Workshop on Serious Games for Cyber Security
Heriot-Watt University
May 21-22, 2019
Description
This workshop intends to bring together in Scotland people interested in games, serious games and cyber security. It will consists of talks, hands-on workshops, demos, and discussions sessions for researchers, industries, game designers and developers, cyber security enthusiasts.
Sponsor
The workshop is sponsored by SICSA Cybersecurity Nexus.
Speakers
Here is the list of serious games and cyber security experts who will be giving talks, running hands-on workshops and demos.
- Liz Boyle (University of the West of Scotland)
- Clare Duffy (The Civic Digits)
- Rupert Goodwins (The Civic Digits)
- Thomas Hainey (University of the West of Scotland)
- Theo Lim (Heriot-Watt University)
- Sandy Louchart (Glasgow School of Art)
- Léon McGregor (Heriot-Watt University)
- Charles Morisset (Newcastle University)
- Lynsay Shepherd (Abertay University)
- Robin Sloan (Abertay University)
- Charles Weir (Lancaster University)
Attendees
The workshops is open to academics, professionals, students, and anyone interested in serious games and cyber security. The workshop will be a platform to share and discuss experiences, perspectives and challenges in deploying serious games for tackling cyber security, for the teaching and training in cyber security. The workshop is multi-disciplinary as it brings together experts in the design and development methods for serious games as well as experts in several domains of cyber security such as privacy and developer-centred security. See registration instructions.
Programme
The sessions of the programme are multi disciplinary and bring together expertise from games and cyber security (programme last update on May 10). The programme is available in a PDF version.
Day 1, Tuesday May 21, 2019
9:30-10:00 | Welcome, registration | PG Centre |
10:00-11:00 | Keynote 1 | |
11:00-11:30 | Coffee break | |
11:30-13:00 | Talks session 1 | |
13:00-14:00 | Lunch | |
14:00-16:00 | Hands-on activity 1 | GRID Building |
16:00-17:00 | Coffee break / demos session | |
17:00-18:00 | Group discussions |
We will be going to a Akva at the end of the day (at about 7pm): 129 Fountainbridge, Edinburgh EH3 9QG (15 minutes walk to Haymarket Train Station).
Day 2, Wednesday May 22, 2019
10:00-11:00 | Keynote 2 | PG Centre |
11:00-11:30 | Coffee break | |
11:30-13:00 | Talks session 2 | |
13:00-14:00 | Lunch | |
14:00-16:00 | Hands-on activity 2 | GRID Building |
16:00-17:00 | Coffee break / demos session | |
17:00-18:00 | Group discussions |
Keynote 1
Clare Duffy, Rupert Goodwins (The Civic Digits)
- Title
- The Big Data Show: immersive theatre and ethical hacking
- Abstract
- Civic Digits is a theatre company set up to explore the use of digital technology in entertaining and educating audiences through drama. Our first production, The Big Data Show, combines digital magic with the story of the first high-profile UK hack - that of Prince Philip's email. It uses the young audience's own mobile phones to deliver the experience not just of becoming part of the show, but of having their own technology slip out of their control. We'll discuss how this works, technically and dramatically, why we're doing it, and the effects it has on enhancing our audience's awareness of cyber-security, privacy and online life. If you would like to take part in the subsequent demo, please download and play our game app, Swipe - The Big Data Show, from the Apple app store or Google Play, in the days before the workshop. It's a lot of fun.
Keynote 2
Theo Lim (Heriot-Watt University)
- Title
- A Cyber-Physical Gaming System for Vocational Training
- Abstract
- Cyber-physical systems enable new digital ecologies in
industrial and workplace lifelong learning. This paper
reports on early efforts in delivering a virtual
environment and system for vocational education and
training (VET), in particular targeting the needs of
craft and trade skills. The domain of stone masonry is
presented herein, where its underpinning activities are
learning through virtual environments, simulation and
role play. The challenges are not only the synchronicity
between physical and software components but also the
in-game mechanics that incorporate building blocks of
effective training and skills development strategies. A
prototype body-area sensor network in a cyber-physical
game environment demonstrates the interaction between
virtual objects and the player-learner.
Relevant work: Sivanathan, A., Mcgibbon, S., Lim, T., Ritchie, J., Abdel-Wahab, M., 2017. A Cyber-Physical Gaming System for Vocational Training. International Design Engineering Technical Conferences and Computers and Information in Engineering Conference doi:10.1115/DETC2017-67560
Talks session 1
- Robin Sloan (Abertay University)
- Title
- The Enemy Within: Developing an educational strategy game to raise awareness of the genesis, evolution and progression of cancer
- Abstract
- The design of applied games often relies on the coming together of games professionals and subject experts, with the latter fulfilling a role of advisor. This interdisciplinary working can lead to a number of tensions, not only around understanding of the game development process, but also game design conventions and how digital play can be best utilised as a form of messaging for scientific understanding. This talk will present research that sought to address these tensions by integrating scientific experts directly into the game design and development process as co-designers, with a view towards promoting games as a medium for popular science communication. Four games were produced through this method, including the game The Enemy Within, which will be the focus for discussion in the talk.
- Charles Weir (Lancaster University)
- Title
- Researchers as Trouble Makers: Using Action Research Methods with Games
- Abstract
- It’s hard to research the effectiveness of serious games
on professionals. The difficulty of getting
professionals involved, and the variation between
participants make A-B testing difficult, and the need
for researchers to be involved makes objectivity
challenging. So how can one do valid research and get
meaningful results?
Charles’ talk will provide one possible answer to this question. He’ll introduce the Magid project at Lancaster University: the building and testing of a game-based intervention package to help development teams improve security. He’ll discuss two Action Research techniques not usual in software research; how they recruited a dozen different industry teams to trial the package; and some of the results they found.
Relevant work: Weir C, Becker I, Noble J, Blair L, Sasse MA, Rashid A. Interventions for Software Security: Creating a Lightweight Program of Assurance Techniques for Developers. Accepted for: Proceedings of the 41st International Conference on Software Engineering: Software Engineering in Practice. IEEE; 2019. (preprint)
- Charles Morisset (Newcastle University)
- Title
- An interactive Game for Security Protocol Analysis
- Abstract
- A security protocol enables multiple parties to exchange information in a secure way. Security experts have designed complex protocol analysis tools (e.g., AVISPA, Tamarin), but these tools often require an extensive security protocol knowledge to be usable. This presentation introduces a new interactive Game for Security Protocol Analysis, which targets a novice audience (such as computer science students), and help them understand the basic concepts of security protocols (e.g., nonce, identity, session key), as well as the construction of attack against these protocols. A detailed tutorial for this game is available online.
Talks session 2
- Sandy Louchart (Glasgow School of Art), Léon McGregor (Heriot-Watt
University)
- Title
- Co-created design of a serious game investigation into developer-centred security
- Abstract
- The cyber security context requires to better
understand how developers write (in)secure code and
to assist them in their software developments. We
have developed a secure coding experiment and serious
game intervention. We report on the
design of a serious game to investigate
developer-centred security. We used a combination of
approaches to shape discussions and support the
serious game co-creation.
Relevant work: Maarek, M., Louchart, S., McGregor, L., McMenemy, R., 2019. Co-created Design of a Serious Game Investigation into Developer-Centred Security. Games and Learning Alliance 2018. doi:10.1007/978-3-030-11548-7_21
- Thomas Hainey (University of the West of Scotland)
- Title
- Content Integration for Serious Virtual Reality Games to Teach Rudimentary Programming
- Abstract
- Computer programming is a valuable, transferrable,
fundamental skill required by many courses at
University level such as software engineering,
computer science, computer games development, secure
programming and cyber security. Higher Education
institutions are constantly striving to find new
innovative teaching, learning, assessment and
evaluation methods and computer programming has a
reputation for being a difficult subject with a high
level of attrition. Serious games offer a novel,
supplementary teaching and assessment alternative to
traditional approaches however there is a lack of
research associated with the acceptability of serious
games and appropriate pedagogical content
integration is a major challenge. This paper will
present the findings of a survey performed in HE to
ascertain the pedagogical content preferences and
requirements for a computer game and a virtual
reality application to teach: rudimentary programming
concepts, advanced object oriented concepts, data
structures and algorithms in introductory programming
modules at the University of the West of Scotland.
61 participants responded to the survey and this will
ascertain the perceived suitability of a computer
game and a virtual reality application for teaching
various programming concepts and allow for
comparisons between the two approaches.
Relevant work with G. Baxter, A. Stanton: submitted paper titled A serious game to teach rudimentary programming investigating content integration
- Lynsay Shepherd (Abertay University)
- Title
- Promoting Cyber Security Awareness via Gamification
- Abstract
- Modern society depends upon the Internet, allowing
users access to online services such as social
networks, Internet banking applications, and
e-commerce websites. To ensure users behave in a safe
and secure manner online, it is important for them to
have an understanding of basic security
measures. However, users often do not know how to
make their online interactions secure. This talk will
discuss the challenges of improving security
awareness and how gamification techniques have the
potential to address these issues. An exploratory
study will be presented based on research conducted
with a role-playing Android application which uses
gamification techniques to educate users about
password security.
Relevant paper: Scholefield, S., Shepherd L.A. (2019). Gamification Techniques for Raising Cyber Security Awareness. HCI International 2019. (preprint)
- Liz Boyle (University of the West of Scotland)
- Title
- RU EU? A game-based Approach to exploring 21st century European Identity and Values
- Abstract
- An important aim of the European Union has been to
avoid the conflicts that have devastated Europe
during the preceding decades and, to date, the EU has
generally been successful in these aims. However
differing levels of commitment to the European Union
amongst EU citizens and member states have
increasingly produced challenges to the European
project, most notably the Brexit vote that endorsed
the UK leaving the EU. Issues of National and
European identity underlie many of the current
concerns of European citizens. This presentation will
describe the Erasmus + funded RU EU? project which
has developed an online game, the RU EU? game, that
aims to help students across Europe to develop a
better understanding of their own National and
European identity and values at a time of political
change in Europe. Early design tasks for the project
helped to characterise European identity as a
multicomponent construct with security recognised as
one of these components. We will outline the game
design process, explain how the game is grounded in
theory and describe the learning outcomes for the
game and how these have been implemented in the game
tasks and tools.
Joint work with: Murray Leith, Duncan Sim, Gavin Baxter, Alan Williams (University of the West of Scotland), Hans Hummel, Jeroen Storm (Open Universiteit Nederland), Petar Jandrić (Tehničko veleučilište u Zagrebu), Athanassios Jimoyiannis, (University of Peloponnese), Jannicke Hauge (Bremer Institut Fuer Produktion Und Logistik GMBH)
Hands-on activity 1
Theo Lim (Heriot-Watt University), Sandy Louchart (Glasgow School of Art)
- Title
- The Learning Mechanics-Game Mechanics (LM-GM) framework
- Abstract
- The aim of this workshop is to introduce participants to
the LM-GM framework for designing serious games and
experience pairing learning mechanics to game mechanics
towards a playful educative game. In this workshop,
participants will work on developing gaming solutions to
established cyber-security processes (good practices)
and work on the Meaning and Play phases of the triadic
game design workshop developed by Harteveld.
The outcome of the workshop will be for participants to 1) gain confidence in approaching a serious game design problem, 2) understand and experience a relatively simple but structured design approach and 3) interact across discipline in a practical and engaging activity.
Relevant paper: Arnab, S., Lim, T., Carvalho, M. B., Bellotti, F., de Freitas, S., Louchart, S., Suttie, N., Berta, R., De Gloria, A. (2015). Mapping learning and game mechanics for serious games analysis. British Journal of Educational Technology, 46(2). doi:10.1111/bjet.12113
Hands-on activity 2
Charles Weir (Lancaster University)
- Title
- The Agile Security Game
- Abstract
- This session offers a role-playing game to help software developers—programmers, testers, project managers and product owners—to understand software security decisions. In it, you will be given a mobile app product and you’ll work with a team to decide which security functionality to implement. It’s fun to play, and supports learning about security threats, helping participants to share knowledge, and, in the longer term, adopting a mature risk-based approach to software security. Join us to learn, and to find out how to arrange a session yourself.
Demos sessions
- Swipe - Big Data Show by Rupert Goodwins (The Civic Digits, Orthrus Studios), available on Apple app store or Google Play.
- The Enemy Within by Robin Sloan (Abertay University)
- Tower Defence for DCS by Manuel Maarek, Léon McGregor (Heriot-Watt University), Sandy Louchart, Ross McMenemy (Glasgow School of Art)
- Playground Heroes (game for the EU-funded GATE BULL project for Bullying Prevention) by Thomas Hainey (University of the West of Scotland)
- RU EU? by Liz Boyle (University of the West of Scotland)
Group discussions
Group discussions will evolve around points raised during the day and the themes of the workshop:
- Cyber security and education,
- serious games design and development in the context of cyber security,
- Challenges of cyber security that serious games should tackle.
Attending
Registration
Registration is free, please register using the following Eventbrite. Lunch will be provided thanks to our SICSA Cybersecurity Nexus sponsor. Please email Manuel Maarek if you have any dietary requirements, and if you are only able to attend one of the two workshop days.
Venues
The workshop will take place at Heriot-Watt University in the Lecture Theatre (PG G.01) of the Postgraduate Centre and in the Creative Studio and Gaming Studio of the new GRID Building of the Riccarton campus. This page gives maps and directions to the campus.