Deconstructing Gamified Approaches to Security and Privacy

Co-located with SOUPS 2023
Sunday August 6, 2023 — 10.00am ‐ 1.30pm PDT (GMT-7)

Profile Image Generated by DALL-E

Important Dates
All dates are Anywhere on Earth (AoE) time,
unless otherwise specified

Workshop Submission Deadline

Thursday May 25th Thursday June 1st 2023

Acceptance Notification to Authors

Thursday June 8th 2023

Camera Ready Papers Due

Thursday June 22nd 2023

Attend the Workshop!

10.00am — 1.30pm. Sunday 6th August 2023


About the Workshop

The importance of understanding and interpreting knowledge in the areas of security and privacy is paramount as we observe the rise of the Internet of Things (IoT), Artificial Intelligence (AI), and many other influential technologies. Unfortunately, many aspects of security and privacy are often undermined by perceptions of steep learning curves, a requirement of specialist knowledge and a lack of appropriate training and funding within organisations. In particular, this may relate more to non-technical individuals and those who may use computing equipment and write software code without any formal software engineering training. As a solution to this, the use of gamified approaches can be employed to increase user awareness and engagement in activities related to security and privacy, such as training and risk management, which can lead to better understanding and outcomes related to best practices in security and privacy. This workshop will aim to develop and stimulate discussions around how gamified approaches can be used in the fields of security and privacy, looking into areas such as the design challenges that one may face when designing cybersecurity games, or how serious games (and others) can be used in cybersecurity.


Call for Papers

The importance of understanding and interpreting knowledge in the areas of security and privacy is paramount as we observe the rise of the Internet of Things (IoT), Artificial Intelligence (AI), and many other influential technologies. Unfortunately, many aspects of security and privacy are often undermined by perceptions of steep learning curves, a requirement of specialist knowledge and a lack of appropriate training and funding within organisations. In particular, this may relate more to non-technical individuals and those who may use computing equipment and write software code without any formal software engineering training. As a solution to this, the use of gamified approaches can be employed to increase user awareness and engagement in activities related to security and privacy, such as training and risk management, which can lead to better understanding and outcomes related to best practices in security and privacy.

This workshop aims to develop and stimulate discussions around how gamified approaches can be used in the fields of security and privacy. We will consider topics including, but not limited to:

  • Novel experimental games, environments and interactions in the area of security and privacy
  • Design challenges related to gamified approaches in security and privacy
  • Game dynamics, game mechanics and learning mechanics applicable to security and privacy
  • Serious games in cybersecurity
  • Misuse of gamified approaches

We solicit papers describing new research contributions that spark interest in this area, as well as case studies, preliminary results, novel ideas and position papers. Papers should be at most 4 pages (excluding references and appendices) and 6 pages at most in total, using the SOUPS template format (MS Word or LaTeX). Papers must be submitted as a PDF file. Please note that committee members are not required to read the appendices, so the paper should be intelligible without them. All submissions must be written in English.

Submissions not meeting these guidelines risk rejection without consideration of their merits.

Submissions should be fully anonymised for double-blind review. Submissions may be made at the workshop's HotCRP submission page. Papers should be succinct and contributions made clear, but also thorough in presentation of the work. Each paper will be allocated a 10-minute slot for presentation with 5 minutes for questions/discussion. Successful submissions to this workshop will gain valuable insights into the various elements that compose successful gamified approaches to understanding security and privacy, and how various challenges in this field can be addressed. Accepted papers will be encouraged to publish their work on arXiv and reference this workshop, with papers also being listed with their corresponding authors on this workshop webpage before the conference and will remain here thereafter.


Registration

There is no fee for attending this workshop. Registration is done through the SOUPS portal. Once the main registration is complete, please fill out the workshop registration form. If you would like to invite someone, they are required to register separately as well. Registration closes on TBC, 2023. Please note that all accepted workshop papers require at least one author to attend the event in-person and attendees will participate during in-workshop activities (remember to bring your laptop!).

Schedule

Time Details
10.00am ‐ 10.10am Opening Remarks
10.10am ‐ 10.35am Keynote Speaker (Virtual) ‐ Dr. Nalin Arachchilage, Senior Lecturer in Cyber Security and Privacy, University of Auckland, NZ

Developers need help! Empowering software developers to build privacy-preserving apps through gamification

With the increasing challenges surrounding user privacy in software applications, there is a growing need for software developers to possess the skills and knowledge to embed privacy measures into their apps. However, incorporating privacy practices, such as data minimisation, privacy by design, and compliance with regulations like the General Data Protection Regulation (GDPR), remains uncommon in the software development community. Therefore, this talk proposes a game design framework as an educational tool for software developers to improve their "secure coding behaviour", so they can develop privacy-preserving apps that people can use. The elements of the proposed framework were incorporated into a gaming application scenario that enhances the software developers' coding behaviour through their motivation. The proposed work bridges the divide between theoretical privacy practices and their practical adoption within the software development community, ultimately enabling developers to create privacy-centric apps that safeguard user data.

Session 1
10.40am ‐ 10.50am The Game is Afoot: Using Tabletop Games to Understand Security and Privacy
A. Horcher, N. Bhatnagar

View Paper
10.55am ‐ 11.05am Decisions & Disruptions 2: Decide Harder A custom cyber security incident response exercise
B. Shreeve, J. Gardiner, J. Hallett, D. Humphries, A. Rashid

View Paper
11.05am ‐ 11.20am   —   Break (15 mins)
11.20am ‐ 12.40pm Workshop Activity ‐ Deconstructing Serious Games Using Specially-Designed Playing Cards
Session 2
12.40pm ‐ 12.50pm (Virtual) Evaluation of Game Design Framework Using a Gamified Browser Based Application
A. Alhazmi, N. Arachchilage

View Paper
12.55pm ‐ 13.05pm Design and Execution Challenges for Cybersecurity Serious Games: An Overview
G. Jayakrishnan, V. Banahatti, S. Lodha

View Paper
13.10pm ‐ 13.25pm Discussion on Deconstruction Approach
13.25pm ‐ 13.30pm Closing Remarks

Note: the schedule may be subject to minor changes before the workshop takes place.

Workshop Activity

Participants will take part in an activity during the workshop which focuses on the deconstruction of serious games. Participants will be split into groups, who will then play a provoking game. After playing the provoking game and reflecting on the experience, participants will then be introduced to cybersecurity cards, which showcase key topics that encompass the attack-defence-vulnerability dichotomy in cybersecurity, as well as game mechanics and learning mechanics cards, which will be used to deconstruct the provoking game into these three components of Triadic Game Design (TGD). The groups will then have a first opportunity to select a subset of the cards which represent their discussions on the deconstruction of the game and these will be placed onto a wall, where all groups will be able to see what they have chosen. Throughout the workshop, these choices may be reviewed and discussed in the breaks by other groups. Before the end of the workshop, an expert in game and learning mechanics will present a strategic approach to using the learning and game mechanics cards to deconstruct the provoking game, and the workshop activity will end with choosing the best card selection from a group of participants based on a peer vote at the end of the workshop.

Organising Committee

...
Ryan Shah
Heriot-Watt University
...
Manuel Maarek
Heriot-Watt University
...
Lynne Baillie
Heriot-Watt University
...
Shenando Stals
Heriot-Watt University
...
Sandy Louchart
Glasgow School of Art

Program Committee

Lynne Coventry
Abertay University
Jessica Vitak
University of Maryland
Nalin Asanka Gamagedara Arachchilage
University of Auckland
Ryan Shah
Heriot-Watt University
Manuel Maarek
Heriot-Watt University
Lynne Baillie
Heriot-Watt University
Shenando Stals
Heriot-Watt University
Sandy Louchart
Glasgow School of Art

Contact

For enquiries, feel free to mail us at soups23-dgasp@usenix.org.