Over the last years, the number of cyber-attacks on industrial control systems has been steadily increasing. Among several factors, proper software development plays a vital role in keeping these systems secure. To achieve secure software, developers need to be aware of secure coding guidelines and secure coding best practices. This work presents a platform geared towards software developers in the industry that aims to increase awareness of secure software development. The authors also introduce an interactive game component, a virtual coach, which implements a simple artificial intelligence engine based on the laddering technique for interviews. Through a survey, a preliminary evaluation of the implemented artifact with real-world players (from academia and industry) shows a positive acceptance of the developed platform. Furthermore, the players agree that the platform is adequate for training their secure coding skills. The impact of our work is to introduce a new automatic challenge evaluation method together with a virtual coach to improve existing cybersecurity awareness training programs. These training workshops can be easily held remotely or off-line.
According to a recent survey with more than 4000 software developers, "less than half of developers can spot security holes". As a result, software products present a low-security quality expressed by vulnerabilities that can be exploited by cyber-criminals. This lack of quality and security is particularly dangerous if the software which contains the vulnerabilities is deployed in critical infrastructures. Serious games, and in particular, Capture-the-Flag(CTF) events, have shown promising results in improving secure coding awareness of software developers in the industry. The challenges in the CTF event, to be useful, must be adequately designed to address the target group. This paper presents novel contributions by investigating which challenge types are adequate to improve software developers' ability to write secure code in an industrial context. We propose 1) six challenge types usable in the industry context, and 2) a structure for the CTF challenges. Our investigation also presents results on 3) how to include hints and penalties into the cyber-security challenges. We evaluated our work through a survey with security experts. While our results show that "traditional" challenge types seem to be adequate, they also reveal a new class of challenges based on code entry and interaction with an automated coach.this stage, several hints can be given to the player depending on several factors, e.g., time taken by the player to solve the challenge or the previous number of attempts to solve the challenge. The logic stage is responsible for evaluating the solution to the challenge provided by the player and determining if it is correct (acceptable) or wrong (not acceptable). According to the analysis of the answer provided by the player, points or penalties might be awarded.
Awareness of cybersecurity topics facilitates software developers to produce secure code. This awareness is especially important in industrial environments for the products and services in critical infrastructures. In this work, we address how to raise awareness of software developers on the topic of secure coding. We propose the "CyberSecurity Challenges", a serious game designed to be used in an industrial environment and address software developers' needs. Our work distills the experience gained in conducting these CyberSecurity Challenges in an industrial setting. The main contributions are the design of the CyberSecurity Challenges events, the analysis of the perceived benefits, and practical advice for practitioners who wish to design or refine these games.
Media are explored as model to envision, to design, to formalize and to implement platforms for communities. We consider communities of both natural and artificial agents and aim at designing media which facilitate collaboration within such a community. Our approach is based on the media concept and the media model. The media concept envisions media as platforms for multi-agent systems and the media reference model determines the main components of a medium and guides its application as, e.g., for ECommerce or Knowledge Management. We present a formalization of those models that facilitates artificial agents to act according to the description given in this formalization. We explore the notion of community and various interrelations communities and their media. We discuss the representation of a community on a platform and how technology enables and influences the constitution of communities. We reconstruct communities on media and explore formalization, redesign and reconsideration of aspects of communities.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.