Online course "Functional Security of Computer Systems"

A source

Your attention is invited to an article about how the online course on the topic "Functional Safety" was created . Online training services have studio equipment for recording high-quality audio and video. And if you suddenly imagine that you do not have access to such resources, and you need to prepare training material for use in the online mode? The author decided to share his own experience and reveal the following questions:

- motivation or why and who needs it;
- preparation and recording tools;
- content of the Massive Online Open Course (MOOC) on functional safety;
- further steps for product development.

Motivation: why was this done?

Being involved in the educational process, I had to solve the problem of distance learning for students of the “Cyber ​​Security” direction at the department of computer systems and networks of the National Aerospace University “Kharkiv Aviation Institute”. This distance was formed because of my geographical distance.
')
There were other motivators. I wanted to try my hand at a new teaching technology for me, and see how it works.

Another task was to prepare consulting materials for colleagues from the industry, with whom we have to discuss certification issues. The threshold of entry “from scratch” to this topic is sometimes quite high, and by viewing the materials, you can acquire a sufficient level of knowledge to start working in a certification project. Therefore, initially the goal was to make the course problem-oriented, that is, aimed at solving a practical task: preparing for certification for compliance with the requirements of IEC 61508 (or other similar standards for functional safety).

Thus, students of the course received the whole set of advantages of MOOC users: we listen in small information blocks, study at a convenient time, if we don’t understand or miss something, then “scroll” again, etc. It is very suitable for senior students who already want to solve the issue of employment, and this explains the omission of classes.

In the subject area, the reference was made primarily on the process control system, but other control system architectures were also affected: embedded systems, Internet of things and Industrial Internet of Things (Industrial IoT or Industrial Internet Control Systems).

A look at security was directed from the point of view of the functional component. However, where appropriate, the link between information security (IS) and functional security (FB) was demonstrated. For example, a single life cycle of IB and PB was considered. It was considered, what methods of providing FB at the same time increase the level of IB. In the feedback, students noted that just such a trick was useful for them.

Another feature of the video lectures was that the slides are in English, and the audio is recorded in Russian. I suppose that some of the audience may not like such a “push-pull”, but I will still try to explain that not everything is smooth with the translation of specific terminology into Russian. We look, for example, the terminology of IEC 61508, part 4 . Validation (3.8.2) translates as “conformity assessment,” and this is not the only example.

Course preparation and recording

During the preparatory events, an online course on the topic “MOOC about MOOC” was listened to, the good, such materials are now available in a variety. Much of what was heard was extremely useful and confirmed the thesis of the effectiveness of online learning.

Then a review was made of available (at the beginning of 2017) resources on the network that would be partially or completely in line with what was planned to be done. It turned out that there are no courses in the MOOC format dedicated to the FB, although there are many in information security, for example. However, students read similar disciplines. The most similar was the course MIT System Safety (taught by Professor Nancy Leveson). However, only educational materials are available on the MIT website, so this course is not a MOOC in the full sense of the word. Another ideologically close course, Software Security Engineering , was discovered in the Software Engineering Institute (SEI) program, taught by Nancy Mead. Thus, the hypothesis about the uniqueness of the recorded material was confirmed, that is, the niche for MOOC on functional safety was free.

And finally, the MOOC description template, which is close to the usual curriculum, was completed. One of the differences that makes MOOC extremely costly is the need to pre-write the full text of the lecture accompanying the video slide. It seems that possession of the material and colloquial speech is not very helpful. Improvisations and pauses, which are quite appropriate when speaking to an audience, do not at all tally with the concise MOOC format.

How was it all recorded? My stay on the "desert island" with limited access to resources led to the fact that everything was organized in the most efficient and simplest way. The configuration of the existing laptop did not provide a microphone input, so the sound was recorded using the built-in microphone. Of course, this is not very good, but, perhaps, the uniqueness and quality of the material will be able to reconcile this feature with this bug .

The intro video was recorded on the camcorder in HD. All other materials were recorded with a slide show and voice-overs, without the appearance of a lecturer on the screen.
To capture video and sound, the program oCam was used . No hassle with its installation and use did not arise. The video was recorded in ISO MPEG-4 format for further processing by the YouTube video editor. As it turned out, the YouTube video editor also somewhat improves the quality of the non-studio sound.

Contents MOOC "Functional security of computer systems"

The course includes six lectures or, in the MOOC terminology, six weeks of study. Lectures are posted on the YouTube channel in the form of the following playlists (the content of playlists-lectures is shown in Figure 1):

Lecture 1. Introduction to functional safety
Lecture 2. Requirements of standard IEC 61508
Lecture 3. Functional Security Management
Lecture 4. The life cycle of functional and information security
Lecture 5. Evaluation of functional safety indicators
Lecture 6. Methods of ensuring functional safety



Figure 1. The structure of the MOOC "Functional security of computer systems"

Independent work of students is implemented in four areas:

- answer to test questions (quiz);
- reading the recommended literature;
- if desired - the study of additional materials in excess of the program;
- and, most importantly, an individual project.

An individual project is the main result of studying the course, where it is important not only to find previously known answers to test questions, but, above all, it is necessary to solve an applied problem based on the knowledge gained. Such a task is to develop your own document, covering the evaluation of the FB in the areas studied in the lecture material. This document is called the Assurance Case (or "security justification" in the meaning, not in the direct translation). The development of the Assurance Case is used in the practice of evaluating and certifying the Security Case and Security Case. As objects of evaluation, the components of the automated process control system are proposed: controllers, actuators and sensors. Students are given an Assurance Case template, and they fill it in stages, based on the material of each lecture. The template structure is shown in Figure 2.



Figure 2. The structure of the individual assignment (Assurance Case), performed during the study of MOOC "Functional safety of computer systems"

findings

MOOC recording is a fascinating activity that requires serious temporary investments. Each has its own speed of speaking the text and its writing. My estimates suggest that a thousand characters of text (this is half a page of A4 with a 14-m font at one and a half times each) can be announced in about one minute. That is, for example, to prepare a half-hour lecture you need to write about 30 thousand characters (15 pages of text).

But, then, this test is easy to put together into an article. This is exactly how a series of articles on functional safety appeared ; it was developed in parallel with the online course.

Judging by the feedback from students, they perceived this format positively. As all the MOOC statistical studies say, the success of learning is influenced not by the online / offline form, but, first and foremost, by the students' motivation. Those who wanted, perfectly coped with the individual task.

While working on the course, I felt how slow the technology possibilities are being mastered by some universities. But the reality is that few people manage to influence this process. As William Gibson used to say, “the future is already here - it's just not very evenly distributed”.

Of course, the proposed set of YouTube playlists cannot yet be considered a MOOC in the classic format, and after the pilot version of the product, you need to perform a number of further fine-tuning activities, namely:

- add animated screensavers;
- move the course to the MOOC development environment (edX is considered);
- develop online tests;
- place the course on one or several online learning platforms;
- recruit and train the group;
- and also, in the long term, write down the English version of the course.

This will do in the near future.