Abstract
In an age where speed and efficiency have been the primary measures for progress, there has been a mass migration of information and processes to online platforms, specifically the cloud. As such, there are those who seek to exploit this shift in medium, attacking cyber structures and frameworks within the cloud, for their own private gain. With each iteration of vulnerabilities and patches, attacks are only becoming more ingenious and harder to detect. Thus, it is no secret that traditional cybersecurity practices have not been able to keep up with the pace of growth in the cloud. While schools have attempted to teach students these traditional practices as foundational in their own local projects, little effort has been made to apply them to the cloud computing environment. Introductory cybersecurity courses tend to focus more on understanding the basics of advanced topics in cybersecurity including encryption, digital forensics, binary exploits, and networks. These naturally tend to be more focused on programming against certain attacks. While that is appropriate in its own regard, with cloud environments, many of the security components are based on configuration. A user does not need to code the solution but use the available tools and resources to best secure the system in its particular use case. This is crucial as oftentimes, entire processes run on the cloud so there is a lot at stake when working on cloud platforms. In order to bridge this gap, we propose a class that incorporates aspects from two different computer science courses at the University of Virginia -- CS 3710: Introduction to Cybersecurity and CS 4740: Cloud Computing. To develop this new class, we examined the documentation for these courses and expanded on their overlap. As former students of these courses, we reflected on their strengths and weaknesses in order to improve the structure of the new class and provide an experience that is tailored to cloud computing. As a result, students will better understand threats to the cloud structure and learn the safe practices that will help mitigate the associated risks. They will also be better equipped to handle cybersecurity issues when working in the cloud for their future careers, creating a safer and more secure environment for their clients and stakeholders. While the class will have a focus on cybersecurity in the cloud environment, it will also aim to highlight some of the growing topics within cloud computing. Two growing fields that have had much controversy around them are Artificial Intelligence and the Internet of Things. While these two technologies have a tremendous amount of potential, they also pose some security concerns for users that have held them back. This course would allow students to explore some applications of these technologies while also educating students on how to develop solutions in an ethical and secure manner. Both the Internet of Things and Artificial Intelligence are data-driven and many people do not have confidence that the data they are using is secure and collected ethically. So this course will aim to highlight practices that can keep the data in the hands of those that are meant to see it and how to gather data in ways that gain trust of the users. A student who has finished this course should be able to understand the concerns of users while developing solutions in the cloud environment. The generalized overview that CS 3710 and 4740 both bring is valuable so this course is not designed to replace them. Instead, this course is designed to be taken after completing CS 4740 because it will be more specialized. During the first two weeks there will be a big review period of basic cloud terminology and essentials that were taught in 4740 and also a review on the class 3710. This will also go over new topics such as user and group permissions, authentication issues, and also cloud security basics. Then the next few weeks will be about network security revolving around the cloud including network addressing, network protocol layers, and network devices. This will give the student a better understanding of how different hosts interact within a network. Then the next several weeks will focus on Public-Key Crypto, Hashing for Authentication, Network Authentication, Authenticating Network Servers, Digital Signatures. Then the course will end on introducing more miscellaneous topics including how artificial intelligence and the internet of things are kept secure and good practices when it comes to security when dealing with those spectrums.
