Deconstructing Gamified Approaches to Security and Privacy
Co-located with SOUPS 2023
Sunday August 6, 2023 — 10.00am ‐ 1.30pm PDT (GMT-7)
Important Dates
All dates are Anywhere on Earth (AoE) time,
unless otherwise specified
Acceptance Notification to Authors
Thursday June 8th 2023
Camera Ready Papers Due
Thursday June 22nd 2023
Attend the Workshop!
10.00am — 1.30pm. Sunday 6th August 2023
About the Workshop
The importance of understanding and interpreting knowledge in the areas of security and privacy is paramount as we observe the rise of the Internet of Things (IoT), Artificial Intelligence (AI), and many other influential technologies. Unfortunately, many aspects of security and privacy are often undermined by perceptions of steep learning curves, a requirement of specialist knowledge and a lack of appropriate training and funding within organisations. In particular, this may relate more to non-technical individuals and those who may use computing equipment and write software code without any formal software engineering training. As a solution to this, the use of gamified approaches can be employed to increase user awareness and engagement in activities related to security and privacy, such as training and risk management, which can lead to better understanding and outcomes related to best practices in security and privacy. This workshop will aim to develop and stimulate discussions around how gamified approaches can be used in the fields of security and privacy, looking into areas such as the design challenges that one may face when designing cybersecurity games, or how serious games (and others) can be used in cybersecurity.
Call for Papers
The importance of understanding and interpreting knowledge in the areas of security and privacy is paramount as we observe the rise of the Internet of Things (IoT), Artificial Intelligence (AI), and many other influential technologies. Unfortunately, many aspects of security and privacy are often undermined by perceptions of steep learning curves, a requirement of specialist knowledge and a lack of appropriate training and funding within organisations. In particular, this may relate more to non-technical individuals and those who may use computing equipment and write software code without any formal software engineering training. As a solution to this, the use of gamified approaches can be employed to increase user awareness and engagement in activities related to security and privacy, such as training and risk management, which can lead to better understanding and outcomes related to best practices in security and privacy.
This workshop aims to develop and stimulate discussions around how gamified approaches can be used in the fields of security and privacy. We will consider topics including, but not limited to:
- Novel experimental games, environments and interactions in the area of security and privacy
- Design challenges related to gamified approaches in security and privacy
- Game dynamics, game mechanics and learning mechanics applicable to security and privacy
- Serious games in cybersecurity
- Misuse of gamified approaches
We solicit papers describing new research contributions that spark interest in this area, as well as case studies, preliminary results, novel ideas and position papers. Papers should be at most 4 pages (excluding references and appendices) and 6 pages at most in total, using the SOUPS template format (MS Word or LaTeX). Papers must be submitted as a PDF file. Please note that committee members are not required to read the appendices, so the paper should be intelligible without them. All submissions must be written in English.
Submissions not meeting these guidelines risk rejection without consideration of their merits.
Submissions should be fully anonymised for double-blind review. Submissions may be made at the workshop's HotCRP submission page. Papers should be succinct and contributions made clear, but also thorough in presentation of the work. Each paper will be allocated a 10-minute slot for presentation with 5 minutes for questions/discussion. Successful submissions to this workshop will gain valuable insights into the various elements that compose successful gamified approaches to understanding security and privacy, and how various challenges in this field can be addressed. Accepted papers will be encouraged to publish their work on arXiv and reference this workshop, with papers also being listed with their corresponding authors on this workshop webpage before the conference and will remain here thereafter.
Registration
There is no fee for attending this workshop. Registration is done through the SOUPS portal. Once the main registration is complete, please fill out the workshop registration form. If you would like to invite someone, they are required to register separately as well. Registration closes on TBC, 2023. Please note that all accepted workshop papers require at least one author to attend the event in-person and attendees will participate during in-workshop activities (remember to bring your laptop!).
Schedule
| Time | Details |
|---|---|
| 10.00am ‐ 10.10am | Opening Remarks |
| 10.10am ‐ 10.35am |
Keynote Speaker (Virtual) ‐ Dr. Nalin Arachchilage, Senior Lecturer in Cyber Security and Privacy, University of Auckland, NZ
Developers need help! Empowering software developers to build privacy-preserving apps through gamification With the increasing challenges surrounding user privacy in software applications, there is a growing need for software developers to possess the skills and knowledge to embed privacy measures into their apps. However, incorporating privacy practices, such as data minimisation, privacy by design, and compliance with regulations like the General Data Protection Regulation (GDPR), remains uncommon in the software development community. Therefore, this talk proposes a game design framework as an educational tool for software developers to improve their "secure coding behaviour", so they can develop privacy-preserving apps that people can use. The elements of the proposed framework were incorporated into a gaming application scenario that enhances the software developers' coding behaviour through their motivation. The proposed work bridges the divide between theoretical privacy practices and their practical adoption within the software development community, ultimately enabling developers to create privacy-centric apps that safeguard user data. |
| Session 1 | |
| 10.40am ‐ 10.50am |
The Game is Afoot: Using Tabletop Games to Understand Security and Privacy
A. Horcher, N. Bhatnagar View Paper |
| 10.55am ‐ 11.05am |
Decisions & Disruptions 2: Decide Harder A custom cyber security incident response exercise
B. Shreeve, J. Gardiner, J. Hallett, D. Humphries, A. Rashid View Paper |
| 11.05am ‐ 11.20am — Break (15 mins) | |
| 11.20am ‐ 12.40pm | Workshop Activity ‐ Deconstructing Serious Games Using Specially-Designed Playing Cards |
| Session 2 | |
| 12.40pm ‐ 12.50pm |
(Virtual) Evaluation of Game Design Framework Using a Gamified Browser Based Application
A. Alhazmi, N. Arachchilage View Paper |
| 12.55pm ‐ 13.05pm |
Design and Execution Challenges for Cybersecurity Serious Games: An Overview
G. Jayakrishnan, V. Banahatti, S. Lodha View Paper |
| 13.10pm ‐ 13.25pm | Discussion on Deconstruction Approach |
| 13.25pm ‐ 13.30pm | Closing Remarks |
Note: the schedule may be subject to minor changes before the workshop takes place.
Workshop Activity
Participants will take part in an activity during the workshop which focuses on the deconstruction of serious games. Participants will be split into groups, who will then play a provoking game. After playing the provoking game and reflecting on the experience, participants will then be introduced to cybersecurity cards, which showcase key topics that encompass the attack-defence-vulnerability dichotomy in cybersecurity, as well as game mechanics and learning mechanics cards, which will be used to deconstruct the provoking game into these three components of Triadic Game Design (TGD). The groups will then have a first opportunity to select a subset of the cards which represent their discussions on the deconstruction of the game and these will be placed onto a wall, where all groups will be able to see what they have chosen. Throughout the workshop, these choices may be reviewed and discussed in the breaks by other groups. Before the end of the workshop, an expert in game and learning mechanics will present a strategic approach to using the learning and game mechanics cards to deconstruct the provoking game, and the workshop activity will end with choosing the best card selection from a group of participants based on a peer vote at the end of the workshop.
Organising Committee
Ryan Shah
Manuel Maarek
Lynne Baillie
Shenando Stals
Sandy Louchart
Program Committee
Lynne Coventry
Jessica Vitak
Nalin Asanka Gamagedara Arachchilage
Ryan Shah
Manuel Maarek
Lynne Baillie
Shenando Stals
Sandy Louchart
Contact
For enquiries, feel free to mail us at soups23-dgasp@usenix.org.