SACS - Integrating Cyber Security Resources for Software Engineers

Page content

Introduction

Cybersecurity is crucial for organizations and individuals due to frequent and sophisticated cyberattacks. Software engineers are key players in this regard, responsible for creating and maintaining secure applications. They need a strong foundation in security related topics to conceptualize and develop secure software solutions while respected prevailing data and privacy regulation laws. This project aims to address this need by providing a unified, accessible, and searchable cybersecurity knowledge base for software engineers. More specifically, it should streamline information acquisition and enhance the accessibility and usability of existing online cybersecurity resources.

The project contains 3 work packages (WP):

  1. Resource Identification: Identify available online cybersecurity resources (e.g. knowledge databases, glossaries, wikis, etc.) that provide definitions, advises, and further topic-related references. This work package addresses the tasks of investigating what cybersecurity resources are available and what characterization scheme could help to categorize them.
  2. Resource Curation: Curate the identified resources in a collective index and, where appropriate, enrich them with metadata such as quality rating and information actuality. This work package addresses the question of how to consolidate different resources in a structural and extensible manner.
  3. Web Application: Implement a web application that allows to efficiently search, filter, and access these curated resources. Desired features include full-text search capability, advanced filtering options, and possibility to submit changes or extensions. This work package comprises the specification and implementation of a web application used to further increase the accessibility of gathered knowledge resources, e.g., to integrate the findings from WP1 & WP2.

Approach

The above description provides a high-level overview of the project. While the three aspects suggest a sequential approach, this is not mandatory, nor do all aspects need to be addressed equally. Students are encouraged to propose alternative, potentially more iterative, implementation strategies and focus areas (e.g., web application development). For example, one could start with thinking about a desire system design for such a resource consolidation web application and expand from here. Extensions could involve adding/linking content, invest into community attraction, bind various APIs, or develop a web scraper.

Students passionate about cybersecurity but less interested in programming may focus on investigating available resources and proposing a categorization/annotation framework. This could involve, for example, emphasizing differences between existing cybersecurity resources. Perhaps one could contribute to this domain by not only curating these resources but also provide a multidimensional categorization. Such categories might cover level of granularity (high-level system architectures vs. concrete / low-level advice), application fields (database, web API, iOS, etc.), affected assets (human identities, business data, bitcoin, etc.), and possibly many more.

Target Group

In this multi-package project, the required skill set varies per WP. To help students decide if this project aligns with their interests, we have outlined essential and desirable interests in the table. We emphasize interests because we believe that with genuine interest, the necessary skills can be easily learned resp. further advanced.

  Important  Nice to Have
WP1 cybersecurity in general, open knowledge platforms, open-source intelligence web technologies, experience in structured data collection
WP2 web technologies, metadata, data analysis in general, open knowledge platforms, web technologies cybersecurity in general, data cleaning pipelines, SQL
WP3 web technologies, web frameworks, docker, system design, programming in general, SQL cybersecurity in general, UI/UX design, SEO

Interested students are invited to work on this project in the context of their Practicum Software Engineering (PSE) and/or Seminars. Generally, it is also possible to contribute to this project in the context of a Bachelor or Master Thesis, though this requires further individual discussion.

Remarks

  • Roman Bögli is the contact person for this project and happy to answer questions or discuss contribution ideas.
  • This project is part of a larger multi-university initiative aimed at building a cross-cultural cybersecurity community between Swiss and African researchers, lecturers, and students. While not currently planned, there may be opportunities for students involved in this project to join future trips to our African partner institutions and present their work. This Swiss/African CyberSecurity endeavor also inspired this project’s acronym (SACS).

Further Reading