Students try to hack ‘Bank of Vanderbilt’ in network security class
Yuan Xue is among the Vanderbilt engineering faculty training computer science leaders of the future to build and maintain more secure networks through innovative teaching methods.
For example, students in Xue’s recent network security class created a faux financial institution, called the Bank of Vanderbilt, which allowed them to set up a secure on-line banking system that other students could then attempt to hack. Such student-driven projects allow for hands-on training to gain experience to one day tackle real-world security problems, Xue said.
Recent headlines speak to the increasing urgency of network security issues. For example:
- Vulnerabilities that could threaten space missions were uncovered in an internal audit at NASA.
- A municipal water system in a California city was easily hacked in another internal review.
- Weaknesses recently were exposed in the popular iPhone technology, once seemingly hack-proof.
These vulnerabilities are not news to researchers and teachers such as Xue, assistant professor of computer science and computer engineering. “The problem is big and it’s real. The difference is now there is just more public awareness,” she said.
In a cyber-world version of “Where’s Waldo,” students in Xue’s classes have access to education portals that challenge them to find and fix weaknesses in a sample network system. A network security “testbed” provides
hands-on experience defending against cyber attacks without creating vulnerabilities on the Web. Vanderbilt is just one of a handful of institutions with access to these portals, known as Tao Trust and Deter Lab.
“They find out that some of the programming framework is more vulnerable,” said Xue, who also teaches classes in wireless networks, networking and distributed systems.
In one of her classes, open to undergraduate and graduate students, students engage in case studies and programming assignments that provide hands-on practice in using powerful security tools and implementing security solutions. Projects, such as the student-generated “Bank of Vanderbilt,” are customized according to a student’s interests.
Students learn how to defend against malicious attacks launched through common entry points such as a browser or photo sharing, instant messaging, or access points like credit card entry. Many of these security issues stem from initial coding problems, so it’s important that the students, in addition to grasping basic principles, understand potential “design pitfalls,” Xue said.
“These students are going to be the leaders in this IT domain. So it’s important to have this security mindset built in to their career. They need to gain a complete understanding of how to build and maintain secure systems,” she said.
Xue, who is also appointed as a research scientist with Vanderbilt’s Institute for Software Integrated Systems (ISIS), focuses her academic pursuits on web application security as well as constructing security protocols and systems with medical applications.