Deconstructing Gamified Approaches to Security and Privacy

Co-located with SOUPS 2023
Sunday August 6, 2023 — 10.00am ‐ 1.30pm PDT (GMT-7)

Profile Image Generated by DALL-E

Important Dates
All dates are Anywhere on Earth (AoE) time,
unless otherwise specified

Workshop Submission Deadline

Thursday May 25th Thursday June 1st 2023

Acceptance Notification to Authors

Thursday June 8th 2023

Camera Ready Papers Due

Thursday June 22nd 2023

Attend the Workshop!

10.00am — 11.30pm. Sunday 6th August 2023


About the Workshop

The importance of understanding and interpreting knowledge in the areas of security and privacy is paramount as we observe the rise of the Internet of Things (IoT), Artificial Intelligence (AI), and many other influential technologies. Unfortunately, many aspects of security and privacy are often undermined by perceptions of steep learning curves, a requirement of specialist knowledge and a lack of appropriate training and funding within organisations. In particular, this may relate more to non-technical individuals and those who may use computing equipment and write software code without any formal software engineering training. As a solution to this, the use of gamified approaches can be employed to increase user awareness and engagement in activities related to security and privacy, such as training and risk management, which can lead to better understanding and outcomes related to best practices in security and privacy. This workshop will aim to develop and stimulate discussions around how gamified approaches can be used in the fields of security and privacy, looking into areas such as the design challenges that one may face when designing cybersecurity games, or how serious games (and others) can be used in cybersecurity.


Call for Papers

The importance of understanding and interpreting knowledge in the areas of security and privacy is paramount as we observe the rise of the Internet of Things (IoT), Artificial Intelligence (AI), and many other influential technologies. Unfortunately, many aspects of security and privacy are often undermined by perceptions of steep learning curves, a requirement of specialist knowledge and a lack of appropriate training and funding within organisations. In particular, this may relate more to non-technical individuals and those who may use computing equipment and write software code without any formal software engineering training. As a solution to this, the use of gamified approaches can be employed to increase user awareness and engagement in activities related to security and privacy, such as training and risk management, which can lead to better understanding and outcomes related to best practices in security and privacy.

This workshop aims to develop and stimulate discussions around how gamified approaches can be used in the fields of security and privacy. We will consider topics including, but not limited to:

  • Novel experimental games, environments and interactions in the area of security and privacy
  • Design challenges related to gamified approaches in security and privacy
  • Game dynamics, game mechanics and learning mechanics applicable to security and privacy
  • Serious games in cybersecurity
  • Misuse of gamified approaches

We solicit papers describing new research contributions that spark interest in this area, as well as case studies, preliminary results, novel ideas and position papers. Papers should be at most 4 pages (excluding references and appendices) and 6 pages at most in total, using the SOUPS template format (MS Word or LaTeX). Papers must be submitted as a PDF file. Please note that committee members are not required to read the appendices, so the paper should be intelligible without them. All submissions must be written in English.

Submissions not meeting these guidelines risk rejection without consideration of their merits.

Submissions should be fully anonymised for double-blind review. Submissions may be made at the workshop's HotCRP submission page. Papers should be succinct and contributions made clear, but also thorough in presentation of the work. Each paper will be allocated a 10-minute slot for presentation with 5 minutes for questions/discussion. Successful submissions to this workshop will gain valuable insights into the various elements that compose successful gamified approaches to understanding security and privacy, and how various challenges in this field can be addressed. Accepted papers will be encouraged to publish their work on arXiv and reference this workshop, with papers also being listed with their corresponding authors on this workshop webpage before the conference and will remain here thereafter.


Registration

There is no fee for attending this workshop. Registration is done through the SOUPS portal. Once the main registration is complete, please fill out the workshop registration form. If you would like to invite someone, they are required to register separately as well. Registration closes on TBC, 2023. Please note that all accepted workshop papers require at least one author to attend the event in-person and attendees will participate during in-workshop activities (remember to bring your laptop!).

Schedule

Time Details
10.00am ‐ 10.10am Opening Remarks
Session 1
10.10am ‐ 10.20am Paper 1
10.25am ‐ 10.35am Paper 2
10.40am ‐ 10.55am Paper 3
10.55am ‐ 11.10am   —   Break (15 mins)
11.10am ‐ 12.30am Workshop Activity ‐ Deconstructing Serious Games Using Cards
Session 2
12.30am ‐ 12.40am Paper 4
12.45am ‐ 12.55am Paper 5
13.00pm ‐ 13.10pm Paper 6
13.10pm ‐ 13.25pm Discussion on Deconstruction Approach
13.25pm ‐ 13.30pm Closing Remarks

Note: the schedule will be updated accordingly closer to the date of the workshop.

Workshop Activity

Participants will take part in an activity during the workshop which focuses on the deconstruction of serious games. Participants will be split into groups, who will then play a provoking game. After playing the provoking game and reflecting on the experience, participants will then be introduced to cybersecurity cards, which showcase key topics that encompass the attack-defence-vulnerability dichotomy in cybersecurity, as well as game mechanics and learning mechanics cards, which will be used to deconstruct the provoking game into these three components of Triadic Game Design (TGD). The groups will then have a first opportunity to select a subset of the cards which represent their discussions on the deconstruction of the game and these will be placed onto a wall, where all groups will be able to see what they have chosen. Throughout the workshop, these choices may be reviewed and discussed in the breaks by other groups. Before the end of the workshop, an expert in game and learning mechanics will present a strategic approach to using the learning and game mechanics cards to deconstruct the provoking game, and the workshop activity will end with choosing the best card selection from a group of participants based on a peer vote at the end of the workshop.

Organising Committee

...
Ryan Shah
Heriot-Watt University
...
Manuel Maarek
Heriot-Watt University
...
Lynne Baillie
Heriot-Watt University
...
Shenando Stals
Heriot-Watt University
...
Sandy Louchart
Glasgow School of Art

Program Committee

Lynne Coventry
Abertay University
Jessica Vitak
University of Maryland
Nalin Asanka Gamagedara Arachchilage
University of Auckland
Ryan Shah
Heriot-Watt University
Manuel Maarek
Heriot-Watt University
Lynne Baillie
Heriot-Watt University
Shenando Stals
Heriot-Watt University
Sandy Louchart
Glasgow School of Art

Contact

For enquiries, feel free to mail us at soups23-dgasp@usenix.org.