Security configuration analytics using video games

Mohammed Noraden Alsaleh; Ehab Alsaleh Al-Shaer

doi:10.1109/CNS.2014.6997493

Security configuration analytics using video games

Mohammed Noraden Alsaleh, Ehab Alsaleh Al-Shaer

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Computing systems today have a large number of security configuration settings that enforce security properties. However, vulnerabilities and incorrect configuration increase the potential for attacks. Provable verification and simulation tools have been introduced to eliminate configuration conflicts and weaknesses, which can increase system robustness against attacks. Most of these tools require special knowledge in formal methods and precise specification for requirements in special languages, in addition to their excessive need for computing resources. Video games have been utilized by researchers to make educational software more attractive and engaging. Publishing these games for crowdsourcing can also stimulate competition between players and increase the game educational value. In this paper we introduce a game interface, called NetMaze, that represents the network configuration verification problem as a video game and allows for attack analysis. We aim to make the security analysis and hardening usable and accurately achievable, using the power of video games and the wisdom of crowdsourcing. Players can easily discover weaknesses in network configuration and investigate new attack scenarios. In addition, the gameplay scenarios can also be used to analyze and learn attack attribution considering human factors. In this paper, we present a provable mapping from the network configuration to 3D game objects.

Original language	English
Title of host publication	2014 IEEE Conference on Communications and Network Security, CNS 2014
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	256-264
Number of pages	9
ISBN (Electronic)	9781479958900
DOIs	https://doi.org/10.1109/CNS.2014.6997493
State	Published - 23 Dec 2014
Externally published	Yes
Event	2014 IEEE Conference on Communications and Network Security, CNS 2014 - San Francisco, United States Duration: 29 Oct 2014 → 31 Oct 2014

Publication series

Name	2014 IEEE Conference on Communications and Network Security, CNS 2014

Conference

Conference	2014 IEEE Conference on Communications and Network Security, CNS 2014
Country/Territory	United States
City	San Francisco
Period	29/10/14 → 31/10/14

Bibliographical note

Publisher Copyright:
© 2014 IEEE.

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1109/CNS.2014.6997493

Cite this

@inproceedings{d59274216e474479acea5ed7e698097b,

title = "Security configuration analytics using video games",

abstract = "Computing systems today have a large number of security configuration settings that enforce security properties. However, vulnerabilities and incorrect configuration increase the potential for attacks. Provable verification and simulation tools have been introduced to eliminate configuration conflicts and weaknesses, which can increase system robustness against attacks. Most of these tools require special knowledge in formal methods and precise specification for requirements in special languages, in addition to their excessive need for computing resources. Video games have been utilized by researchers to make educational software more attractive and engaging. Publishing these games for crowdsourcing can also stimulate competition between players and increase the game educational value. In this paper we introduce a game interface, called NetMaze, that represents the network configuration verification problem as a video game and allows for attack analysis. We aim to make the security analysis and hardening usable and accurately achievable, using the power of video games and the wisdom of crowdsourcing. Players can easily discover weaknesses in network configuration and investigate new attack scenarios. In addition, the gameplay scenarios can also be used to analyze and learn attack attribution considering human factors. In this paper, we present a provable mapping from the network configuration to 3D game objects.",

author = "Alsaleh, \{Mohammed Noraden\} and Al-Shaer, \{Ehab Alsaleh\}",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 2014 IEEE Conference on Communications and Network Security, CNS 2014 ; Conference date: 29-10-2014 Through 31-10-2014",

year = "2014",

month = dec,

day = "23",

doi = "10.1109/CNS.2014.6997493",

language = "English",

series = "2014 IEEE Conference on Communications and Network Security, CNS 2014",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "256--264",

booktitle = "2014 IEEE Conference on Communications and Network Security, CNS 2014",

address = "United States",

}

Alsaleh, MN & Al-Shaer, EA 2014, Security configuration analytics using video games. in 2014 IEEE Conference on Communications and Network Security, CNS 2014., 6997493, 2014 IEEE Conference on Communications and Network Security, CNS 2014, Institute of Electrical and Electronics Engineers Inc., pp. 256-264, 2014 IEEE Conference on Communications and Network Security, CNS 2014, San Francisco, United States, 29/10/14. https://doi.org/10.1109/CNS.2014.6997493

Security configuration analytics using video games. / Alsaleh, Mohammed Noraden; Al-Shaer, Ehab Alsaleh.
2014 IEEE Conference on Communications and Network Security, CNS 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 256-264 6997493 (2014 IEEE Conference on Communications and Network Security, CNS 2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Security configuration analytics using video games

AU - Alsaleh, Mohammed Noraden

AU - Al-Shaer, Ehab Alsaleh

PY - 2014/12/23

Y1 - 2014/12/23

N2 - Computing systems today have a large number of security configuration settings that enforce security properties. However, vulnerabilities and incorrect configuration increase the potential for attacks. Provable verification and simulation tools have been introduced to eliminate configuration conflicts and weaknesses, which can increase system robustness against attacks. Most of these tools require special knowledge in formal methods and precise specification for requirements in special languages, in addition to their excessive need for computing resources. Video games have been utilized by researchers to make educational software more attractive and engaging. Publishing these games for crowdsourcing can also stimulate competition between players and increase the game educational value. In this paper we introduce a game interface, called NetMaze, that represents the network configuration verification problem as a video game and allows for attack analysis. We aim to make the security analysis and hardening usable and accurately achievable, using the power of video games and the wisdom of crowdsourcing. Players can easily discover weaknesses in network configuration and investigate new attack scenarios. In addition, the gameplay scenarios can also be used to analyze and learn attack attribution considering human factors. In this paper, we present a provable mapping from the network configuration to 3D game objects.

AB - Computing systems today have a large number of security configuration settings that enforce security properties. However, vulnerabilities and incorrect configuration increase the potential for attacks. Provable verification and simulation tools have been introduced to eliminate configuration conflicts and weaknesses, which can increase system robustness against attacks. Most of these tools require special knowledge in formal methods and precise specification for requirements in special languages, in addition to their excessive need for computing resources. Video games have been utilized by researchers to make educational software more attractive and engaging. Publishing these games for crowdsourcing can also stimulate competition between players and increase the game educational value. In this paper we introduce a game interface, called NetMaze, that represents the network configuration verification problem as a video game and allows for attack analysis. We aim to make the security analysis and hardening usable and accurately achievable, using the power of video games and the wisdom of crowdsourcing. Players can easily discover weaknesses in network configuration and investigate new attack scenarios. In addition, the gameplay scenarios can also be used to analyze and learn attack attribution considering human factors. In this paper, we present a provable mapping from the network configuration to 3D game objects.

UR - https://www.scopus.com/pages/publications/84921465587

U2 - 10.1109/CNS.2014.6997493

DO - 10.1109/CNS.2014.6997493

M3 - Conference contribution

AN - SCOPUS:84921465587

T3 - 2014 IEEE Conference on Communications and Network Security, CNS 2014

SP - 256

EP - 264

BT - 2014 IEEE Conference on Communications and Network Security, CNS 2014

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2014 IEEE Conference on Communications and Network Security, CNS 2014

Y2 - 29 October 2014 through 31 October 2014

ER -

Security configuration analytics using video games

Abstract

Publication series

Conference

Bibliographical note

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this