Cybersecurity Games for Secure Programming Education in the Industry: Gameplay Analysis

To minimize the possibility of introducing vulnerabilities in source code, software developers may attend security awareness and secure coding training. From the various approaches of how to raise awareness and adherence to coding standards, one promising novel approach is Cybersecurity Challenges. However, in an industrial setting, time is a precious resource, and, therefore, one needs to understand how to optimize the gaming experience of Cybersecurity Challenges and the effect of this game on secure coding skills. This work identifies the time spent solving challenges of different categories, analyzes gaming strategies in terms of a slow and fast team profile, and relates these profiles to the game success. First results indicate that the slow strategy is more successful than the fast approach. The authors also analyze the possible implications in the design and the training of secure coding in an industrial setting by means of Cybersecurity Challenges. This work concludes with a brief overview of its limitations and next steps in the study

A First Study of MEV on an Up-and-Coming Blockchain: Algorand

Maximal Extractable Value (MEV) significantly influences network incentives, consensus safety, and economic dynamics, and has been extensively studied within the Ethereum blockchain domain. However, MEV is not specific to Ethereum, and extends to other blockchain platforms with differing properties, such as Algorand. Algorand, a smart-contract-based blockchain employing a Byzantine-Fault Tolerant consensus mechanism and Pure-Proof-of-Stake, is characterized by a First-Come-First-Serve transaction ordering mechanism and minimal fixed transaction fees. This paper provides the first exploration of the MEV landscape on Algorand, focusing on arbitrage MEV patterns, key actors, their strategic preferences, transaction positioning strategies, and the influence of Algorand's network infrastructure on MEV searching. We observed 1,142,970 arbitrage cases, with a single searcher executing 653,001. Different searchers demonstrated diverse strategies, reflected in the varied distribution of profitable block positions. Nonetheless, the even spread of arbitrage positions across a block indicates an emphasis on immediate backrunning executions. Furthermore, we identified 265,637 instances of Batch Transaction Issuances, where an address occupied over 80% of a block with a singular transaction type.Comment: 8 pages, 5 figure

Multilayer Environment and Toolchain for Holistic NetwOrk Design and Analysis

The recent developments and research in distributed ledger technologies and blockchain have contributed to the increasing adoption of distributed systems. To collect relevant insights into systems' behavior, we observe many evaluation frameworks focusing mainly on the system under test throughput. However, these frameworks often need more comprehensiveness and generality, particularly in adopting a distributed applications' cross-layer approach. This work analyses in detail the requirements for distributed systems assessment. We summarize these findings into a structured methodology and experimentation framework called METHODA. Our approach emphasizes setting up and assessing a broader spectrum of distributed systems and addresses a notable research gap. We showcase the effectiveness of the framework by evaluating four distinct systems and their interaction, leveraging a diverse set of eight carefully selected metrics and 12 essential parameters. Through experimentation and analysis we demonstrate the framework's capabilities to provide valuable insights across various use cases. For instance, we identify that a combination of Trusted Execution Environments with threshold signature scheme FROST introduces minimal overhead on the performance with average latency around \SI{40}{\ms}. We showcase an emulation of realistic systems behavior, e.g., Maximal Extractable Value is possible and could be used to further model such dynamics. The METHODA framework enables a deeper understanding of distributed systems and is a powerful tool for researchers and practitioners navigating the complex landscape of modern computing infrastructures