TY - GEN
T1 - A Feasibility Study of Using Code Clone Detection for Secure Programming Education
AU - Menard, Michael
AU - Nelson, Tommy
AU - Shahi, Milan
AU - Morton, Hugh
AU - Detavernier, Adam
AU - Siy, Harvey
AU - Zhao, Rui
AU - Song, Myoungkyu
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Secure library reuse is critical for modern ap-plications to protect private information in software security engineering. Teaching secure programming is also more critical to tackle the challenges of new and evolving threats. However, novice students often make mistakes by API misuses due to a lack of understanding of secure libraries or a false sense of security. In this paper, we study the feasibility of applying code clone detection (CCD) for finding relevant examples to effectively teach secure programming to computer science students. CCD is an emerging new technology that extracts syntactically or semantically similar code fragments to support many software engineering tasks, such as program understanding, code quality analysis, software evolution analysis, and bug detection. We have developed a prototype implementation ExTUTOR that allows students to search for relevant examples as feedback when they want to fix their programming issues or vulnerabilities. In our evaluation, we applied ExTUTOR to open source subject applications in the security domain. Our approach should help novice students gain benefits from feedback and identify how to effectively make use of APIs, encouraging students to fix their own security violations in their own applications.
AB - Secure library reuse is critical for modern ap-plications to protect private information in software security engineering. Teaching secure programming is also more critical to tackle the challenges of new and evolving threats. However, novice students often make mistakes by API misuses due to a lack of understanding of secure libraries or a false sense of security. In this paper, we study the feasibility of applying code clone detection (CCD) for finding relevant examples to effectively teach secure programming to computer science students. CCD is an emerging new technology that extracts syntactically or semantically similar code fragments to support many software engineering tasks, such as program understanding, code quality analysis, software evolution analysis, and bug detection. We have developed a prototype implementation ExTUTOR that allows students to search for relevant examples as feedback when they want to fix their programming issues or vulnerabilities. In our evaluation, we applied ExTUTOR to open source subject applications in the security domain. Our approach should help novice students gain benefits from feedback and identify how to effectively make use of APIs, encouraging students to fix their own security violations in their own applications.
KW - Code Clone Detection
KW - Computer Science Education
KW - Secure Programming
UR - http://www.scopus.com/inward/record.url?scp=85136941366&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85136941366&partnerID=8YFLogxK
U2 - 10.1109/COMPSAC54236.2022.00238
DO - 10.1109/COMPSAC54236.2022.00238
M3 - Conference contribution
AN - SCOPUS:85136941366
T3 - Proceedings - 2022 IEEE 46th Annual Computers, Software, and Applications Conference, COMPSAC 2022
SP - 1502
EP - 1507
BT - Proceedings - 2022 IEEE 46th Annual Computers, Software, and Applications Conference, COMPSAC 2022
A2 - Va Leong, Hong
A2 - Sarvestani, Sahra Sedigh
A2 - Teranishi, Yuuichi
A2 - Cuzzocrea, Alfredo
A2 - Kashiwazaki, Hiroki
A2 - Towey, Dave
A2 - Yang, Ji-Jiang
A2 - Shahriar, Hossain
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 46th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2022
Y2 - 27 June 2022 through 1 July 2022
ER -