on the design of security games
play

On the design of security games: From frustrating to engaging - PowerPoint PPT Presentation

Jul 03, 2023 •120 likes •291 views

On the design of security games: From frustrating to engaging learning 2016 USENIX Advances in Security Education Workshop August 9, 2016 Jan Vykopal , Milo Bartk Masaryk University, Brno Who am I? Ph.D. graduate in flow-based intrusion

  1. On the design of security games: From frustrating to engaging learning 2016 USENIX Advances in Security Education Workshop August 9, 2016 Jan Vykopal , Miloš Barták Masaryk University, Brno

  2. Who am I?  Ph.D. graduate in flow-based intrusion detection.  Founder and head of a university CSIRT in the Czech Republic.  Researcher with KYPO – academic cloud-based cyber range.  Coordinator and designer of hands-on training at KYPO platform, e. g. Czech national cyber defence exercise. On the design of security games: From frustrating to engaging learning 2 Jan Vykopal, Masaryk University

  3. Outline  KYPO game  Generic module of KYPO cyber range for running CtF games  Prototype game  Lessons learned  Extensions of KYPO game  Research questions  User study – setup and results  Conclusion and future work On the design of security games: From frustrating to engaging learning 3 Jan Vykopal, Masaryk University

  4. KYPO cyber range On the design of security games: From frustrating to engaging learning 4 Jan Vykopal, Masaryk University

  5. KYPO game - design  One educational use case of KYPO cyber range, implemented as a portlet.  Framework for creating and running attack-only capture-the-flag games.  Each game is split to several levels, players search for correct answer (flag).  Each level offers hints that can be displayed in exchange for penalty points. On the design of security games: From frustrating to engaging learning 5 Jan Vykopal, Masaryk University

  6. KYPO game – prototype  Prototype game for teaching penetration testing.  Four levels with the ultimate objective of NTP DoS amplification attack.  Each player has own sandbox with a machine under control. Sandbox topology On the design of security games: From frustrating to engaging learning 6 Jan Vykopal, Masaryk University

  7. KYPO game – extensions I Lessons learned:  Difficulty of levels is not balanced.  Learners are hesitant whether the hints will help them.  Game-related information provided outside the platform are inconvenient. Extensions:  Improved hint system  Hints about hints available what tool to use , how to use the tool, …  Players can now choose hints in arbitrary order.  Embedded level solutions  Step-by-step tutorial for each level. On the design of security games: From frustrating to engaging learning 7 Jan Vykopal, Masaryk University

  8. KYPO game – extensions II Lesson learned: Aug 9, 08:00, Participant_1: Game started  Teacher has no information about the learners’ performance and progress in the ongoing event. Aug 9, 08:00, Participant_1: Level 1 entered Aug 9, 08:05, Participant_1: Extension: Incorrect flag submitted  Logging the learner’s actions Aug 9, 08:07, Participant_1:  Generic approach in dependent on specific game and its Hint 1 taken sandbox (hosts, network connections). Aug 9, 08:15, Participant_1:  Captures only the interaction of the player and KYPO portal. Level 1 completed (correct flag)  Does not capture any events or states from sandbox. Aug 9, 08:20, Participant_1: Level 2 entered ... On the design of security games: From frustrating to engaging learning 8 Jan Vykopal, Masaryk University

  9. Research questions 1. How helpful are the hints and solutions for the learners? How do they contribute to completion of the level? 2. What can be predicted from the participants’ actions ? What do game logs tell about the game and progress of the players? On the design of security games: From frustrating to engaging learning 9 Jan Vykopal, Masaryk University

  10. Evaluation of extensions – setup I  Experiment with a new game using the new features  More levels  Used improved hint system  Level solutions available.  21 participants in total - a diverse mix of players  Various level of experience and work positions (students, IT staff, researchers, experts).  Various European nations.  Various experience with hands-on training in cyber security. On the design of security games: From frustrating to engaging learning 10 Jan Vykopal, Masaryk University

  11. Evaluation of extensions – setup II  Self-assessment questionnaires for players  before the game,  after each level,  after the game.  How was the level difficult?  Were the hints helpful?  Was the time limit sufficient?  What have you learned?  Would you like to play another game?  Game events of all players logged – a complement to self-assessment data. On the design of security games: From frustrating to engaging learning 11 Jan Vykopal, Masaryk University

  12. Evaluation of extensions – hints  New hint system used in 28 % of cases (arbitrary order of hints = green boxes).  77 % of all levels where learners opted for a hint(s) were then accomplished.  Mismatch of game logs and self-assessment (double checked). On the design of security games: From frustrating to engaging learning 12 Jan Vykopal, Masaryk University

  13. Evaluation of extensions – level solutions  If the hints do still not help, and participants cannot proceed further, they can access the solution of the level.  Contribution of solutions to accomplishment of the level was weaker than expected  Solution displayed and then the correct flag submitted – 60 % (17x)  Solution displayed and then the level skipped – 40 % (11x)  Some participants might be frustrated and just wanted to enter the next level(s). On the design of security games: From frustrating to engaging learning 13 Jan Vykopal, Masaryk University

  14. Evaluation of new features – game logs Max Time limit Median Min Level On the design of security games: From frustrating to engaging learning 14 Jan Vykopal, Masaryk University

  15. Evaluation of new features – game logs Max Time limit Median Min Level difficulty 1.6 2.7 3.6 4.2 3.8 4.5 1 – easy, 5 – very hard On the design of security games: From frustrating to engaging learning 15 Jan Vykopal, Masaryk University

  16. Conclusions  Logging the game’s events provide useful data for analysis of game sessions to make them more engaging and fun.  It is also useful for teachers to monitor ongoing session.  Learners did use redesigned hint system and recommended solutions.  Evidence found in collected game events and the supplemental user survey.  Learners’ answers neither confirm nor disprove the benefit of the hints and solutions used.  Other games events matched the learners’ assessment (level difficulty and duration).  Future work: Do user surveys represent reliable tools for designing and evaluating hands-on training? On the design of security games: From frustrating to engaging learning 16 Jan Vykopal, Masaryk University

  17. QUESTIONS? THANKS FOR YOUR ATTENTION! www.kypo.cz Jan Vykopal @csirtmu vykopal@ics.muni.cz

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Game Theory : Security games, Applications to security CSC304 - Nisarg Shah 1 Until now

Game Theory : Security games, Applications to security CSC304 - Nisarg Shah 1 Until now

CSC304 Lecture 7 Game Theory : Security games, Applications to security CSC304 - Nisarg Shah 1 Until now Simultaneous-move Games All players act simultaneously Nash equilibria = stable outcomes Each player is best responding

530 views • 24 slides
CSC304 Lecture 7 Game Theory : Security games, Applications to security CSC304 - Nisarg Shah 1

CSC304 Lecture 7 Game Theory : Security games, Applications to security CSC304 - Nisarg Shah 1

CSC304 Lecture 7 Game Theory : Security games, Applications to security CSC304 - Nisarg Shah 1 Until now Simultaneous-move Games All players act simultaneously Nash equilibria = stable outcomes Each player is best responding

486 views • 24 slides
CSC304 Lecture 6 Game Theory : Security games, Applications to security CSC304 - Nisarg Shah 1

CSC304 Lecture 6 Game Theory : Security games, Applications to security CSC304 - Nisarg Shah 1

CSC304 Lecture 6 Game Theory : Security games, Applications to security CSC304 - Nisarg Shah 1 Recap Last lecture Zero-sum games The minimax theorem Assignment 1 posted Might add one or two questions (more if you think

366 views • 22 slides
Tabletop Game Design UDLS: April 17th, 2015 Neil Newman Zero Player Games Solved Games - Tic

Tabletop Game Design UDLS: April 17th, 2015 Neil Newman Zero Player Games Solved Games - Tic

Tabletop Game Design UDLS: April 17th, 2015 Neil Newman Zero Player Games Solved Games - Tic tac toe - The same is true of more complicated games: Connect 4, Checkers Analysis Paralysis - AP describes a player that takes too long to decide

503 views • 17 slides
Summary 1. Introduction 2. Serious games as Educational Tools 3. The Design of the Serious

Summary 1. Introduction 2. Serious games as Educational Tools 3. The Design of the Serious

Summary 1. Introduction 2. Serious games as Educational Tools 3. The Design of the Serious Game 4. Final Remarks 2 1. Introduction Serious games main objective other than mere entertainment Includes knowledge transmission to the

683 views • 25 slides
AI in Design: How AI Enables Designers Brian Reynolds, President, Big Huge Games AI in Design !

AI in Design: How AI Enables Designers Brian Reynolds, President, Big Huge Games AI in Design !

AI in Design: How AI Enables Designers Brian Reynolds, President, Big Huge Games AI in Design ! How AI enables Design (and vice versa) ! AI and Design should be created side-by-side ! Integrating Design and AI process ! Uses for AI:

380 views • 17 slides
What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptycs, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv INTRO / Who We Are We are Nguyet & Doug Collectively,

634 views • 39 slides
The Principles of Audio And implementation Design for games !! YO! L A C I D A R I am

The Principles of Audio And implementation Design for games !! YO! L A C I D A R I am

The Principles of Audio And implementation Design for games !! YO! L A C I D A R I am Maximilien Simard-Poirier I am here because I love to share the audio knowledge !!! You can find me on twitter @maxspsound WHAT are we gonna talk

934 views • 65 slides
Genetic Approximations for the Failure-Free Security Games Anton Charnamord

Genetic Approximations for the Failure-Free Security Games Anton Charnamord

Genetic Approximations for the Failure-Free Security Games Anton Charnamord anton.charnamord@cyber.ee October 2nd, 2015 Genetic Approximations for the Failure-Free Security Games Aleksandr Lenin 1 , 2 , Jan Willemson 1 and Anton Charnamord 1 , 2

579 views • 46 slides
The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director Global Privacy & Security by Design Centre Technion Summer School on Cyber Security Haifa, Israel September 9, 2020 Lets Dispel The Myths

929 views • 55 slides
Towards a Science of Security Games : Key Algorithmic Principles, Deployed Systems, Research

Towards a Science of Security Games : Key Algorithmic Principles, Deployed Systems, Research

Towards a Science of Security Games : Key Algorithmic Principles, Deployed Systems, Research Challenges Milind Tambe Helen N. and Emmett H. Jones Professor in Engineering University of Southern California with: Current/former PhD

842 views • 60 slides
CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012 1 Content of Todays Lecture Summary and Wrap up on Security Terminology The Fundamental Dilemma of Security Five Design Principles

801 views • 25 slides
CSC2556 Lecture 11 Noncooperative Games 2: Zero-Sum Games, Stackelberg Games CSC2556 - Nisarg

CSC2556 Lecture 11 Noncooperative Games 2: Zero-Sum Games, Stackelberg Games CSC2556 - Nisarg

CSC2556 Lecture 11 Noncooperative Games 2: Zero-Sum Games, Stackelberg Games CSC2556 - Nisarg Shah 1 Zero-Sum Games Total reward is constant in all outcomes (w.l.o.g. 0 ) Focus on two-player zero-sum games (2p-zs) The more I

539 views • 27 slides
Game Design What you should know about game design whether you create games or not Codemotion

Game Design What you should know about game design whether you create games or not Codemotion

Game Design What you should know about game design whether you create games or not Codemotion Berlin 24 October 2016 emabolo@gmail.com @emabolo Emanuele Bolognesi emabolo@gmail.com http://emabolo.com @emabolo www.gamearena.io

809 views • 77 slides
Psychology of Video Games Presented by: Katy Roose BLUF- Bottom Line Up Front Game Design

Psychology of Video Games Presented by: Katy Roose BLUF- Bottom Line Up Front Game Design

Psychology of Video Games Presented by: Katy Roose BLUF- Bottom Line Up Front Game Design is interdisciplinary Good games stimulate players neurologically, cognitively, and socially/emotionally Misuse or exploitation= BAD

404 views • 13 slides
A Case for Protecting Computer Games With SGX Erick Bauman and Zhiqiang Lin System and Software

A Case for Protecting Computer Games With SGX Erick Bauman and Zhiqiang Lin System and Software

Background Overview Detailed Design Case Study Conclusion A Case for Protecting Computer Games With SGX Erick Bauman and Zhiqiang Lin System and Software Security (S 3 ) Lab The University of Texas at Dallas December 12 th , 2016 Background

646 views • 62 slides
KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational Tasks Including War Gaming, Logistics, Cyber Defence (MSG- 133 ), Munich, Germany 15 th October, 2015 Pavel ELEDA, Jakub EGAN Jan VYKOPAL,

644 views • 19 slides
Ba Barossa First ssa First The he Bel Belongi nging BAROSSA FIRST: THE BELONGING

Ba Barossa First ssa First The he Bel Belongi nging BAROSSA FIRST: THE BELONGING

BARO BA ROSS SSA 2 0 1 9 T h i n k T a n k Ba Barossa First ssa First The he Bel Belongi nging BAROSSA FIRST: THE BELONGING Investm Inv stment o of $ $800k 00k + to to gr grow ow wine wine ex expor ports by by showc

396 views • 22 slides
Bishkek Project Presentation Kyrgyzstan shares borders with China, Kazakhstan, Uzbekistan and

Bishkek Project Presentation Kyrgyzstan shares borders with China, Kazakhstan, Uzbekistan and

November 2012 Bishkek Project Presentation Kyrgyzstan shares borders with China, Kazakhstan, Uzbekistan and Tajikistan; situated less than 200 miles from Afghanistan Total area is 77,181 sq miles Population is 5, 8 million Capital city of

314 views • 17 slides
WHAT CAN SOCIAL MEDIA IN CHINA TEACH THE WORLD? DR. LINDA XU CHIEF CLIENT OFFICER KANTAR

WHAT CAN SOCIAL MEDIA IN CHINA TEACH THE WORLD? DR. LINDA XU CHIEF CLIENT OFFICER KANTAR

WHAT CAN SOCIAL MEDIA IN CHINA TEACH THE WORLD? DR. LINDA XU CHIEF CLIENT OFFICER KANTAR MEDIA CIC Why social media in China is so different The Chinese Internet serves as a powerful platform for entertainment, information, socializing,

326 views • 31 slides
CRYTON BREACH AND ATTACK SIMULATION Thursday 4 th October, 2018 Ivo Nutr Outline Breach &

CRYTON BREACH AND ATTACK SIMULATION Thursday 4 th October, 2018 Ivo Nutr Outline Breach &

CRYTON BREACH AND ATTACK SIMULATION Thursday 4 th October, 2018 Ivo Nutr Outline Breach & Attack Simulation Cryton Cryton Page 2 / 22 About me Where I work CSIRT-MU KYPO What I Do Cryton B&S Penetration testing CyberEx GT/RT

666 views • 22 slides
Matthew Foval Chase Forbes Larry Francioni Xochitl Roman IPSEC Encrypts each data

Matthew Foval Chase Forbes Larry Francioni Xochitl Roman IPSEC Encrypts each data

Matthew Foval Chase Forbes Larry Francioni Xochitl Roman IPSEC Encrypts each data packet during the connection Transport mode and Tunneling mode Creates a tunnel between two L2TP connection points L2TP Usually paired with

510 views • 16 slides
IPv6 deployment - an ISP view Gert D oring SpaceNet AG, Munich ICANN Meeting, Lisbon, March

IPv6 deployment - an ISP view Gert D oring SpaceNet AG, Munich ICANN Meeting, Lisbon, March

SpaceNet: IPv6 Introduction 1 IPv6 deployment - an ISP view Gert D oring SpaceNet AG, Munich ICANN Meeting, Lisbon, March 25, 2007 SpaceNet: IPv6 Introduction Overview Introduction ISP network

656 views • 14 slides
The Phone Co-op Limited The mobile industry time for re-regulation Comms Provider 16 October

The Phone Co-op Limited The mobile industry time for re-regulation Comms Provider 16 October

The Phone Co-op Limited The mobile industry time for re-regulation Comms Provider 16 October 2008 Vivian Woodell Chief Executive The Phone Co-op 1 Ofcoms review is timely The mobile and fixed line industries work in quite

439 views • 24 slides

More recommend