Michael F. Thompson

A video game for cyber security training and awareness

Although many of the concepts included in cyber security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of training fail because they are rote and do not require users to think about and apply security concepts. A flexible, highly interactive video game, CyberCIEGE, is described as a security awareness tool that can support organizational security training objectives while engaging typical users in an engaging security adventure. The game is now being successfully utilized for information assurance education and training by a variety of organizations. Preliminary results indicate the game can also be an effective addition to basic information awareness training programs for general computer users (e.g., annual awareness training.)

CyberCIEGE: gaming for information assurance

CyberCIEGE is a high-end, commercial-quality video game developed jointly by Rivermind and the Naval Postgraduate Schools Center for Information Systems Security Studies and Research. This dynamic, extensible game adheres to information assurance principles to help teach key concepts and practices. CyberCIEGE is a resource management simulation in which the player assumes the role of a decision maker for an IT dependent organization. The objective is to keep the organizations virtual users happy and productive while providing the necessary security measures to protect valuable information assets.

Platform Security: What is Lacking?

The greatest limitation is that customers, OEMs and VARs lack an ability to effectively know the weakest link in a platform. Without open standards for platform security, customers cannot make reasonable risk decisions. A ‘trust me’ platform is not a trusted platform. Trust requires measurable security properties upon which protections can be built for a range of threats — from the most benign environment to planned, hostile attacks.

Cyber Security Training and Awareness Through Game Play

Although many of the concepts included in staff cyber-security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of training fail because they are rote and do not require users to think about and apply security concepts. A flexible, highly interactive video game, CyberCIEGE, is described as a security awareness tool that can support organizational security training objectives while engaging typical users in an engaging security adventure.

Simulation of PKI-enabled communication for identity management using CyberCIEGE

CyberCIEGE is a sophisticated network security simulation packaged as a video game and used by educators around the world to enhance information assurance education and training at universities, community colleges, within the DoD, and in other government agencies. The CyberCIEGE game engine was recently expanded to include Public Key Infrastructure (PKI) features including certification authorities, selection of installed roots and cross certification. CyberCIEGE Virtual Private Network (VPN) gateways, VPN clients and email clients were then extended to incorporate the new PKI features. CyberCIEGE PKI abstractions are described in terms of player configuration choices and the consequences of these choices on network management and vulnerabilities. The CyberCIEGE game engine modifications include modeling of chains of trust and risks of cross certification schemes. The benefits of these enhancements include coherent integration of identity management technologies, ranging from the human interface through to the supporting distributed infrastructure, into scenarios. Benefits also include support for recent new scenarios focused on the PKI infrastructure, identity management, or both; and the ability to tie both identity management and PKI to concepts of identification, authentication, provenance, and access control.

Genesis of a secure application: a multilevel secure message preparation workstation demonstration

A multilevel secure message preparation workstation is described as a prototypical secure application. Suggestions for the development of secure applications are introduced. Techniques have been developed and demonstrated that permit untrusted applications to be integrated with a highly secure trusted computer base (TCB). By using an existing TCB, and approximately the same level of resources as for nonsecure application development, it is demonstrated that highly-secure evaluable applications are achievable.<<ETX>>

Teaching Objectives of a Simulation Game for Computer Security

Abstract : This paper describes a computer simulation game being developed to teach computer security principles. The player of the game constructs computer networks and makes choices affecting the ability of these networks and the games virtual users to protect variable assets from attack by both vandals and well-motivated professionals. The game introduces the player to the need for well formed information security policies, allowing the player to deploy a variety of means to enforce security policies, including authentication, audit and access controls. The game will depict a number of vulnerabilities ranging from trivial passwords to trap doors planted by highly skilled, well-funded adversaries.