Serious Coding: A Game Approach To Security For The New Code-Citizens
Lead Research Organisation:
Heriot-Watt University
Department Name: S of Mathematical and Computer Sciences
Abstract
The security of software systems is a complex problem impacted by organisation, technology and people. An example of the impact of weak security is shown by the 2019 Cost of a Data Breach report in which the Ponemon Institute for IBM Security estimated that across the United Kingdom, the average cost of a data breach increased from $3.68 million in 2018 to $3.88 million in 2019 (6th highest cost globally when compared to other regions). Software developers are at the forefront of the issue as confirmed by the GitLab's 2019 Global Developer Report released on 15th July 2019 (https://about.gitlab.com/developer-survey/2019/) which surveyed over 4k software professionals and found that while 69% of developers indicate they are expected to write secure code, nearly half said they struggle to get developers to make remediation of vulnerabilities a priority, and 68% of security professionals feel that fewer than half of developers are able to spot security vulnerabilities later in the lifecycle. These dramatic figures are for professionals while the democratisation of software development and deployment enabled by the enormous markets of mobile and Web apps means that many of these apps are not built by professionals.
With the democratisation of software development and deployment, comes the widening of the issues of code security and safety. At the heart of this democratisation are the new code-citizens who are code- literate, able to build and run their own software code. However, they may have had no formal software engineering training and are often outside of the software industry which normally inculcate good practice via house standards. As new citizens, they need to discover, understand, and exercise their rights and duties among a society living with software systems. Their understanding of the security implications of their coding is of fundamental importance to the security of software systems. Recent research (Fischer et al, 2017) revealed that of the 1.3 million Android applications that contained security-related code snippets from Stack Overflow 97.9% contained at least one insecure code snippet.
To assist these code-citizens to become secure code citizens we believe that we can use serious games, which will bring practice and play together to enhance and guide our participants focus. Games are an immersive medium which the project will use to engage code-citizens and deliver an intervention on security matters. Additionally, the process of designing serious games itself elicits the nature of the practice and engages participants in defining how to intervene and act effectively. We propose in this project to put code-citizens at the heart of secure code development by engaging code-citizens in the co-design of serious games for code-citizens. The project will apply an enhanced serious game design for three software security themes that have been informed by industrial practice.
With the democratisation of software development and deployment, comes the widening of the issues of code security and safety. At the heart of this democratisation are the new code-citizens who are code- literate, able to build and run their own software code. However, they may have had no formal software engineering training and are often outside of the software industry which normally inculcate good practice via house standards. As new citizens, they need to discover, understand, and exercise their rights and duties among a society living with software systems. Their understanding of the security implications of their coding is of fundamental importance to the security of software systems. Recent research (Fischer et al, 2017) revealed that of the 1.3 million Android applications that contained security-related code snippets from Stack Overflow 97.9% contained at least one insecure code snippet.
To assist these code-citizens to become secure code citizens we believe that we can use serious games, which will bring practice and play together to enhance and guide our participants focus. Games are an immersive medium which the project will use to engage code-citizens and deliver an intervention on security matters. Additionally, the process of designing serious games itself elicits the nature of the practice and engages participants in defining how to intervene and act effectively. We propose in this project to put code-citizens at the heart of secure code development by engaging code-citizens in the co-design of serious games for code-citizens. The project will apply an enhanced serious game design for three software security themes that have been informed by industrial practice.
Planned Impact
We have identified the following specific outputs that will form the long term impact of our project
1. A framework for creating serious games for secure coding
2. A set of creative components that can be used to create games for secure coding
3. A set of software components that can be used to create series of games for secure coding
4. A series of games that can be used to teach new coders how to securely code.
5. A series of exhibitions to showcase 1-4 above and to advocate for their adoption and for the wider adoption of secure software engineering with public and policy makers.
Pathway 1 People Co-creation and Ownership: The first impact we expect is through the co-creative approach of the project and the open licensing of its productions.
Open Access: all our events will be fully documented, both as an audio visual record (made freely available online).
Open Licensing: All the software and creative components that will be produced by the project will be licensed with permissive copyrights such as MIT Licenses and Creative Commons Licenses.
Lasting Shared Ownership: sustainability of the core network is intrinsic to this proposal and, in addition to the events themselves, appropriate communication systems will be established by PE1 in collaboration with the participants.
Pathway 2: Leveraging Games for Security Collaborations
Its developer-centred security is focused on having an impact on national cyber security.
Cross-Discipline: The core team members' expertise covers all of the disciplines relevant to deliver a new framework, components and games namely: software engineering, software security, human-computer interaction, game design, creative writing, anthropology, visual narratives, serious games and script writing.
Fostering Collaborations: critically, we have budgeted to allow a significant number of and wide range of stakeholders to participate in events. This not only brings fresh perspectives and technical skills but will equip a wide spectrum of code-citizens with the skills needed to be secure coders.
Software Industry: This project aims to impact the industry by providing a framework for structuring and accelerating the building of secure code.
Policy Makers: we have an established relationship with the Scottish Government's resilience unit and will facilitate dissemination to them. The advisory group will also be tasked with identifying a similar key unit at UK level
Pathway 3: Coding Games for Education
Secure Software Education: The games developed will be showcased at the main exhibitions and its repetition. These events and the project itself will be the setting for involving educators in including these games in their teaching.
Software CyBOK documentation: we will base the topics of our future forums on the results of the CyBOK project (Cybersecurity Body of Knowledge).The games we will produce will therefore include links back to these research outputs.
Pathway 4: Journeys and Games Dissemination
Multi-presence and Accessibility: the project will combine online and physical presence during all of the events in order to make all our events truly accessible to all citizens regardless of location or physical ability.
Civic Dimension: The focus of our research project on security for code-citizens resonates with Civic Digits approach to educating in the digital world.
We will set up an Advisory Board, which will be focus on ways to maximise the project's impact. Possible members are: Clare El Azebbi who is the Head of Cyber Resilience Policy in the Scottish Government, Judy Robertson, a leading expert in Computer Science Education from the University of Edinburgh, Simon Peyton-Jones, chair of UK National Centre for Computing Education, Brenda Romero, a leading Serious Games expert with her work "Mechanic Is the Message", Helen Sharp, an expert in the Human Aspect of Software Engineering from Open University, Rod Chapman an industrial expert in Safe and Secure Software.
1. A framework for creating serious games for secure coding
2. A set of creative components that can be used to create games for secure coding
3. A set of software components that can be used to create series of games for secure coding
4. A series of games that can be used to teach new coders how to securely code.
5. A series of exhibitions to showcase 1-4 above and to advocate for their adoption and for the wider adoption of secure software engineering with public and policy makers.
Pathway 1 People Co-creation and Ownership: The first impact we expect is through the co-creative approach of the project and the open licensing of its productions.
Open Access: all our events will be fully documented, both as an audio visual record (made freely available online).
Open Licensing: All the software and creative components that will be produced by the project will be licensed with permissive copyrights such as MIT Licenses and Creative Commons Licenses.
Lasting Shared Ownership: sustainability of the core network is intrinsic to this proposal and, in addition to the events themselves, appropriate communication systems will be established by PE1 in collaboration with the participants.
Pathway 2: Leveraging Games for Security Collaborations
Its developer-centred security is focused on having an impact on national cyber security.
Cross-Discipline: The core team members' expertise covers all of the disciplines relevant to deliver a new framework, components and games namely: software engineering, software security, human-computer interaction, game design, creative writing, anthropology, visual narratives, serious games and script writing.
Fostering Collaborations: critically, we have budgeted to allow a significant number of and wide range of stakeholders to participate in events. This not only brings fresh perspectives and technical skills but will equip a wide spectrum of code-citizens with the skills needed to be secure coders.
Software Industry: This project aims to impact the industry by providing a framework for structuring and accelerating the building of secure code.
Policy Makers: we have an established relationship with the Scottish Government's resilience unit and will facilitate dissemination to them. The advisory group will also be tasked with identifying a similar key unit at UK level
Pathway 3: Coding Games for Education
Secure Software Education: The games developed will be showcased at the main exhibitions and its repetition. These events and the project itself will be the setting for involving educators in including these games in their teaching.
Software CyBOK documentation: we will base the topics of our future forums on the results of the CyBOK project (Cybersecurity Body of Knowledge).The games we will produce will therefore include links back to these research outputs.
Pathway 4: Journeys and Games Dissemination
Multi-presence and Accessibility: the project will combine online and physical presence during all of the events in order to make all our events truly accessible to all citizens regardless of location or physical ability.
Civic Dimension: The focus of our research project on security for code-citizens resonates with Civic Digits approach to educating in the digital world.
We will set up an Advisory Board, which will be focus on ways to maximise the project's impact. Possible members are: Clare El Azebbi who is the Head of Cyber Resilience Policy in the Scottish Government, Judy Robertson, a leading expert in Computer Science Education from the University of Edinburgh, Simon Peyton-Jones, chair of UK National Centre for Computing Education, Brenda Romero, a leading Serious Games expert with her work "Mechanic Is the Message", Helen Sharp, an expert in the Human Aspect of Software Engineering from Open University, Rod Chapman an industrial expert in Safe and Secure Software.
Organisations
Publications
Georgiou T
(2023)
Future forums: A methodology for exploring, gamifying, and raising security awareness of code-citizens
in International Journal of Human-Computer Studies
Schauer L
(2024)
Integrating Canvas and GitLab to Enrich Learning Processes
Abbott D.
(2022)
Provocative Games to Encourage Critical Reflection
in Proceedings of the European Conference on Games-based Learning
| Title | Collaboration |
| Description | A small serious provoking game, intended to elicit discussion on cybersecurity, in particular on the topic of coding practices |
| Type Of Art | Artefact (including digital) |
| Year Produced | 2022 |
| Impact | This game was integral in the process of the slow game jams of the Secrious project has contributed towards a wider discussion on the process of small serious provoking games |
| URL | https://secrious-research-project.itch.io/collaboration |
| Title | Cybersecurity Cards (version2 and version 1) |
| Description | The deck of Cybersecurity Cards aims to provide introductory cybersecurity knowledge that supports learning and discussion, using CyBOK v1.1 as the foundation for the technical content. The design principles and evaluation of the cards are presented in the Introducing and Interfacing with Cybersecurity - A Cards Approach paper. The cards are licensed under CC BY-NC-SA 4.0 |
| Type Of Art | Artefact (including digital) |
| Year Produced | 2024 |
| Impact | The different versions of the cybersecurity cards were used in the slow game jams of the Secrious project and are part of the Secrious beaconing events. |
| URL | https://github.com/secrious/cybersecurity_cards/releases/tag/v2.0.0 |
| Title | Person-In-The-Middle |
| Description | A prototype serious game about person-in-the-middle cyberattacks, based on a design that was developed during a SECRIOUS Serious Slow Game Jam |
| Type Of Art | Artefact (including digital) |
| Year Produced | 2023 |
| Impact | This game has been used in subsequent engagement activities, as an example of the kind of work that can be produced from a Serious Slow Game Jam |
| URL | https://secrious-research-project.itch.io/person-in-the-middle-prototype |
| Title | Protection |
| Description | A small serious provoking game, intended to elicit discussion on cybersecurity, in particular on the topic of secure development lifecycles |
| Type Of Art | Artefact (including digital) |
| Year Produced | 2021 |
| Impact | This game was integral in the process of the slow game jams of the Secrious project has contributed towards a wider discussion on the process of small serious provoking games |
| URL | https://secrious-research-project.itch.io/protection |
| Title | The API-ary |
| Description | A small serious provoking game, intended to elicit discussion on cybersecurity, in particular on the topic of API security |
| Type Of Art | Artefact (including digital) |
| Year Produced | 2023 |
| Impact | This game was integral in the process of the slow game jams of the Secrious project has contributed towards a wider discussion on the process of small serious provoking games |
| URL | https://secrious-research-project.itch.io/the-api-ary |
| Title | scareCity |
| Description | scareCity is a serious game for 2-4 players, intending to teach the player about the concept of cybersecurity management |
| Type Of Art | Artefact (including digital) |
| Year Produced | 2023 |
| Impact | This game has been used in subsequent engagement activities, as an example of the kind of work that can be produced from a Serious Slow Game Jam |
| URL | https://miro.com/app/board/uXjVMoPzAnY=/ |
| Description | Findings from our analysis so far show that the Slow Game Jam (SGJ) method we employer increased the confidence of participants (from 12.5% to 62.5%) regarding cybersecurity concepts, with free-text answers indicating that the SGJ experience increased their understanding of cybersecurity, specifically in terms of vulnerabilities, attacks, and defences for three quarters of the participants. The SGJ also increased confidence of participants (from 12.5% to 75%) in knowledge and understanding of game design. The SGJ successfully engaged participants in between scheduled days of the SGJ, but running it in a hybrid format with some participants present synchronously online was not effective. |
| Exploitation Route | We are currently applying for IAA funding and actively investigating a follow on award. |
| Sectors | Digital/Communication/Information Technologies (including Software) Education |
| Description | We have found that our cybersecurity slow game jam methodology can be used by children as well as adults, we found this by running a summer school and evaluating the outcomes regarding cyberecurity knowledge before and after taking part. |
| First Year Of Impact | 2022 |
| Sector | Digital/Communication/Information Technologies (including Software),Education |
| Impact Types | Societal |
| Description | Cyber Security Body of Knowledge (Call for funded projects to develop resources around CyBOK v1.1) |
| Amount | £4,117 (GBP) |
| Organisation | National Cyber Security Centre |
| Sector | Public |
| Country | United Kingdom |
| Start | 09/2021 |
| End | 12/2021 |
| Description | Protecting Minority Ethnic Communities Online (PRIME) |
| Amount | £1,466,412 (GBP) |
| Funding ID | EP/W032333/1 |
| Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
| Sector | Public |
| Country | United Kingdom |
| Start | 03/2022 |
| End | 03/2025 |
| Title | Code snippets |
| Description | A collection of vulnerable and secure code snippets in different programming languages have been created that were used as a research tool to help evaluate the level of knowledge and understanding of code security of our target audience, in particular participants in the SECRIOUS Beaconing Events. Participants were given a set of 3 code snippets and were asked to select which code snippet they thought was insecure, and explain why. These code snippets were created by SECRIOUS team member Shah, R. |
| Type Of Material | Improvements to research infrastructure |
| Year Produced | 2023 |
| Provided To Others? | Yes |
| Impact | This tool has been shared freely online and is being used by PGRs already in a range of subjects.. |
| URL | https://github.com/secrious/codesnippets |
| Title | Serious Slow Game Jam Toolkit |
| Description | The toolkit consists of a range of digital whiteboard templates, explanatory videos, workshop activities, card decks, 'provocative' games, and worked examples which support a rigorous design workflow for serious games design/rapid prototyping of games for cybersecurity. Whilst focussed on cybersecurity it can be easily adapted to any subject area. |
| Type Of Material | Improvements to research infrastructure |
| Year Produced | 2023 |
| Provided To Others? | Yes |
| Impact | This method has been shared freely online and is being used by PGRs already in a range of subjects. We plan to use the toolkit to support a large event focussed on research methods for PGRs in Scotland. |
| URL | https://secrious.github.io/ |
| Title | Educator and Student Evaluation Data for Integrating Canvas and GitLab to Enrich Learning Processes |
| Description | Evaluation data for Canvas-GitLab integration use cases presented in Integrating Canvas and GitLab to Enrich Learning Processes.Abstract of paper:Version Control Systems (VCS) are increasingly being adopted for effective software education. However they are often used independently of general-purpose Learning Management Systems (LMS), leading to poor user experiences and data fragmentation. This paper presents a high level programming framework that enables integration of the Canvas LMS and the web based GitLab VCS. Eight use case software applications are implemented with it, motivated by related work, educator and student surveys we conducted, and our early experience of using GitLab for software education. The framework semi-automates feedback loops, improves the overall user experience for students and educators and reduces administrative time - saving educators up to 16.7 hours in a 12 week semester. The components of our framework are open source for learning technologists to develop their own use cases.The full paper is attached as Paper.pdf. |
| Type Of Material | Database/Collection of data |
| Year Produced | 2024 |
| Provided To Others? | Yes |
| Impact | The dataset forms the evaluation data for Canvas-GitLab integration use cases presented in Integrating Canvas and GitLab to Enrich Learning Processes. |
| URL | https://figshare.com/articles/dataset/Educator_and_Student_Evaluation_Data_for_b_Integrating_Canvas_... |
| Title | Canvas-GitLab Integration Framework as presented in Integrating Canvas and GitLab to Enrich Learning Processes |
| Description | All software used for the Canvas-GitLab Integration Framework, presented in Integrating Canvas and GitLab to Enrich Learning Processes:gitlab-haskell: Haskell client library for the GitLab API.canvas-haskell: Haskell client library for the Canvas API.OpenAPI specification of the Canvas API.Canvas-GitLab Integration consisting of eight use cases.These four project are version-controlled on the www.gitlab.com website.Abstract of paper:Version Control Systems (VCS) are increasingly being adopted for effective software education. However they are often used independently of general-purpose Learning Management Systems (LMS), leading to poor user experiences and data fragmentation. This paper presents a high level programming framework that enables integration of the Canvas LMS and the web based GitLab VCS. Eight use case software applications are implemented with it, motivated by related work, educator and student surveys we conducted, and our early experience of using GitLab for software education. The framework semi-automates feedback loops, improves the overall user experience for students and educators and reduces administrative time - saving educators up to 16.7 hours in a 12 week semester. The components of our framework are open source for learning technologists to develop their own use cases.The full paper is attached as Paper.pdf. |
| Type Of Technology | Software |
| Year Produced | 2024 |
| Open Source License? | Yes |
| Impact | The software is in use by a growing number of programming-based courses at Heriot-Watt University across its global campuses and with its associated partners. The software is attracting attention from computer sciences departments of other Universities. |
| URL | https://figshare.com/articles/software/Canvas-GitLab_Integration_Framework_as_presented_in_b_Integra... |
| Title | Citadel Programming Lab |
| Description | The Citadel Programming Lab is an online virtual secure coding game-based computer lab. The Lab combines a tower defence game with 6 security programming tasks. The Citadel Programming Lab was developed as part of a joint interdisciplinary research between Heriot-Watt University and the Glasgow School of Art. The research was supported by: NCSC-RISCS Developer-Centred Security approach in 2017-18, PI Manuel Maarek, Co-I Sandy Louchart. EPSRC Secrious Project Expansion into an education virtual computer lab in 2021. CyBOK Development of the link with CyBOK v1.1, packaging and dissemination in 2021-22, PI Manuel Maarek, Co-I Sheung Chi Chan. |
| Type Of Technology | Software |
| Year Produced | 2022 |
| Open Source License? | Yes |
| Impact | The platform was presented at CyBOK event in 2022, and was provided to University students on the same year. |
| URL | https://zenodo.org/doi/10.5281/zenodo.10796448 |
| Description | A new method for effective interdisciplinary game design: the Serious Slow Game Jam |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Other audiences |
| Results and Impact | This poster presentation was a guided tour of the Slow Game Jam methodology and engaged with the community at Playful Learning 2023, sparking debate on this methodology and how it can be applied to different fields. |
| Year(s) Of Engagement Activity | 2023 |
| Description | Interview with Computing magazine |
| Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | Rob Stewart and Manuel Maarek were interviewed by John Leonard from UK Computing magazine. The interview focused on their talk at GitLab Commit 2021, on the UKICER 2020 paper titled "Software Testing as Medium for Peer Feedback", and on the innovative ways DevOps platform are used as part of their research and teaching. |
| Year(s) Of Engagement Activity | 2021 |
| URL | https://www.computing.co.uk/feature/4035926/inspired-devops-heriot-watt-university-automating-teachi... |
| Description | Poster Presentation at the ACM/IEEE International Conference on Human-Robot Interaction 2024 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Attended the HRI'24 conference to present a poster on our Late-Breaking Report. The focus of this poster presentation was the on the fun game activities and guidelines for those fun game activities to improve the enjoyment, motivation, and engagement for participants during the process of filling out (multiple) questionnaires as part of HCI (and HRI) studies, in particular for children and teenagers. This sparked discussion among researchers in the fields of HCI as well as HRI regarding other fun game activities that could be used to this end, and the potential impact on response quality and participants. The SECRIOUS team member who contributed to the poster are Stals, S. and Baillie, L. The poster was presented by Stals, S. |
| Year(s) Of Engagement Activity | 2024 |
| URL | https://humanrobotinteraction.org/2024/lbr-program/ |
| Description | Poster Presentation at the SICSA Cyber Security, Privacy, and Trust Research Showcase |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | The SECRIOUS team members presented a poster focusing on the design and evaluation of the SECRIOUS Cybersecurity cards within the Cyber Security, Privacy, and Trust Research Showcase, organised by SICSA at University of Edinburgh on 26/02/2024. The poster presented the design and evaluation of different versions of the SECRIOUS Cybersecurity Cards . These cybersecurity cards are part of the Serious Slow Game Jam (SSGJ) Toolkit and provide introductory and accessible cybesecurity knowledge based on the Cybersecurity Body of Knowledge (CyBOK). Both the poster and the (physical) deck of SECRIOUS Cybersecurity Cards generated a lot of interest and discussion from cybersecurity experts both in academia and industry. They requested and were given a link to the SECRIOUS project website, so they could freely obtain the cybersecurity cards for use in further research and education. The SECRIOUS team members who contributed to the poster were Stals S., Maarek, M., Shah, R., and Baillie, L., and it was presented by Stals, S. and Maarek, M. |
| Year(s) Of Engagement Activity | 2024 |
| URL | https://www.sicsa.ac.uk/events/cyber-security-privacy-trust-research-showcase/ |
| Description | Provocative Approaches to Serious Game Design and Analysis |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | This 3 hour workshop intended to contribute to the Digital Game Research community by: disseminating the notion and design philosophy of small provoking games; inciting interdisciplinary critical discussion on relevant aspects of provoking games including: ontology, methodology and pedagogy; establishing a community of researchers and practitioners that are interested inprovoking games; and establish potential avenues for research, collaborations and applications of small provoking games within this community |
| Year(s) Of Engagement Activity | 2023 |
| URL | https://radar.gsa.ac.uk/9354/1/digra2023workshop.pdf |
| Description | SECRIOUS Beaconing Event - Abertay cyberQuarter (UK) |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Postgraduate students |
| Results and Impact | This SECRIOUS Beaconing Event took place at the Abertay cyberQuarter on 4th October 2023 and was attended by 23 academics, researchers, and students from the fields of cybersecurity, game design, and HCI. During this beaconing event the Serious Slow Game Jam (SSGJ) Toolkit and the outputs of the SSGJ methodology where showcased. In addition, the effectiveness of the serious games that had been co-designed with participants during our SSGJs as well as code snippets were evaluated using the SECRIOUS Cybersecurity Cards from the SSGJ Toolkit. This sparked interest in using the SSGJ Toolkit and the SSGJ methodology, as well as the serious games that had been produced as outputs of the Serious Slow Game Jam methodology, in for training/educational purposes as well as further research in academia and industry. |
| Year(s) Of Engagement Activity | 2023 |
| URL | https://www.eventbrite.com/e/beaconing-event-on-serious-games-in-cybersecurity-tickets-712859340477 |
| Description | SECRIOUS Beaconing Event - Anaheim (USA) |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | This SECRIOUS Beaconing Event on the 6th August 2023 in Anaheim (USA) was co-located with the Usenix Symposium on Usable Privacy and Security, and was attended by 12 experts in cybersecurity from academia and industry. During this beaconing event, the Serious Slow Game Jam (SSGJ) Toolkit and outputs of the SSGJ methodology were showcased, and the effectiveness of the serious games that had been co-designed with participants during our Serious Slow Game Jams as well as code snippets were evaluated using the SECRIOUS Cybersecurity Cards from the SSGJ Toolkit. This sparked interest in using the SECRIOUS Cybersecurity Cards as well as the serious games that had been produced as outputs of the Serious Slow Game Jam methodology, and resulted in useful insights on how the serious games could be improved to be even more effective. The SECRIOUS team members involved in organizing this beaconing event were Stals, S., Baillie, L., Shah, R., and Maarek, M. The beaconing event was delivered by Stals, S., Shah, R., and Maarek, M. |
| Year(s) Of Engagement Activity | 2023 |
| URL | https://www.eventbrite.com/e/beaconing-event-on-serious-games-in-cybersecurity-tickets-660993087117 |
| Description | SECRIOUS Project Website |
| Form Of Engagement Activity | Engagement focused website, blog or social media channel |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | The SECRIOUS Project Website brings together all the resources and outputs of the project, including the research (i.e. published & upcoming papers), outputs and artefacs (i.e. Future Forums, Serious Slow Game Jam Toolkit, Decks of Cybersecurity Cards, Learning Mechanics Cards , Game Mechanics Cards, Provoking Games, Serious Games, and Code Snippets) and public engagement events. All these materials on SECRIOUS Project website are freely available. |
| Year(s) Of Engagement Activity | 2020 |
| URL | https://secrious.github.io/ |
| Description | Serious Slow Game Jam #1 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Study participants or study members |
| Results and Impact | Serious Slow Game Jam in October-November 2021 with 12 participants (online and in person) as mechanism for co-designing serious games to improve the understanding of cybersecurity, which resulted in playable prototypes of serious games in the application domain of cybersecurity, and an increased understanding of cybersecurity and (serious)game design among participants. |
| Year(s) Of Engagement Activity | 2021 |
| Description | Serious Slow Game Jam #2 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Study participants or study members |
| Results and Impact | Serious Slow Game Jam in May-June 2022 with 16 participants (in person and online) as mechanism for co-designing serious games to improve the understanding of cybersecurity, which resulted in playable prototypes of serious games in the application domain of cybersecurity, and an increased understanding of cybersecurity and (serious)game design among participants. |
| Year(s) Of Engagement Activity | 2022 |
| Description | Serious Slow Game Jam #3 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Study participants or study members |
| Results and Impact | In-person Serious Slow Game Jam In July 2022 with 33 participants (i.e. young persons of 11-18 years old ) as mechanism for co-designing serious games to improve the understanding of cybersecurity, which resulted in playable prototypes of serious games in the application domain of cybersecurity, and an increased understanding of cybersecurity and (serious)game design among participants. |
| Year(s) Of Engagement Activity | 2022 |
| Description | Workshop on Deconstructing Gamified Approaches to Security and Privacy (DGASP '23) at the Nineteenth Symposium on Usable Privacy and Security (SOUPS'23) |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | This workshop was attended by 20+ experts in cybersecurity from academia and industry. This workshop aimed to develop and stimulate discussions around how gamified approaches can be used in the fields of security and privacy. We provided an introductory presentation of our own gamified approach as employed in the Serious Slow Gam Jams, while other experts presented their own gamified approaches, resulting in discussions and sharing of ideas. Afterwards, multiple experts signed up for our follow-up event, the Secrious Beaconing Event. The SECRIOUS team members who contributed to organizing the workshop are Shah, R., Stals, S., Maarek, M., and Baillie, L. The workshop was led by Shah, R., Stals, S., and Maarek, M. |
| Year(s) Of Engagement Activity | 2023 |
| URL | https://www.usenix.org/conference/soups2023/call-for-workshops-submissions#dgasp |