Security as a Foundation for CS Ed

BLG02x - image - EDRecently I had the opportunity to go to a job interview session for a lecturing position in my university’s computer science department. Most of the other “talks” that I have attended were for faculty research positions so this was quite different. This talk focused on pedagogy (instruction) and included a mock-lecture. As the room listened to explanations of Python basics like pointers and shallow versus deep copies, the candidate found that we all (professors, lecturers, and grad students alike) answered the first question she posed incorrectly.

Computer science education is hard. Sometimes it can feel like you’re trying to learn a whole new language and esoteric concepts at the same time. I remember what it was like during early computer science classes, and it was hard – really hard. Over time, the learning curve (usually) gets more gradual. As the climb becomes less harsh, the hurdles are no less numerous. Computing innovation happens at lightening-speed pace. Most of the time it can seem impossible to catch up.

Publisher’s Note: This is a blog from the Assistant to the Publisher of Haleigh Wright is a Comp Sci PhD student in California and a frequent contributor to these pages.

Right now, everyone is playing catch-up when it comes to security and privacy. Even the most robust systems fall prey to issues regarding security and privacy. Why are we so behind? And will it ever stop getting worse? I hope so – and some of these questions I have taken up in previous posts (“You Can Run, but You Can’t Hide” and “Today’s Crypto-Frankenstein“) on Often the security and privacy of a system or product are afterthoughts. Make it usable, make it efficient, make it fast, make it attractive – and oh, yeah, make it secure, and make sure necessary data is kept private. Achieving this goal when it is as an afterthought is extremely difficult.

As we enter the world of the Internet of Things (IoT) and continue relying on technology more and more for important tasks, it begs the question – is it usable if it is not secure? If we continue down the current path we are on, the answer to this question will increasingly be a resounding “no” – from industry, consumers, and governing bodies alike.

Maybe the reason that security and privacy are so often left for last is because that’s the way we are taught these subjects in our Comp Sci departments. These courses were often electives; specialty classes; project choices, maybe. But what if this all changed?

Security as a Foundation for Computer Science Education

In our very first computer science class, after learning just enough of the basics to do anything moderately interesting, we are made to understand efficiency in the context of algorithms. We learn about the trade-offs between memory use and speed; we learn how to access variables, call methods, and other techniques, in order to achieve our goals while also achieving maximum efficiency.

Then, we learn more complicated algorithms. We learn about recursion and parallel processing. But rarely, if ever, do we get a chance to pause and consider the implications of what we’ve learned beyond various measures of efficiency. In practice, nothing is ever as simple as we’ve learned in school, and a lot of security measures are seen as implementation details. Basic computer science education is hard enough, why throw complications of considering the security of our algorithms and systems on top of it all?

I’m not an instructional expert and I don’t know how to make learning computer science easier. I don’t know how to incorporate security and privacy considerations into basic computer science education. But I do know that we need to make an effort towards these goals if we wish to achieve a truly usable, reliable, and robust smart-city, self-driving car-filled world that we all know is looming. Until security and privacy become foundations for the way we learn about computing, I don’t see this as possible. Of course, not everybody needs to be a security expert. But to leave it only to the experts is what has got us where we are today.

Maybe, after we learn about binary search and why it’s more efficient than other algorithms, we learn about why doing a binary search in the wild would reveal a lot about the value you are searching for, and the structure of the data you are searching. Maybe it would have confused me at an earlier time in the pedagogical cycle, but I think that would have been cool knowing then what I do now. Personally, I like to consider security and privacy issues in all the research questions I come across or come up with now, if it’s not already the focus.

I wonder what a CS curriculum would look like with security and privacy as foundations. I welcome any thoughts or ideas on this, and if you know of any programs that attempt to achieve these kinds of goals, I’d be interested to hear about them in the comments!



submit to reddit

About Haleigh Wright

Haleigh Wright is the Assistant to the Publisher of The Data Administration Newsletter ( Haleigh graduated from The University of Pittsburgh with a degree in Scientific Computing in 2015, and she is now pursuing her PhD in Computer Science at the University of California, Santa Barbara where she is an National Science Foundation IGERT Network Science Trainee. Her research interests include computational sustainability, data analysis, data security and privacy, network science, and cryptography. After Haleigh concludes her studies, she plans to enter Industry, with particular interest in entrepreneurial ventures.