Ulrike Lechner scite author profile

Over the last years, the number of cyber-attacks on industrial control systems has been steadily increasing. Among several factors, proper software development plays a vital role in keeping these systems secure. To achieve secure software, developers need to be aware of secure coding guidelines and secure coding best practices. This work presents a platform geared towards software developers in the industry that aims to increase awareness of secure software development. The authors also introduce an interactive game component, a virtual coach, which implements a simple artificial intelligence engine based on the laddering technique for interviews. Through a survey, a preliminary evaluation of the implemented artifact with real-world players (from academia and industry) shows a positive acceptance of the developed platform. Furthermore, the players agree that the platform is adequate for training their secure coding skills. The impact of our work is to introduce a new automatic challenge evaluation method together with a virtual coach to improve existing cybersecurity awareness training programs. These training workshops can be easily held remotely or off-line.

show abstract

Design of Secure Coding Challenges for Cybersecurity Education in the Industry

Gasiba

Lechner

Pinto-Albuquerque

et al. 2020

View full text Add to dashboard Cite

According to a recent survey with more than 4000 software developers, "less than half of developers can spot security holes". As a result, software products present a low-security quality expressed by vulnerabilities that can be exploited by cyber-criminals. This lack of quality and security is particularly dangerous if the software which contains the vulnerabilities is deployed in critical infrastructures. Serious games, and in particular, Capture-the-Flag(CTF) events, have shown promising results in improving secure coding awareness of software developers in the industry. The challenges in the CTF event, to be useful, must be adequately designed to address the target group. This paper presents novel contributions by investigating which challenge types are adequate to improve software developers' ability to write secure code in an industrial context. We propose 1) six challenge types usable in the industry context, and 2) a structure for the CTF challenges. Our investigation also presents results on 3) how to include hints and penalties into the cyber-security challenges. We evaluated our work through a survey with security experts. While our results show that "traditional" challenge types seem to be adequate, they also reveal a new class of challenges based on code entry and interaction with an automated coach.this stage, several hints can be given to the player depending on several factors, e.g., time taken by the player to solve the challenge or the previous number of attempts to solve the challenge. The logic stage is responsible for evaluating the solution to the challenge provided by the player and determining if it is correct (acceptable) or wrong (not acceptable). According to the analysis of the answer provided by the player, points or penalties might be awarded.

show abstract

Future Security: Processes or Properties?—Research Directions in Cybersecurity

Lechner

2019

View full text Add to dashboard Cite

CyberSecurity Challenges for Software Developer Awareness Training in Industrial Environments

Gasiba

Lechner

Pinto-Albuquerque

2021

View full text Add to dashboard Cite

Awareness of cybersecurity topics facilitates software developers to produce secure code. This awareness is especially important in industrial environments for the products and services in critical infrastructures. In this work, we address how to raise awareness of software developers on the topic of secure coding. We propose the "CyberSecurity Challenges", a serious game designed to be used in an industrial environment and address software developers' needs. Our work distills the experience gained in conducting these CyberSecurity Challenges in an industrial setting. The main contributions are the design of the CyberSecurity Challenges events, the analysis of the perceived benefits, and practical advice for practitioners who wish to design or refine these games.

show abstract

Communities and media-towards a reconstruction of communities on media

Lechner

Schmid

View full text Add to dashboard Cite

Media are explored as model to envision, to design, to formalize and to implement platforms for communities. We consider communities of both natural and artificial agents and aim at designing media which facilitate collaboration within such a community. Our approach is based on the media concept and the media model. The media concept envisions media as platforms for multi-agent systems and the media reference model determines the main components of a medium and guides its application as, e.g., for ECommerce or Knowledge Management. We present a formalization of those models that facilitates artificial agents to act according to the description given in this formalization. We explore the notion of community and various interrelations communities and their media. We discuss the representation of a community on a platform and how technology enables and influences the constitution of communities. We reconstruct communities on media and explore formalization, redesign and reconsideration of aspects of communities.

show abstract

The community model of content management: A case study of the music industry

Hummel

Lechner²

2001

International Journal on Media Management

View full text Add to dashboard Cite

Integration of Blockchain and Internet of Things in a Car Supply Chain

Reimers

Leber

Lechner

2019

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Ulrike Lechner

Social profiles of virtual communities

Cybersecurity Awareness Platform with Virtual Coach and Automated Challenge Assessment

Design of Secure Coding Challenges for Cybersecurity Education in the Industry

Future Security: Processes or Properties?—Research Directions in Cybersecurity

CyberSecurity Challenges for Software Developer Awareness Training in Industrial Environments

Communities and media-towards a reconstruction of communities on media

The community model of content management: A case study of the music industry

Integration of Blockchain and Internet of Things in a Car Supply Chain

Contact Info

Product

Resources

About