Claypool

Courses

Publications

Students

Projects

Service

Downloads

Misc

WPI (Worcester Polytechnic Institute)

Computer Science Department
------------------------------------------

Counter Measures - An Interactive Game for Security Training

Craig Jordan, Matt Knapp, and Dan Mitchell

Advisors: Mark Claypool and Kathi Fisler

Major Qualifying Project MQP-MLC-SG10
Interative Media and Game Development, WPI
Terms ABC 2010-2011

Abstract

Computer security has become vital for protecting users, applications and data from harm. However, the United States is facing a severe deficit in the number of security professionals needed to adequately protect our computer systems. Often learning practical knowledge about computer security from textbooks and academic papers is less engaging and more time consuming then through simulations or games. Our hypothesis is that participating in a training simulation that closely emulates real-world systems is a better platform for learning security concepts than reading about security concepts in technical documents. The purpose of this MQP is to test our hypothesis through a game, called CounterMeasures, that teaches the basics of computer security. CounterMeasures provides the user with a real, interactive shell with which to practice security skills and challenges that are outlined through a series of objectives and help screens.

The CounterMeasures architecture is client-server based, with the client utilizing Adobe Flex and AIR, and the server consisting of BlazeDS, which uses a Tomcat webserver. The client connects via ssh to the virtual machine on the server after pulling the user information from a database. This ssh connection allows the user to interact with the machine and run commands, while the client displays the terminal responses, as well as their objectives and help screens.

To evaluate our system, we had 20 users participate in a study, with 10 users playing CounterMeasures and another 10 participating in a control group that received security reading materials. Pre- and post-questionnaires and measures of performance showed there was no significant difference in the knowledge gain between users in the control group and user playing CounterMeasures. However, users who played CounterMeasures could complete their goals in less time and also enjoyed the learning process more. Even users in the control group indicated that they would have preferred to have played a security game versus reading security material.

Download

[WPI Homepage] [CS Homepage] [Mark Claypool's Homepage]