A Data-driven Security Game to Facilitate Information Security Education
Many universities have started to educate students on how to develop secure software and systems. One challenge of teaching information security is that the curriculum can easily be outdated, because new attacks and mitigation approaches arise. It is therefore necessary to provide software developers with methods and tools that are attractive (e.g., computer games) for self-study and up-to-date information security knowledge during and after the university education. This paper presents an on-going study to develop an educational game to facilitate information security education. The game is developed as a single player Tower Defense (TD) game. The educational goal of the game is to teach developers, who are not security experts, how to choose proper mitigation strategies and patterns to defend against various security attack scenarios. One key benefit of our game is that it is data driven, meaning, it can continuously fetch data from relevant security-based online sources (e.g., Common Attack Pattern Enumeration Classification CAPEC) to stay up to date with any new information. This is done automatically. We evaluated the game by letting students play it and give comments. Evaluation results show that the game can facilitate students learning of mitigation strategies to defend against attack scenarios.
Fri 31 MayDisplayed time zone: Eastern Time (US & Canada) change
14:00 - 15:30 | Novel Approaches in SE EducationSoftware Engineering Education and Training / Posters at St-Denis / Notre-Dame Chair(s): Hakan Erdogmus Carnegie Mellon University | ||
14:00 15mTalk | Teaching Software Construction at Scale with Mastery Learning: A Case StudySEET Software Engineering Education and Training Elisa Baniassad University of British Columbia, Alice Campbell The University of British Columbia, Tiara Allidina The University of British Columbia, Asrai Ord The University of British Columbia Pre-print | ||
14:15 15mTalk | Look What I Can Do: Acquisition of Programming Skills in the Context of Living LabsSEET Software Engineering Education and Training Mazyar Seraj University of Bremen & German Research Center for Artificial Intelligence (DFKI), Cornelia S. Große University of Bremen, Serge Autexier German Research Center for Artificial Intelligence (DFKI), Rolf Drechsler University of Bremen & German Research Center for Artificial Intelligence (DFKI) Pre-print | ||
14:30 15mTalk | How much 'Authenticity' can be achieved in Software Engineering Project Based courses?SEET Software Engineering Education and Training Zahra Shakeri University of Calgary, Muneera Bano Swinburne University of Technology, Melbourne, Didar Zowghi University of Technology, Sydney | ||
14:45 10mTalk | Having Fun in Learning Formal SpecificationsSEET Software Engineering Education and Training Wishnu Prasetya Utrecht University, Craig Leek Utrecht University, Orestis Melkonian Utrecht University, Joris ten Tusscher Utrecht University, Jan van Bergen Utrecht University, Jasper Everink Utrecht University, Thomas van der Klis Utrecht University, Rick Meijerink Utrecht University, Roan Oosenbrug Utrecht University, Jelle Oostveen Utrecht University, Tijmen van den Pol Utrecht University, Wink van Zon Utrecht University Pre-print | ||
14:55 6mPoster | A Data-driven Security Game to Facilitate Information Security Education Posters Dag Erik Homdrum Løvgren Acando AS, Jingyue Li Norwegian University of Science and Technology, Tosin Daniel Oyetoyan SINTEF Digital | ||
15:01 29mTalk | Author Panel DiscussionSEET Software Engineering Education and Training | ||