When computer science Professor Wenliang “Kevin” Du discusses the importance of cybersecurity, he likens it to building a beautiful house and forgetting to put a lock on the door.
“The people who write codes and develop systems often don’t know the potential risks,” Du says.
“The developer is creating a system in a benign environment—and never thinks to put a lock on it, a filter that will block potential attacks. That’s a common problem. We want our students to learn about all these potential attacks, so they can identify existing attacks and also have the skills to see other security vulnerabilities.”
Since arriving at the College of Engineering and Computer Science in 2002, Du has been on a mission to teach others how to prevent cyberattacks. As a complement to the computer security and Internet security courses Du teaches to a mix of undergraduates and graduate students, he has developed a free series of 30 hands-on Security Education (SEED) labs designed to help students master the intricacies of cybersecurity and apply their skills to solve real-world problems.
With the support of National Science Foundation (NSF) awards in 2002 and 2014, Du has expanded his reach, sharing the open-source SEED labs with more than 250 educators in more than 26 countries. As part of his 2014 NSF award, Du, an expert on Android system security, is also developing SEED labs for mobile platforms and will host a workshop on campus this summer.
The instructional labs are done in a contained environment, using virtualization software that students download onto their personal computers, basically creating a computer within their computers that allows them to do such things as form networks, launch attacks on one another and learn how to defend against them. “We want to teach the students to be good defenders, but part of that is knowing how to attack,” Du says.
Computer science doctoral student Xiao Zhang, a teaching assistant for Du, says the labs’ practical training reinforces the classroom concepts. “In transferring the theory into practice, sometimes there are unexpected difficulties,” Zhang says. “You want to achieve one thing, but in that process you may make some mistakes, which lead to other security vulnerabilities.”
The labs present an array of different security situations that students would not encounter elsewhere, according to Carter Yagemann ’15, a computer science major who took Du’s Internet Security course and worked on his research team. “You learn about specific attacks and really build up practical skills,” Yagemann says. “If you’re not very systematic and don’t approach the scenario with the right mindset, you’ll leave holes, and then you have problems.”
Electrical and computer engineering doctoral candidate Paul Ratazzi credits the labs for expanding the depth of his knowledge and enhancing his interactions with colleagues when he learns about their projects at the Air Force Research Laboratory in Rome, N.Y., where he is a computer security expert. “I can keep up with the technical details,” Ratazzi says. “There’s no way to get through those courses and labs without really understanding every aspect of not only the labs, but also the actual details of the implementation.”
Whether hack attacks are known ones, such as Heartbleed or Shellshock (which was used against SONY Pictures), or new ones, Du is poised to ensure others are well versed in knowing how to counter them. “When you’re dealing with real hackers,” he says, “they don’t care about the difficulties, they will take it on.”
This story originally appeared in Syracuse University Magazine.