Textbook Underflow: Insufficient Security Discussions in Textbooks Used for Computer Systems Courses
Majed Almansoori, Jessica Lam, Elias Fang, Adalbert Gerald Soosai Raj, Rahul Chatterjee.
SIGCSE 2021 (Accepted)
Minor in Mathematics.
Computer Engineering; Machine Organization & Programming; Data Structures; Algorithms; Artificial Intelligence; Cryptography; Combinatorics; Operating Systems; Information Security; Software Engineering; Theory and Design of Programming Languages; Topics in Security and Privacy.
There are abundant technologies that help abusers engage in domestic violence. Research should evaluate these technologies and understand how helpful the web is for victims.
Project 1: We investigate the spyware applications available in Google's Play Store and Apple's App Store. Our work focuses on understanding the distribution of these applications across different countries and languages.
Project 2: Previous studies show that there are thousands of applications and resources that can help abusers engage in IPV (intimate partner violence). However, we do not know whether the web is helpful for victims as it is for abusers. We look at the resources available for victims and assess the complexity of search queries needed to retrieve these resources.
I am interested in exploring more security research such as systems security, web security, authentication and verification systems, etc.
Many students can graduate without taking any security courses. Therefore, there is a need to evaluate how to secure our current computer science courses and integrate security topics into the required courses.
We evaluated the Computer Systems course offered by 16 of the top CS programs in the US by analyzing the types of vulnerable functions students and instructors use in the course. We further assessed the lecture notes and the textbooks used by these universities. In the 760 thousand lines of C/C++ code we collected, we found thousands of extremely dangerous functions that can lead to serious security issues. We also found that most universities and textbooks do not warn students of these vulnerable functions.; even worse, some keep using them even after warning about them. We are evaluating existing tools to integrate security into the grading system to ensure that students will learn about vulnerable functions.