How Could Serious Games Support Secure Programming? Designing a Study Replication and Intervention

While developing and deploying software continue to be more broadly accessible, so is the problem caused by these systems' security not being considered enough by their developers and maintainers. We propose to address this developer-centred security issue with serious games (games for which entertainment is not the main purpose) as a means to motivate developers to consider security threats when developing. We have developed a serious game around secure and non-secure programming exercises to investigate if serious gamification helps to improve attitudes or ability with secure programming. We detail the design choices of the game and how it relates to the programming tasks. In particular we present the design choices we made with the intention to replicate a prior study and discuss the tension that arose between replication and intervention. We discuss the results of a pilot study we conducted and present the steps we plan to take going forward into larger studies

The Industry and Policy Context for Digital Games for Empowerment and Inclusion:Market Analysis, Future Prospects and Key Challenges in Videogames, Serious Games and Gamification

The effective use of digital games for empowerment and social inclusion (DGEI) of people and communities at risk of exclusion will be shaped by, and may influence the development of a range of sectors that supply products, services, technology and research. The principal industries that would appear to be implicated are the 'videogames' industry, and an emerging 'serious games' industry. The videogames industry is an ecosystem of developers, publishers and other service providers drawn from the interactive media, software and broader ICT industry that services the mainstream leisure market in games, The 'serious games' industry is a rather fragmented and growing network of firms, users, research and policy makers from a variety of sectors. This emerging industry is are trying to develop knowledge, products, services and a market for the use of digital games, and products inspired by digital games, for a range of non-leisure applications. This report provides a summary of the state of play of these industries, their trajectories and the challenges they face. It also analyses the contribution they could make to exploiting digital games for empowerment and social inclusion. Finally, it explores existing policy towards activities in these industries and markets, and draws conclusions as to the future policy relevance of engaging with them to support innovation and uptake of effective digital game-based approaches to empowerment and social inclusion.JRC.J.3-Information Societ

Serious Game Evaluation as a Meta-game

Purpose – This paper aims to briefly outline the seamless evaluation approach and its application during an evaluation of ORIENT, a serious game aimed at young adults. Design/methodology/approach – In this paper, the authors detail a unobtrusive, embedded evaluation approach that occurs within the game context, adding value and entertainment to the player experience whilst accumulating useful data for the development team. Findings – The key result from this study was that during the “seamless evaluation” approach, users were unaware that they had been participating in an evaluation, with instruments enhancing rather than detracting from the in-role game experience. Practical implications – This approach, seamless evaluation, was devised in response to player expectations, perspectives and requirements, recognising that in the evaluation of games the whole process of interaction including its evaluation must be enjoyable and fun for the user. Originality/value – Through using seamless evaluation, the authors created an evaluation completely embedded within the “magic circle” of an in-game experience that added value to the user experience whilst also yielding relevant results for the development team

Using Workshops to Improve Security in Software Development Teams

Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build: systems that are ever more important to ever more people. Yet many, perhaps most, security problems can be prevented with careful design, construction and configuration of the software and systems involved, so software developers have a major contribution to make. This research investigated how to help teams of software developers achieve better security. An initial qualitative survey of 15 secure software development professionals highlighted a range of security assurance and motivation techniques suitable for teams of developers, and emphasised the human interaction aspects. A further quantitative survey of 330 successful Android developers then identified a baseline of current security practices in software development. Based on these surveys, the author created an intervention package to help software developers. Action Research techniques were used to trial and improve it in two one-year cycles with a total of 19 development teams in 11 different organisations. The later development of the package concentrated on empowering the developers involved, and reducing the involvement required from the researchers. By proving that a set of structured workshops can have an impact on the security performance of a team for a reasonable cost and without the support of security professionals, this research offers a powerful means to enhance development security in the UK, creating more secure software and systems for all users

TLAD 2010 Proceedings:8th international workshop on teaching, learning and assesment of databases (TLAD)

This is the eighth in the series of highly successful international workshops on the Teaching, Learning and Assessment of Databases (TLAD 2010), which once again is held as a workshop of BNCOD 2010 - the 27th International Information Systems Conference. TLAD 2010 is held on the 28th June at the beautiful Dudhope Castle at the Abertay University, just before BNCOD, and hopes to be just as successful as its predecessors.The teaching of databases is central to all Computing Science, Software Engineering, Information Systems and Information Technology courses, and this year, the workshop aims to continue the tradition of bringing together both database teachers and researchers, in order to share good learning, teaching and assessment practice and experience, and further the growing community amongst database academics. As well as attracting academics from the UK community, the workshop has also been successful in attracting academics from the wider international community, through serving on the programme committee, and attending and presenting papers.This year, the workshop includes an invited talk given by Richard Cooper (of the University of Glasgow) who will present a discussion and some results from the Database Disciplinary Commons which was held in the UK over the academic year. Due to the healthy number of high quality submissions this year, the workshop will also present seven peer reviewed papers, and six refereed poster papers. Of the seven presented papers, three will be presented as full papers and four as short papers. These papers and posters cover a number of themes, including: approaches to teaching databases, e.g. group centered and problem based learning; use of novel case studies, e.g. forensics and XML data; techniques and approaches for improving teaching and student learning processes; assessment techniques, e.g. peer review; methods for improving students abilities to develop database queries and develop E-R diagrams; and e-learning platforms for supporting teaching and learning

TLAD 2010 Proceedings:8th international workshop on teaching, learning and assesment of databases (TLAD)

This is the eighth in the series of highly successful international workshops on the Teaching, Learning and Assessment of Databases (TLAD 2010), which once again is held as a workshop of BNCOD 2010 - the 27th International Information Systems Conference. TLAD 2010 is held on the 28th June at the beautiful Dudhope Castle at the Abertay University, just before BNCOD, and hopes to be just as successful as its predecessors.The teaching of databases is central to all Computing Science, Software Engineering, Information Systems and Information Technology courses, and this year, the workshop aims to continue the tradition of bringing together both database teachers and researchers, in order to share good learning, teaching and assessment practice and experience, and further the growing community amongst database academics. As well as attracting academics from the UK community, the workshop has also been successful in attracting academics from the wider international community, through serving on the programme committee, and attending and presenting papers.This year, the workshop includes an invited talk given by Richard Cooper (of the University of Glasgow) who will present a discussion and some results from the Database Disciplinary Commons which was held in the UK over the academic year. Due to the healthy number of high quality submissions this year, the workshop will also present seven peer reviewed papers, and six refereed poster papers. Of the seven presented papers, three will be presented as full papers and four as short papers. These papers and posters cover a number of themes, including: approaches to teaching databases, e.g. group centered and problem based learning; use of novel case studies, e.g. forensics and XML data; techniques and approaches for improving teaching and student learning processes; assessment techniques, e.g. peer review; methods for improving students abilities to develop database queries and develop E-R diagrams; and e-learning platforms for supporting teaching and learning

RISCS Annual Report 2018

The Research Institute in Science of Cyber Security (RISCS) takes an evidence-based and interdisciplinary approach to addressing cyber security challenges. By providing a platform for the exchange of ideas, problems and research solutions between academia, industry, and both the UK and international policy communities, RISCS promotes and supports the development of scientific approaches to cyber security. Central to the RISCS agenda is the application of bodies of knowledge to stimulate a transition from ‘common practice’ to ‘evidence-based best practice’ in cyber security. Recognising that cyber security is a contested concept, RISCS operates within a national and international cyber security framework to establish a coherent set of research principles. These principles focus on the deployment of scientific methods and the gathering of evidence to produce sound interventions and responses to cyber security challenges. We actively seek to maximise collaboration amongst our diverse community through a culture of open publication, sharing and expanding our network. Through this collaboration, RISCS develops techniques that enable communities to anticipate emergent cyber security issues from public policy, social practice and technological perspectives. Our end goal is to deliver a world-class portfolio of activity and research findings that maximises the value of social, political and economic research into cyber security and which results in a set of scientifically based options that individuals, institutions and nation states can use to respond to imminent and long term cyber security challenges