Development of a Master of Software Assurance Reference Curriculum
The federal government is facing a shortage of cybersecurity professionals that puts our national security at risk, according to recent research. "As cyber attacks have increased and there is increased awareness of vulnerabilities, there is more demand for the professionals who can stop such attacks. But educating, recruiting, training and hiring these cybersecurity professionals takes time," the research states. Recognizing these realities, the U. S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD) enlisted the resources of the Software Engineering Institute (SEI) to develop a curriculum for a Master of Software Assurance degree program and define transition strategies for implementing it. This blog post presents an overview of the Master of Software Assurance curriculum project, including its history, student prerequisites and outcomes, a core body of knowledge, and a curriculum architecture from which to create such a degree program.
The Focus on Assurance
Modern society is deeply and irreversibly dependent on software systems of remarkable scope and complexity in areas that are essential for preserving our way of life. The complexity of software and software-intensive systems, however, can mask potentially harmful uses and introduce problems in operation and maintenance. This complexity, combined with the interdependence of critical systems, also creates a weakest-link syndrome: attackers need only take down the most vulnerable component to have far-reaching and damaging effects on the larger system. What's more, anywhere-to-anywhere interconnectivity makes the proliferation of malware easy and the identification of its source hard.
Much of our research and transition work focuses on methods for developing software that is more secure from the outset, rather than only focusing on patching systems after they become operational. After we had completed a significant body of research work and developed a website describing good software assurance practices, the Department of Homeland Security supported our interest in developing software assurance curricula, so that students could learn about software assurance in university programs. We decided to focus our efforts initially on a Master of Software Assurance Reference Curriculum.
In addition to myself, the MSwA curriculum team included Julia H. Allen, Mark Ardis of Stevens Institute of Technology, Thomas B. Hilburn and Andrew J. Kornecki of Embry Riddle Aeronautical University, and James McDonald at Monmouth University. Later when we addressed undergraduate and community college offerings, the team changed slightly to include Glenn Johnson of (ISC)2 and Elizabeth Hawthorne from Union County College.
While a broader definition of software assurance would include issues such as performance and other requirements, our software assurance curriculum focused on preventing vulnerabilities, attacks, and ensuring correct functionality. We define software assurance as
the application of technologies and processes to achieve a required level of confidence that software systems and services function in the intended manner, are free from accidental or intentional vulnerabilities, provide security capabilities appropriate to the threat environment, and recover from intrusions and failures.
Our curriculum work emphasized technologies and processes in software assurance, observing that computing capabilities may be acquired through services, as well as new development and evolution. Our team also took into account the notion that security capabilities must be appropriate to the expected threat environment and that recovery from intrusions and failures is critical for organizational continuity and survival.
Master's Level Software Assurance: Seven Core Competencies
Our work on the master of software assurance curriculum was aimed at faculty who are responsible for designing, developing, and maintaining graduate software engineering programs that have a focus on software assurance knowledge and practices. We developed a series of curriculum documents starting at the master's level. We also developed a complete graduate-level syllabus, as well as some of the standard courses we would like to see in the curriculum. The Master of Software Engineering Reference Curriculum document, which is the flagship document resulting from our work in this field, was recognized by IEEE and the Association of Computing Machinery (ACM).
The architecture for the graduate-level curriculum is included in the figure below, including course listings that would make up the curriculum, preparatory material (content that students should master this before entering a program), core materials, elective materials, and a capstone experience.
We also identified seven core competencies that should be included in all software assurance education programs:
- assurance across lifecycles - the ability to incorporate assurance technologies and methods into life-cycle processes and development models for new or evolutionary system development, and for system or service acquisition
- risk management - the ability to perform risk analysis, tradeoff assessment, and prioritization of security measures
- assurance assessment - the ability to analyze and validate the effectiveness of assurance operations and create auditable evidence of security measures
- assurance management - the ability to make a business case for software assurance, lead assurance efforts, understand standards, comply with regulations, plan for business continuity, and keep current in security technologies
- system security assurance - the ability to incorporate effective security technologies and methods into new and existing systems
- system functionality assurance - the ability to verify new and existing software system functionality for conformance to requirements and absence of malicious content
- system operational assurance - the ability to monitor and assess system operational security and respond to new threats
These competencies later informed the basis for a Software Assurance Competency Model.
In addition to the core competencies, electives accommodate individual student interests and may cover unique requirements of a program or institution. Students may take electives to gain more depth in a core area (for example, assurance assessment) or to extend and broaden their knowledge in a particular application domain (for example, application to a particular market sector). Software assurance is a relatively new academic field, so we anticipate that special topics courses and seminars will be included among the electives.
We also recommended that students demonstrate their accumulated skills and knowledge in a capstone experience of between three and six semester credit hours that incorporates a realistic team project emphasizing software assurance concepts and practices. Students must be able to understand and appreciate the skills needed to produce assured software.
Our team also developed sample course descriptions, which are included in our reference document. What follows is an example of a course description on assured software development, focused on the early part of the software development lifecycle:
Course: Assured Software Development 1
Description: This course covers the fundamentals of incorporating assurance practices, methods, and technologies into software development and acquisition lifecycle processes and models. With this foundation, the course provides students with rigorous methods for eliciting software and system assurance requirements based on threat identification, characterization, and modeling; assurance risk management; and misuse/abuse cases. Students will also learn how to evaluate methods and environments for creating software and systems that meet their functionality and security requirements.
Expected Outcomes: After completing this course, students will be able to
1. understand lifecycle models and processes for newly developed software systems
2. understand lifecycle models and processes for the acquisition, supply, and service of a software system
3. use methods, techniques, and tools to assess the applicability of assurance processes and practices for typical lifecycle phases, such as requirements engineering, architecture and design, coding, testing, evolution, acquisition, and retirement
4. elicit and analyze requirements for assured software based on prior threat modeling, identification of attack patterns, and misuse/abuse cases
5. apply security requirements engineering methods in developing assurance requirements
Next, we developed a separate set of recommendations, one each for undergraduate and community colleges, detailing how software assurance fits into a computer science or software engineering degree for undergraduates.
We also developed an executive course that is available on our STEPfwd facility and materials for the Assurance Management course and Assured Software Development 1, which focuses primarily on requirements and architectures. This course is also available to government employees on FedVTE, where more than 450 students have completed all of the course or are in progress towards completion. With this delivery system, we introduce students to the concepts important to the early stages of the software development lifecycle before they have started coding and before they have introduced vulnerabilities.
The curriculum materials are available below:
- Master of Software Engineering Reference Curriculum is the first curriculum ever developed that focuses on assuring the functionality, dependability, and security of software and systems. This curriculum provides guidelines for a well-rounded education on key security and assurance topics. Course syllabi support the development of a set of courses to be used in a Master of Software Assurance curriculum program. These syllabi may also be useful for educators developing courses for industry practitioners.
- Undergraduate Software Assurance Course Outlines are a faculty resource for teaching fundamental skills to students either entering the field directly or continuing with graduate-level education.
- Community College Software Assurance Course Outlines focus on community college courses for software assurance. The courses are intended to provide students with fundamental skills for continuing with undergraduate education or to provide supplementary education for students with prior undergraduate technical degrees who wish to become more specialized in software assurance.
New Software Assurance Academic Programs
As of the date of this posting, 10 universities have incorporated our recommendations to offer courses, tracks, and even degree programs in software assurance. In addition to Carnegie Mellon University, these universities include Stevens Institute of Technology, the U.S. Air Force Academy, University of Detroit-Mercy, University of Houston, Illinois Central College, and also (ISC)2, a training and certification organization. (ISC)2 mapped the curriculum to its course offerings, thus illustrating how the curriculum supports certifications as well.
Most recently, in the fall of 2015, Illinois Central College launched a two-year program, as well as an option for students to do an industry apprenticeship (to assist with employment and tuition payments). After students complete this program, they have the option to continue on to a four-year degree.
Illinois Central College started offering the program this fall. It has 20 students enrolled in the program, 13 of whom were accepted into the apprenticeship program. It is really exciting and it's a unique program. We see this as an important development because, prior to this program, the focus of community college instruction was on securing systems after they were in the field.
To read the SEI technical report Software Assurance Curriculum Project Volume 1 Master of Software Assurance Reference Curriculum, please click here.
To access a repository of software assurance course materials and lecture materials available for download from the CERT website, please click here.