The proposed project will develop Visualization and Analysis of C Code Security (VACCS) tool to assist students with learning secure code programming. The proposal addresses the critical issue of learning secure coding through the development of a system for analyzing and visualizing C code and associated learning materials. VACCS will utilize static and dynamic program analysis to detect security vulnerabilities and warn programmers about the potential errors in their code. The research team has a significant experience in using visualization to teach computer science in such areas as parallel computing, geometric modeling and data encryption. The project will develop visualization and animation of common security vulnerabilities that can be customized for programmers with different level of programming experience. The project will evaluate the effectiveness of VACCS and instructional materials to improve students’ learning of secure coding.
The outcomes of this research will provide a better understanding of the visualization impact on secure programming instruction within a computing curriculum, as well as a deployable VACCS tool for faculty to adopt. This research will inform the broader community on the visualization potential for positive effects on the quality of code developed by future computer scientists. The VACCS tool and educational materials including tutorials, lectures, projects and extensive examples of teaching secure software development will be disseminated to academic computing community. In addition, this project will teach students how to perform software security audits using VACCS and will train graduate students in the art of teaching computer security.