A systems approach to teaching trustworthy computing

In this paper we present our experience of teaching the "trustworthy computing" graduate/undergraduate level pilot course in Fall 2006 as part of the computer engineering curriculum. The main objectives of the course are: 1) To make students realize the practical risks and concerns in system security, 2) To introduce the tools and methodologies used to secure a system; 3) To enable students to design a secure application and test its security features, and 4) To expose students to research issues in trustworthy computing. To achieve these objectives, the course introduces a number of new approaches to teaching trustworthy computing: 1) The course provides the students with a synthesis opportunity through a final project. The students are tasked to design a secure application using a system level approach that incorporates the security concepts presented in class. Using the Threat Modeling tool developed by Microsoft the students can validate and optimize their design; 2) The course exposes the students to state-of-the-art research issues in trustworthy computing and practical tools for system security implemented in real organizations. We achieve this exposure by inviting guest speakers from academia and industry; 3) The course provides the students with the opportunity to pursue research in applications not covered in class but using the concepts introduced in the course. The students present their findings to the class.