ESIDE: Educational Security in the IDE

Educational Security in the IDE (ESIDE) is an Eclipse plug-in that warns programmers of potential vulnerabilities in their code and assists them in addressing these vulnerabilities. Our research creates and evaluates ESIDE as a tool for teaching and providing continuous reinforcement of practices throughout programming tasks. Download the latest verrsion of ESIDE at http://eside.uncc.edu/download.

Detailed Description

Software flaws are a root cause of many of today's information security vulnerabilities. Current curriculum emphasis on traditional information security issues does not address this root cause. We believe that in order to effectively teach secure programming techniques, they need to be diffused across computing curricula. Our work explores the educational impact of tool support in the IDE, which serves to educate and reinforce secure programming practices while students write code. Our research creates and evaluates a new learning tool that complements other secure programming curriculum efforts by teaching and providing continuous reinforcement of practices throughout programming tasks. 

Our research thus far has demonstrated that ESIDE can raise the awareness of the security implications of the code a student is working on. Our results also reveal the importance of the timing and incentives for secure programming instruction that impact ESIDE usage. We are examining the factors that can lead to secure programming learning and skill attainment through the use of ESIDE.

People

Faculty

Dr. Bill Chu, Professor, UNC Charlotte

Dr. Heather Richter Lipford, Associate Professor, UNC Charlotte

Students

Michael Whitney, Ph.D., currently at Winthrop University

Jun Zhu, Ph.D., currently at Paypal

Mahmoud Mohammadi, Ph.D. student

Tyler Thomas, Ph.D. student

Madiha Tabbasum, Ph.D. student