Developing and Assessing a Web-Based Interactive Visualization Tool to Teach Buffer Overflow Concepts

This Innovative Practice Full Paper presents a new way to teach buffer overflow concepts. Historically, buffer overflow has been the number one security vulnerability in applications for many years. More recently, advances in protection methods including non-executable stack, canaries, ASLR, and Windows DEP have made buffer overflow attacks a much smaller security concern, but they are still a serious issue in embedded systems and micro-controllers. Therefore, it is still very important to teach students this topic. There are several tools available for teaching buffer overflow attacks, but there are no easily accessible interactive teaching tools to help students understand the concepts. We developed a web-based interactive visualization tool that aims to help students gain a deeper understanding of buffer overflow concepts. There are six learning components that build upon one another as well as an assessment after each component for immediate learning feedback. There is also a space shooter mini-game between each learning component. To evaluate the impact of this online visualization tool on students’ learning, we developed in-game assessments, a pre-test, a post-test and a survey. This tool was used in two classes at Winston-Salem State University (WSSU) and North Carolina A&T State University (NC A&T) in Fall 2019. The classroom experience reports and focus group discussion show that this tool helped students improve their understanding of buffer overflow concepts.