ABSTRACT
We scoped, designed, produced, and evaluated the effectiveness of a recreational tabletop card game created to raise awareness of and alter perceptions regarding-computer security. We discuss our process, the challenges that arose, and the decisions we made to address those challenges. As of May 2013, we have shipped approximately 800 free copies to 150 educators. We analyze and report on feedback from 22 of these educators about their experiences using Control-Alt-Hack with over 450 students in classroom and non-classroom contexts. The responses from the 14 educators who reported on their use of the game in a classroom context variously indicated that: their students' awareness of computer security as a complex and interesting field was increased (11/14); they would use the game again in their classroom (10/14); and they would recommend the game to others (13/14). Of note, 2 of the 14 classroom educators reported that they would not have otherwise covered the material. Additionally, we present results from user studies with 11 individuals and find that their responses indicate that 8 of the 11 had an increased awareness of computer security or a changed perception; furthermore, all of our intended goals are touched upon in their responses.
- E. Andersen. Optimizing Adaptivity in Educational Games. Foundations of Digital Games, 2012. Google ScholarDigital Library
- B. Brinkman. The Heart of a Whistle-blower: A Corporate Decision-Making Game for Computer Ethics Classes. SIGCSE Technical Symposium, 2009. Google ScholarDigital Library
- Center for Game Science. Refraction. http://centerforgamescience.org/portfolio/refraction/.Google Scholar
- The Center for Information Systems Security Studies and Research, Naval Postgraduate School. CyberCIEGE. http://cisr.nps.edu/cyberciege/.Google Scholar
- Core Impact. Exploit! http://www.coresecurity.com.Google Scholar
- DEF CON. DEF CON Capture the Flag. https://www.defcon.org/html/links/dc-ctf.html.Google Scholar
- T. Denning, C. Matuszek, K. Koscher, J. R. Smith, and T. Kohno. A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons. Ubicomp, 2009. Google ScholarDigital Library
- {d0x3d!}. http://www.d0x3d.com.Google Scholar
- S. Drimer and S. J. Murdoch. Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks. USENIX Security, 2007. Google ScholarDigital Library
- A. J. Feldman, J. A. Halderman, and E. W. Felten. Security Analysis of the Diebold AccuVote-TS Voting Machine. Electronic Voting Technology Workshop, 2007. Google ScholarDigital Library
- M. Gondree, Z. N.J. Peterson, and T. Denning. Security through Play. IEEE Security & Privacy, 11(3), 2013. Google ScholarDigital Library
- G. Gu, J. Zhang, and W. Lee. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. Network and Distributed System Security Symposium (NDSS), 2008.Google Scholar
- M. Hicks, M. Finnicum, S.T. King, M. Martin, J.M. Smith. Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically. IEEE Symposium on Security and Privacy, 2010. Google ScholarDigital Library
- E. Klopfer, S. Osterweil, and K. Salen, Moving Learning Games Forward: Obstacles, Opportunities, and Openness. The Education Arcade, 2009.Google Scholar
- K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. Experimental Security Analysis of a Modern Automobile. IEEE Symposium on Security and Privacy, 2010. Google ScholarDigital Library
- C. Li, A. Raghunathan, N.K. Jha. Hijacking an Insulin Pump: Security Attacks and Defenses for a Diabetes Therapy System. Healthcom, 2011.Google Scholar
- P. Mateti. A Laboratory-Based Course on Internet Security. SIGCSE Technical Symposium, 2009. Google ScholarDigital Library
- Microsoft. Elevation of Privilege. http://www.microsoft.com/security/sdl/adopt/eop.aspx.Google Scholar
- National Collegiate Cyber Defense Competition. http://www.nationalccdc.org/.Google Scholar
- OWASP. OWASP Cornucopia Ecommerce Website Edition. https://www.owasp.org/index.php/OWASP_Cornucopia.Google Scholar
- PlaidCTF. http://play.plaidctf.com.Google Scholar
- A. Rabkin. Personal Knowledge Questions for Fallback Authentication: Security Questions in the Era of Facebook. Symposium On Usable Privacy and Security (SOUPS), 2008. Google ScholarDigital Library
- F. Roesner, T. Kohno, and D. Wetherall. Detecting and Defending Against Third-Party Tracking on the Web. USENIX Symposium on Networked Systems Design and Implementation (NDSI), 2012. Google ScholarDigital Library
- K. Seaborn, M. S. El-Nasr, D. Milam, and D. Yung. Programming, PWNed: Using Digital Game Development to Enhance Learners' Competency and Self-Efficacy in a High School Computing Science Course. SIGCSE Technical Symposium, 2012. Google ScholarDigital Library
- S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti, L.F. Cranor, J.Hong, and E. Nunge. Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish. Symposium on Usable Privacy and Security (SOUPS), 2007. Google ScholarDigital Library
- B. Shimanovsky, J. Feng, and M. Potkonjak. Hiding Data in DNA. Information Hiding, 2002. Google ScholarDigital Library
- A. Shostack. Elevation of Privilege: Drawing Developers into Threat Modeling. Microsoft Technical Paper, 2012.Google Scholar
- Steve Jackson Games. http://www.sjgames.com.Google Scholar
- L. Sweeney. Weaving Technology and Policy Together to Maintain Confidentiality. Journal of Law, Medicine & Ethics, 25(2--3), 1997.Google Scholar
- US Department of Defense. CyberProtect. http://iase.disa.mil/eta/cyber-protect/launchpage.htm.Google Scholar
- WeWantToKnow. DragonBox. http://www.dragonboxapp.com/.Google Scholar
- G. White and G. Nordstrom. Security Across the Curriculum: Using Computer Security to Teach Computer Science Principles. National Information Systems Security Conference, 1996.Google Scholar
- L. Williams, A. Meneely, and G. Shipley. Protection Poker: The New Software Security 'Game.' IEEE Security & Privacy, 8(3), 2010. Google ScholarDigital Library
- E. Wustrow, S. Wolchok, I. Goldberg, and J. A. Halderman Telex: Anticensorship in the Network Infrastructure. USENIX Security, 2011. Google ScholarDigital Library
Index Terms
- Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education
Recommendations
Control-Alt-Hack™: a card game for computer security outreach and education (abstract only)
SIGCSE '13: Proceeding of the 44th ACM technical symposium on Computer science educationIn this poster, we present Control-Alt-Hack": White Hat Hacking for Fun and Profit--a card game for computer security outreach and education. A general lack of awareness about computer security contributes to the insecurity of new consumer technologies. ...
Bringing Grades K-5 to the Mainstream of Computer Science Education
SIGCSE '15: Proceedings of the 46th ACM Technical Symposium on Computer Science EducationAs awareness of computer science education grows in the general public, it is important to showcase computer science education as accessible for all grades K-12 and beyond. As panelists present the projects and research they've been conducting, we will ...
Security through play
The US Naval Postgraduate School and University of Washington each independently developed informal security-themed tabletop games. [d0x3d!] is a board game in which players collaborate as white-hat hackers, tasked to retrieve a set of valuable digital ...
Comments