Found this paper linked in today's CryptoGram, Bruce Schneier's newsletter.
Some background: computer security often requires a kind of lateral thinking that's so strange, it can come off as a kind of character defect. Schneier once remarked that when he was a kid, his friends thought it was cool that ant farms would mail live ants to their customers --but he thought it was cool that he could get live ants delivered to anyone's mailbox. For the last few years, Yoshi's been trying to figure out how to teach this "security mindset." (When he wasn't figuring out how to hack garage door openers to cause pacemakers to malfunction.)
This iteration seems to fit into that vein of trying to teach a new way of thinking in service of a gray art, but it juts off in a direction that might interest this crowd a bit more. A taste:
Since our class was targeted at senior-level computer science students – not writing students – we began with a brief introduction to the structure of stories.
Computer security courses typically cover a breadth of technical
topics, including threat modeling, applied cryptography, software
security, and Web security. The technical artifacts of computer
systems – and their associated computer security risks and
defenses – do not exist in isolation, however; rather, these systems
interact intimately with the needs, beliefs, and values of people.
This is especially true as computers become more pervasive,
embedding themselves not only into laptops, desktops, and the
Web, but also into our cars, medical devices, and toys. Therefore,
in addition to the standard technical material, we argue that
students would benefit from developing a mindset focused on the
broader societal and contextual issues surrounding computer
security systems and risks. We used science fiction (SF)
prototyping to facilitate such societal and contextual thinking in a
recent undergraduate computer security course. We report on our
approach and experiences here, as well as our recommendations
for future computer security and other computer science courses.
I'm a little skeptical that this is a great use of time in a general security course, but it's an interesting idea. I like their idea of a cross-listed class more.