License: Creative Commons Attribution 3.0 Unported license (CC BY 3.0)
When quoting this document, please refer to the following
DOI: 10.4230/OASIcs.ICPEC.2020.10
URN: urn:nbn:de:0030-drops-122977
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2020/12297/
Go to the corresponding OASIcs Volume Portal

Gasiba, Tiago ; Lechner, Ulrike ; Rezabek, Filip ; Pinto-Albuquerque, Maria

Cybersecurity Games for Secure Programming Education in the Industry: Gameplay Analysis

pdf-format:
OASIcs-ICPEC-2020-10.pdf (0.6 MB)

Abstract

To minimize the possibility of introducing vulnerabilities in source code, software developers may attend security awareness and secure coding training. From the various approaches of how to raise awareness and adherence to coding standards, one promising novel approach is Cybersecurity Challenges. However, in an industrial setting, time is a precious resource, and, therefore, one needs to understand how to optimize the gaming experience of Cybersecurity Challenges and the effect of this game on secure coding skills. This work identifies the time spent solving challenges of different categories, analyzes gaming strategies in terms of a slow and fast team profile, and relates these profiles to the game success. First results indicate that the slow strategy is more successful than the fast approach. The authors also analyze the possible implications in the design and the training of secure coding in an industrial setting by means of Cybersecurity Challenges. This work concludes with a brief overview of its limitations and next steps in the study.

BibTeX - Entry

@InProceedings{gasiba_et_al:OASIcs:2020:12297,
  author =	{Tiago Gasiba and Ulrike Lechner and Filip Rezabek and Maria Pinto-Albuquerque},
  title =	{{Cybersecurity Games for Secure Programming Education in the Industry: Gameplay Analysis}},
  booktitle =	{First International Computer Programming Education Conference (ICPEC 2020)},
  pages =	{10:1--10:11},
  series =	{OpenAccess Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-153-5},
  ISSN =	{2190-6807},
  year =	{2020},
  volume =	{81},
  editor =	{Ricardo Queir{\'o}s and Filipe Portela and M{\'a}rio Pinto and Alberto Sim{\~o}es},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/opus/volltexte/2020/12297},
  URN =		{urn:nbn:de:0030-drops-122977},
  doi =		{10.4230/OASIcs.ICPEC.2020.10},
  annote =	{Keywords: education, training, secure coding, industry, cybersecurity, capture-the-flag, game analysis, cybersecurity challenge}
}

Keywords: education, training, secure coding, industry, cybersecurity, capture-the-flag, game analysis, cybersecurity challenge
Collection: First International Computer Programming Education Conference (ICPEC 2020)
Issue Date: 2020
Date of publication: 15.06.2020

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI