Abstract
As mobile devices grow increasingly in popularity within the student community, novel educational activities and tools, as well as learning approaches can be developed to get benefit from this prevalence of mobile devices (e.g. mobility and closeness to students’ daily lives). Particularly, information security education should reflect the current trend in computing platforms away from the desktop and towards mobile devices. This paper discusses a case study of a learning approach that aims at taking advantages of the benefits of mobile devices and the best practices in learning information security, as well as promoting students’ interests and increasing their self-efficacy. The learning approach uses two Android learning apps to enhance students’ hands-on skills on firewall filtering rules implementation, by practicing network traffic filtering outside the traditional laboratory activities, in the real-world environment; i.e., anywhere and anytime, at the students’ convenience. Practically, the two Android apps are a firewall app and a packet generator app; both apps are freely available at Google Play Store. Based on statistics from the Google Play Store, in about one and a half years, the packet generator app turned popular with over 20,000 downloads worldwide and a 3.75 users’ rating. A comparative analysis of various existing Android firewall apps with the proposed firewall app emphasizes its significance. The impact of the Android apps on the students’ performance in terms of achieving the course outcomes is also discussed.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Andrus, J., & Nieh, J. (2012). Teaching operating systems using android. Proc. of the 43rd ACM Technical Symposium on Computer Science Education (SIGCSE 2012), pp. 613–618.
Bhattacharya, P., Yang, L., Guo, M., Qian, K., & Yang, M. (2014). Learning mobile security with Labware. IEEE Security and Privacy, 12(1), 69–72.
Caltagirone, S., Ortman, P., Melton, S., Manz, D., King, K., & Oman, P. (2006). Design and implementation of a multi-use attack-defend computer security lab. Proc. of the 39th Annual Hawaii International Conference on System Sciences - HICSS, USA.
Du, W., Jayaraman, K., & Gaubatz, N. (2010). Enhancing security education with hands-on laboratory exercises. In Proceedings of the fifth Annual Symposium on Information Assurance (ASIA ‘10), June 16–17, 2010, Albany, New York.
EDUCAUSE (2014). The future of mobile computing, 04/2011, accessed in Nov. 2014, http://net.educause.edu/ir/library/pdf/ESPNT1b.pdf.
Guo, M., Bhattacharya, P., Yang, M., Qian, K., & Yang, L. (2013). Learning mobile security with android security labware. Proc. of the 44th ACM technical symposium on Computer Science Education (SIGCSE 2013), pp.675–680.
Hill, J. M., Carver, C. A., Jr., Humphries, J. W., & Pooch, U. W. (2001). Using an isolated network laboratory to teach advanced networks and security. Proc. of the 32nd SIGCSE Technical Symposium on Computer Science Education (pp. 36–40). Charlotte: ACM Press.
Ibrahim, W., Atif, Y., Shuaib, K., & Sampson, D. (2015). A web-based course assessment tool with direct mapping to student outcomes. Journal of Educational Technology & Society, 18(2), 46–59.
Levine, A., & Kossuth, J. (2011). The future of mobile computing, Mobile Computing Spotlight Series, Part of the Mobile Computing 5-Day EDUCAUSE Sprint, April 25, 2011.
Li-Chiou, C., & Chienting, L. (2007). Combining theory with practice in information security education, Proc. of the 11th Colloquium for Information Systems Security Education, 2007, pp. 28–35.
Loveland, S. (2011). Human computer interaction that reaches beyond desktop applications, Proc. of the 42nd ACM Tech. Symposium Computer Science Education (SIGCSE 11), 2011, pp. 595–600.
Northcutt, S., Zeltser, L., Winters, S., Kent, K., & Ritchey, R.W. (2005). Inside network perimeter security (2nd Edition). Sams Publishing.
Sanderson, D.B. (2009). Revising an assessment plan to conform to the new ABET-CAC guidelines. Proc. of the 40th ACM Technical Symposium on Computer Science Education (SIGCSE’09), pp. 352–356, Chattanooga, USA.
Trabelsi, Z. (2011). Hands-on lab exercises implementation of DoS and MiM attacks using ARP cache poisoning, Proc. Information Security Curriculum Development Conference, 2011, pp. 74–83.
Trabelsi, Z., & Alketbi, L. (2013). Using network packet generators and snort rules for teaching denial of service attacks. Proc. of the 18th ACM conference on innovation and technology in computer science education, ITiCSE’13, pp. 285–290.
Trabelsi, Z., & Mustafa, U. (2014). A web-based firewall simulator tool for information security education. Proc. of the 16th Australasian Computing Education Conference (ACE2014), CRPIT. Vol. 148, pp.: 83–90, 2014, Auckland, New Zealand.
Trabelsi, Z., Hayawi, K., Al Braiki, A., & Sujith, M. (2013). Network attacks and defenses: A hands-on approach. CRC Press.
Vigna, G. (2003a). Teaching network security through live exercises. In C. E. Irvine, & H. L. Armstrong (Eds.), World conference on information security education, volume 253 of IFIP Conference Proceedings, pages 3–18. Kluwer.
Vigna, G. (2003b). Teaching hands-on network security: testbeds and live exercises. Journal of Information Warfare, 2(3), 8–24.
Whitman, E.M., Mattord, J.H., & Green, W.A. (2014). Hands-on information security lab manual, 4th Edition. Cengage Learning.
Yuan, D., & Zhong, J. (2008). A lab implementation of SYN flood attack and defense. Proc. of the 9th ACM SIGITE Conference on Information Technology Education (SIGITE’08), pp. 57–58, Cincinnati, Ohio, USA.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Trabelsi, Z., Al Matrooshi, M., Al Bairaq, S. et al. Android based mobile apps for information security hands-on education. Educ Inf Technol 22, 125–144 (2017). https://doi.org/10.1007/s10639-015-9439-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10639-015-9439-8