describe a prototype cyber range built out of Raspberry Pis, a type of inexpensive single board computer. To illustrate the functionality of the range, we use Docker and Docker Swarm to deploy a vulnerable web server across four Raspberry Pi nodes and assess it in an undergraduate classroom. Our cyber range costs under $250.00 to build and consumes less than 25 Watts of power. We open-source our materials and provide pre-built Docker images on Docker Hub to enable others to use our work. Our results suggest that cyber ranges built using Raspberry Pi clusters can lower cost and enhance cyber security education.
{"title":"Teaching Web-Attacks on a Raspberry Pi Cyber Range","authors":"Sang-Keun Oh, Nathaniel Stickney, Daniel Hawthorne-Madell, Suzanne J. Matthews","doi":"10.1145/3368308.3415364","DOIUrl":"https://doi.org/10.1145/3368308.3415364","url":null,"abstract":"Cyber ranges are an important tool for teaching cyber security techniques. However, setting up a cyber range for classroom use can be costly. Prior work on lowering the cost of cyber ranges focuses on open source solutions and virtual machines. Yet, these solutions do not reduce the cost of physical components - namely, the underlying hardware used to build the range. In this paper, we describe a prototype cyber range built out of Raspberry Pis, a type of inexpensive single board computer. To illustrate the functionality of the range, we use Docker and Docker Swarm to deploy a vulnerable web server across four Raspberry Pi nodes and assess it in an undergraduate classroom. Our cyber range costs under $250.00 to build and consumes less than 25 Watts of power. We open-source our materials and provide pre-built Docker images on Docker Hub to enable others to use our work. Our results suggest that cyber ranges built using Raspberry Pi clusters can lower cost and enhance cyber security education.","PeriodicalId":374890,"journal":{"name":"Proceedings of the 21st Annual Conference on Information Technology Education","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130185438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Classroom learning must be addressed in order to provide an inclusive course experience for all students. This study examined the effectiveness of support structures for Deaf and Hard-of-Hearing (DHH) students in the form of a web conferencing system that allowed for a composite screen solution. Quantitative and qualitative data analysis indicated that DHH students rely on access services and accommodations such as sign language interpreting and priority seating in order to have access to content in a mainstream classroom. However, the usage by hearing students was higher than anticipated.
{"title":"An Initial Survey of Deaf and Hard-of-Hearing Student Use of a Composite Screen Solution Utilizing Web Conferencing Software","authors":"E. Weeden, Sharon Mason","doi":"10.1145/3368308.3415459","DOIUrl":"https://doi.org/10.1145/3368308.3415459","url":null,"abstract":"Classroom learning must be addressed in order to provide an inclusive course experience for all students. This study examined the effectiveness of support structures for Deaf and Hard-of-Hearing (DHH) students in the form of a web conferencing system that allowed for a composite screen solution. Quantitative and qualitative data analysis indicated that DHH students rely on access services and accommodations such as sign language interpreting and priority seating in order to have access to content in a mainstream classroom. However, the usage by hearing students was higher than anticipated.","PeriodicalId":374890,"journal":{"name":"Proceedings of the 21st Annual Conference on Information Technology Education","volume":"280 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132060583","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The coronavirus pandemic brings tremendous challenges to teaching cybersecurity courses online, from learning how to use different online teaching platforms to innovative instruction methodologies within two weeks. In this paper, we will present the lessons we learned in teaching both graduate and undergraduate cybersecurity courses during Covid-19.
{"title":"Lessons Learned from Teaching Cybersecurity Courses During Covid-19","authors":"Yan Bai, Chunming Gao, B. Goda","doi":"10.1145/3368308.3415394","DOIUrl":"https://doi.org/10.1145/3368308.3415394","url":null,"abstract":"The coronavirus pandemic brings tremendous challenges to teaching cybersecurity courses online, from learning how to use different online teaching platforms to innovative instruction methodologies within two weeks. In this paper, we will present the lessons we learned in teaching both graduate and undergraduate cybersecurity courses during Covid-19.","PeriodicalId":374890,"journal":{"name":"Proceedings of the 21st Annual Conference on Information Technology Education","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133386843","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The problem of proctoring off-campus exams is considered. Under unexpected situation such as COVID-19 pandemics, for many university courses, high-stake summative exams must be conducted from student home as a result of lockdown and social distancing policies. This paper addresses the issue of how to proctor off-campus exams in this unprepared situation, where a few constraints limited the choices of possible solutions. A proctoring method was developed with the aim to provide a solution that can be applied as widely as possible under the constraints imposed on the situation. The method is based on free software and services. It makes use of only hardware and devices universally available among the target students. A proctoring concept based on the use of E-Cam and S-Cam, a procedure, as well as a portable cross-platform proctor monitoring tool have been developed and described. Results from applying the proposed tool and method to an actual off-campus exam has been reported and discussed. Lessons learned and suggestions are provided.
{"title":"Affordable Proctoring Method for Ad-hoc Off-campus Exams","authors":"N. Chotikakamthorn, Supawan Tassanaprasert","doi":"10.1145/3368308.3415421","DOIUrl":"https://doi.org/10.1145/3368308.3415421","url":null,"abstract":"The problem of proctoring off-campus exams is considered. Under unexpected situation such as COVID-19 pandemics, for many university courses, high-stake summative exams must be conducted from student home as a result of lockdown and social distancing policies. This paper addresses the issue of how to proctor off-campus exams in this unprepared situation, where a few constraints limited the choices of possible solutions. A proctoring method was developed with the aim to provide a solution that can be applied as widely as possible under the constraints imposed on the situation. The method is based on free software and services. It makes use of only hardware and devices universally available among the target students. A proctoring concept based on the use of E-Cam and S-Cam, a procedure, as well as a portable cross-platform proctor monitoring tool have been developed and described. Results from applying the proposed tool and method to an actual off-campus exam has been reported and discussed. Lessons learned and suggestions are provided.","PeriodicalId":374890,"journal":{"name":"Proceedings of the 21st Annual Conference on Information Technology Education","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123612669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Web development courses are core to Information Technology (IT) and Computer Science (CS) curriculums. As a result, hundreds of students each semester enroll in these courses to learn HTML, CSS, and JavaScript. This burdens faculty with the need to grade tens or hundreds of web assignments each semester. Few tools exist to automate the grading of such assignments. This research explores the use of XPath queries, which may be used to evaluate HTML documents due to their loose relationship to XML. A web application was constructed to graphically define XPath queries, then provided to web development faculty to regrade past assignments. Based on faculty feedback, it was determined that XPath queries are capable of limited grading of HTML document against past assignments. However, by designing new assignments tailored for automated grading and by enhancing the web application with additional features, it is clear a significant portion, if not all, of the HTML documents for a web development assignment may be automatically graded.
{"title":"Exploring the Use of XPath Queries for Automated Assessment of Student Web Development Projects","authors":"Russell Thackston","doi":"10.1145/3368308.3415389","DOIUrl":"https://doi.org/10.1145/3368308.3415389","url":null,"abstract":"Web development courses are core to Information Technology (IT) and Computer Science (CS) curriculums. As a result, hundreds of students each semester enroll in these courses to learn HTML, CSS, and JavaScript. This burdens faculty with the need to grade tens or hundreds of web assignments each semester. Few tools exist to automate the grading of such assignments. This research explores the use of XPath queries, which may be used to evaluate HTML documents due to their loose relationship to XML. A web application was constructed to graphically define XPath queries, then provided to web development faculty to regrade past assignments. Based on faculty feedback, it was determined that XPath queries are capable of limited grading of HTML document against past assignments. However, by designing new assignments tailored for automated grading and by enhancing the web application with additional features, it is clear a significant portion, if not all, of the HTML documents for a web development assignment may be automatically graded.","PeriodicalId":374890,"journal":{"name":"Proceedings of the 21st Annual Conference on Information Technology Education","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114213077","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In order to operate in a regulated world, researchers need to ensure compliance with ever-evolving landscape of information security regulations and best practices. This work explains the challenges of Controlled Unclassified Information (CUI) and introduces a managed research ecosystem, REED+. The workflow of this cost effective framework is presented to demonstrate how controlled research data are processed to be compliant with one of the highest level of cybersecurity in a campus environment. The framework serves as a reference model for other institutions to support CUI research. The awareness and training program developed from this work will be shared with other institutions to build a bigger CUI ecosystem.
{"title":"Managing Controlled Unclassified Information (CUI) in Research Institutions","authors":"B. Yang, C. Ellis, Preston Smith","doi":"10.1145/3368308.3415432","DOIUrl":"https://doi.org/10.1145/3368308.3415432","url":null,"abstract":"In order to operate in a regulated world, researchers need to ensure compliance with ever-evolving landscape of information security regulations and best practices. This work explains the challenges of Controlled Unclassified Information (CUI) and introduces a managed research ecosystem, REED+. The workflow of this cost effective framework is presented to demonstrate how controlled research data are processed to be compliant with one of the highest level of cybersecurity in a campus environment. The framework serves as a reference model for other institutions to support CUI research. The awareness and training program developed from this work will be shared with other institutions to build a bigger CUI ecosystem.","PeriodicalId":374890,"journal":{"name":"Proceedings of the 21st Annual Conference on Information Technology Education","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121517828","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Special Interest Group in IT Education (SIGITE) was formed in 2003 and includes an annual conference, paper proceedings and poster presentations. Many authors and presenters from the first conference have continued to regularly publish in SIGITE and the community has continued to grow since this time. In this paper we performed an updated study[1] of SIGITE authors and their institutions. We have identified the number of publications by year and venue, and identified top contributing authors and institutions. In addition to presenting and discussing our findings, we are making a spreadsheet of raw data available for further analysis and research.
{"title":"A Profile of SIGITE/RIIT Authors, 2nd Ed.","authors":"B. Lunt, D. Bogaard","doi":"10.1145/3368308.3415365","DOIUrl":"https://doi.org/10.1145/3368308.3415365","url":null,"abstract":"The Special Interest Group in IT Education (SIGITE) was formed in 2003 and includes an annual conference, paper proceedings and poster presentations. Many authors and presenters from the first conference have continued to regularly publish in SIGITE and the community has continued to grow since this time. In this paper we performed an updated study[1] of SIGITE authors and their institutions. We have identified the number of publications by year and venue, and identified top contributing authors and institutions. In addition to presenting and discussing our findings, we are making a spreadsheet of raw data available for further analysis and research.","PeriodicalId":374890,"journal":{"name":"Proceedings of the 21st Annual Conference on Information Technology Education","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122724264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The ACM/IEEE Information Technology Curricula 2017 report has clearly stated that knowledge of the IT subject matter is not the only important aspect of a technical education. Teaching the 'soft' skills to technical people is just as important as learning the 'hard' skills. However, it is oftentimes left to the hiring company to fill in this void as most STEM related curricula are focused on the necessary science, math, and technical aspect of the related discipline. Creative problem-solving methodologies, design thinking, lateral thinking all tie into the use of improvisation. Companies are using the improvisation methods as a way of creating better collaborative teams and creating a work environment that says 'Yes' before 'No'. Improvisation training can help the rest of us to become better listeners, communicators, collaborators, innovators, and those who can focus on the organization or team story and not their own story.
{"title":"Using Creative Problem Solving and Applied Improvisation Techniques to Improve Soft Skills","authors":"Russell E. McMahon","doi":"10.1145/3368308.3415452","DOIUrl":"https://doi.org/10.1145/3368308.3415452","url":null,"abstract":"The ACM/IEEE Information Technology Curricula 2017 report has clearly stated that knowledge of the IT subject matter is not the only important aspect of a technical education. Teaching the 'soft' skills to technical people is just as important as learning the 'hard' skills. However, it is oftentimes left to the hiring company to fill in this void as most STEM related curricula are focused on the necessary science, math, and technical aspect of the related discipline. Creative problem-solving methodologies, design thinking, lateral thinking all tie into the use of improvisation. Companies are using the improvisation methods as a way of creating better collaborative teams and creating a work environment that says 'Yes' before 'No'. Improvisation training can help the rest of us to become better listeners, communicators, collaborators, innovators, and those who can focus on the organization or team story and not their own story.","PeriodicalId":374890,"journal":{"name":"Proceedings of the 21st Annual Conference on Information Technology Education","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116036701","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: