Some University of Maryland professors are trying to change how software designers approach their work.
Three cybersecurity professors — Michelle Mazurek, Andrew Ruef and Dave Levin — and computer science professor Michael Hicks were among those to host the Build It, Break It, Fix it security contest, which aims to teach students how to construct more secure programs, according to the contest website. This is the fifth contest the group has held in the past two and a half years, Hicks said.
“We want to make software security better [and] help developers who aren’t security experts do a better job of writing secure software,” said Mazurek, who is also a member of the Maryland Cybersecurity Center. “There’s a gap between what seems like it should work and what actually should work in the real world.”
During the past few projects, there have been a variety of problems that the participants were instructed to solve. This year, the challenge was to design a secure data management platform, Hicks said. This platform needs to store information, and permit certain people to have different levels of access.
The contest, presented by management consulting firm Booz Allen Hamilton and the Maryland Cybersecurity Center, began Sept. 22 and spanned three rounds that lasted between 10 and 12 days each. In the first round, build-it teams constructed software, and in the second round, break-it teams looked for faults in the submissions. The final round, which began Oct. 20 and ended Oct. 31, fixed any problems in their software, according to the website.
The winners were announced on Saturday, after a technical delay pushed the competition back by one day.
In the Builders section of the competition, the first place winner was a team called fl00d. The second and third place groups were fivedollarwrench and ProvablyWrong, respectively. The winners each received a portion of the $13,500 prize money, which was funded by corporate donations.
The contest is open to students around the world, including students in the Coursera program, Hicks said. Coursera is an organization that allows students worldwide to take online courses from many universities around the world, including the University of Maryland.
Ujjwal Sinha, a chemical engineering student in Coursera’s University of Maryland cybersecurity program who lives in India, competed in the contest for the second time. During last semester’s competition, he worked with a group, but this time around, he’s working alone.
“[This contest] has given me good insight into how the software system is built and how it is important to not just trust what you built,” Sinha said. “I had a lot of mistake[s] where I trusted my inputs.”
Hicks studies how to better design software, and he applies this research to cybersecurity issues, he said.
“It bothered me how in the public eye, no one thinks about [improving software design],” Hicks said. “We just have this big internet outage over a week ago; why aren’t we building these systems better?”
The competition is also a project to determine scientifically which programs work best for producing the best software, such as C/C++, a computer programming language.
“[By] just focusing on one piece and not working on the whole picture, you lose important context and important information,” Mazurek said.