Teaching Undergraduates Certified Security by Design

Abstract

Design for assurance of security, from the hardware level on up, is essential for securing the integrity of the smart cyber-physical infrastructure that is the Internet of Things. If the smart cyber-physical infrastructure fails to do the right things—that is, if it loses integrity because it is insecure and vulnerable—then untold social consequences will occur. For the security and integrity of cyber-physical systems to improve, not only must engineers and computer scientists possess the capability to design-in security from the very beginning, but they must do so in ways that enable people other than the designers to reproduce and check verification results easily and quickly. Designers and certifiers must formally describe and verify operations at high levels, such as the command-and-control (C2) protocols used by commanders and operators, down to the operations of applications and hardware. We call this design and verification capability for security and integrity certified security by design (CSBD). Our experience leads us to conclude that CSBD is feasible and practical for undergraduates. What makes CSBD feasible at the undergraduate level is similar to what made very large scale integrated (VLSI) circuit design feasible in the 1980s: (1) rigorous, simplified, and parameterized design and analytical methods spanning multiple levels of abstraction, and (2) computer-aided design and verification tools to mitigate complexity and problems of scale.