Visible to the public SaTC: EDU: RUI: Enabling a New Generation of Experts by Finding and Fixing Students' Persistent MisconceptionsConflict Detection Enabled

Project Details

Performance Period

Sep 01, 2018 - Aug 31, 2020

Institution(s)

University of Minnesota Duluth

Award Number


The stream of high-profile computer security breaches resulting from errors well-known to security experts provides an opportunity to improve cybersecurity education to effectively prepar the next generation of cybersecurity professionals. Students have deeply ingrained misconceptions about how computer security ought to work, and students rely on this false intuition when reasoning about security. The goal of this project is to develop a series of active learning exercises, that use videos, and hands-on exercises, to address these misconceptions. The learning modules will be validated in the classroom, and then published using an open source license.

This research will follow the iterative model created by Hestenes and Halloun, but it will be applied to common misconceptions in the computer security knowledge of computer science majors. Misconceptions will be identified through pre- and post-tests and used to create a reusable security concept inventory (SCI). A large pool of volunteer experts from industry and academia will be surveyed to determine their ideas about misconceptions that non-experts have about cybersecurity. This will result in a list of the most significant misconceptions in cybersecurity. Using volunteer instructors at multiple colleges and universities, students will be questioned about these topics resulting in a SCI that can be used to assess understanding of these issues. Data generated from administering the SCI will be used to create a set of open source active learning modules, where each module will target a specific misconception identified in the inventory.