Conferences and Workshops

• LASER 2013 (papers due June 27)

---

My Links

• My Home Page
• Books
• Classes
• Papers
• Reports and Notes
• Research
• Security in Programming
• Service
• Students
• Talks
• Miscellaneous
• My Family
• About Me (CV and such)

---

Other Links

• Computer Security Lab
• Dept. of Computer Science
• College of Engineering
• University of California, Davis
• City of Davis
• County of Yolo
• State of California
• United States of America

---

This Quarter’s Classes

---

Office Hours for This Quarter

---

Contacting Me

---

My Personal Blog
(Last Entry May 10, 2013)

---

Current Time in Davis, CA, USA

Some ‘Secure Programming’ Exercises for an Introductory Programming Class

Citation

• M. Bishop, “Some ‘Secure Programming’ Exercises for an Introductory Programming Class,” Proceedings of the Sixth World Conference on Information Security Education (July 2009).

Paper

• PDF
• PS

Abstract

Ideally, computer security should be an integral part of all programming courses. Beginning programming classes pose a particular challenge, because the students are learning basic concepts of programming. Thus, teaching them about buffer overflows as security problems, requiring an explanation of concepts such as “smashing the stack,” will confuse students more than motivate them to check array bounds. Advanced concepts such as race conditions require more background than the students have, or will have, when taking introductory programming classes. An alternate approach is to teach the underlying concepts of robust programming; preventing crashes or errors is central to such a course. This paper presents some exercises that illustrate this approach, and some thoughts on what constitutes “secure programming”.

Copyright Notice

The definitive version was published in the Proceedings of the Sixth World Conference on Information Security Education, July 2009.

---

Last updated on Friday, May 10, 2013 at 11:21:45AM PDT