skip to main content
10.1145/1734263.1734303acmconferencesArticle/Chapter ViewAbstractPublication PagessigcseConference Proceedingsconference-collections
research-article

Teaching the principles of the hacker curriculum to undergraduates

Published: 10 March 2010 Publication History

Abstract

The "Hacker Curriculum" exists as a mostly undocumented set of principles and methods for learning about information security. Hacking, in our view, is defined by the ability to question the trust assumptions in the design and implementation of computer systems rather than any negative use of such skills.
Chief among these principles and methods are two useful pedagogical techniques: (1) developing a cross-layer view of systems (one unconstrained by API definitions or traditional subject matter boundaries) and (2) understanding systems by analyzing their failure modes (this approach works well with learning networking concepts and assessing software vulnerabilities). Both techniques provide a rich contrast to traditional teaching approaches, particularly for information security topics.
We relate our experience applying Hacker Curriculum principles to education and training programs for undergraduates, including the Secure Information Systems Mentoring and Training (SISMAT) program and the Cyber Security Initiative at Dartmouth College, which allows undergraduates to perform supervised red team activities on Dartmouth's production systems.

References

[1]
S. Bratus. Hacker Curriculum: How Hackers Learn Networking. IEEE Distributed Systems Online, 8(10), 2007.
[2]
S. Bratus. What Hackers Learn That the Rest of Us Don't: Notes on Hacker Curriculum. IEEE Security and Privacy, 5(4):72--75, 2007.
[3]
M. Handley, V. Paxson, and C. Kreibich. Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. In Proceedings of the USENIX Security Conference, 2001.
[4]
M. E. Kabay. Hiring hackers (part 1): British Government Puts a Foot In It. http://www.networkworld.com/newsletters/sec/2009/081009sec2.html, August 2009.
[5]
D. L. Knox, P. J. DePasquale, and S. M. Pulimood. A Model for Summer Undergraduate Research Experiences in Emerging Technologies. SIGCSE Bull., 38(1):214--218, 2006.
[6]
M. E. Locasto and S. Sinclair. An Experience Report on Cyber-Security Education and Outreach. In Proceedings of the Annual Conference on Education in Information Security, 2009.
[7]
P. Y. Logan and A. Clarkson. Teaching Students to Hack: Curriculum Issues in Information Security. In SIGCSE '05: Proceedings of the 36th SIGCSE Technical Symposium on Computer Science Education, pages 157--161, New York, NY, USA, 2005. ACM.
[8]
J. Markoff. Do We Need a New Internet? http://www.nytimes.com/2009/02/15/weekinreview/15markoff.html, February 2009.
[9]
P. Mateti. A Laboratory-based Course on Internet Security. In SIGCSE '03: Proceedings of the 34th SIGCSE Technical Symposium on Computer Science Education, pages 252--256, New York, NY, USA, 2003. ACM.
[10]
B. A. Pashel. Teaching Students to Hack: Ethical Implications in Teaching Students to Hack at the University Level. In InfoSecCD '06: Proceedings of the 3rd annual conference on Information security curriculum development, pages 197--200, New York, NY, USA, 2006. ACM.
[11]
T. H. Ptacek and T. N. Newsham. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. In Snort.org, January 1998.
[12]
R. Speers and E. Tice. Cyber Attacks on the Dartmouth College Network. Dartmouth Undergraduate Journal of Science (DUJS Online), Fall 2009. http://dujs.dartmouth.edu/fall-2009/cyber-attacks-on-the-dartmouth-college-\network/.
[13]
G. White and G. Nordstrom. Security Across the Curriculum: Using Computer Security to Teach Computer Science Principles. In Proceedings of the 19th National Information Systems Security Conference, pages 483--488, October 1996.

Cited By

View all
  • (2025)SENSAI: Large Language Models as Applied Cybersecurity TutorsProceedings of the 56th ACM Technical Symposium on Computer Science Education V. 110.1145/3641554.3701801(833-839)Online publication date: 12-Feb-2025
  • (2024)Embedding Technical, Personal and Professional Competencies in Computing Degree ProgrammesProceedings of the 2024 on Innovation and Technology in Computer Science Education V. 110.1145/3649217.3653578(346-352)Online publication date: 3-Jul-2024
  • (2024)PWN The Learning Curve: Education-First CTF ChallengesProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 110.1145/3626252.3630912(937-943)Online publication date: 7-Mar-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SIGCSE '10: Proceedings of the 41st ACM technical symposium on Computer science education
March 2010
618 pages
ISBN:9781450300063
DOI:10.1145/1734263
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 March 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. hacker curriculum
  2. information assurance
  3. networking
  4. security
  5. sismat
  6. teaching failure modes

Qualifiers

  • Research-article

Conference

SIGCSE10
Sponsor:

Acceptance Rates

Overall Acceptance Rate 1,787 of 5,146 submissions, 35%

Upcoming Conference

SIGCSE TS 2025
The 56th ACM Technical Symposium on Computer Science Education
February 26 - March 1, 2025
Pittsburgh , PA , USA

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)25
  • Downloads (Last 6 weeks)1
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)SENSAI: Large Language Models as Applied Cybersecurity TutorsProceedings of the 56th ACM Technical Symposium on Computer Science Education V. 110.1145/3641554.3701801(833-839)Online publication date: 12-Feb-2025
  • (2024)Embedding Technical, Personal and Professional Competencies in Computing Degree ProgrammesProceedings of the 2024 on Innovation and Technology in Computer Science Education V. 110.1145/3649217.3653578(346-352)Online publication date: 3-Jul-2024
  • (2024)PWN The Learning Curve: Education-First CTF ChallengesProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 110.1145/3626252.3630912(937-943)Online publication date: 7-Mar-2024
  • (2023)The Person-Computer Interface in Delinquency Research: Proactive Criminal Thinking as a Moderator of the Hacking with Peers–Juvenile Offending RelationshipJournal of Police and Criminal Psychology10.1007/s11896-023-09581-738:3(584-592)Online publication date: 6-Mar-2023
  • (2022)Teaching Offensive Lab SkillsResearch Anthology on Advancements in Cybersecurity Education10.4018/978-1-6684-3554-0.ch012(273-287)Online publication date: 2022
  • (2022)Collaborative Paradigm of Teaching Penetration Testing using Real-World University ApplicationsProceedings of the 24th Australasian Computing Education Conference10.1145/3511861.3511874(114-122)Online publication date: 14-Feb-2022
  • (2021)Enhance Student Learning Experience in Cybersecurity Education by Designing Hands-on Labs on Stepping-stone Intrusion DetectionAdvances in Science, Technology and Engineering Systems Journal10.25046/aj0604406:4(355-367)Online publication date: Aug-2021
  • (2021)Promoting Security Mindset through Hands-on Exercises for Computer Science Undergraduate Students2021 2nd Information Communication Technologies Conference (ICTC)10.1109/ICTC51749.2021.9441588(343-347)Online publication date: 7-May-2021
  • (2020)Teaching Offensive Lab SkillsHandbook of Research on Diverse Teaching Strategies for the Technology-Rich Classroom10.4018/978-1-7998-0238-9.ch011(138-152)Online publication date: 2020
  • (2020)Overcoming the Challenges of Teaching Cybersecurity in UK Computer Science Degree Programmes2020 IEEE Frontiers in Education Conference (FIE)10.1109/FIE44824.2020.9274033(1-9)Online publication date: 21-Oct-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media