Search Results

Documents authored by Gasiba, Tiago Espinha


Found 2 Possible Name Variants:

Gasiba, Tiago Espinha

Document
Automated Java Challenges' Security Assessment for Training in Industry - Preliminary Results

Authors: Luís Afonso Casqueiro, Tiago Espinha Gasiba, Maria Pinto-Albuquerque, and Ulrike Lechner

Published in: OASIcs, Volume 91, Second International Computer Programming Education Conference (ICPEC 2021)


Abstract
Secure software development is a crucial topic that companies need to address to develop high-quality software. However, it has been shown that software developers lack secure coding awareness. In this work, we use a serious game approach that presents players with Java challenges to raise Java programmers' secure coding awareness. Towards this, we adapted an existing platform, embedded in a serious game, to assess Java secure coding exercises and performed an empirical study. Our preliminary results provide a positive indication of our solution’s viability as a means of secure software development training. Our contribution can be used by practitioners and researchers alike through an overview on the implementation of automatic security assessment of Java CyberSecurity Challenges and their evaluation in an industrial context.

Cite as

Luís Afonso Casqueiro, Tiago Espinha Gasiba, Maria Pinto-Albuquerque, and Ulrike Lechner. Automated Java Challenges' Security Assessment for Training in Industry - Preliminary Results. In Second International Computer Programming Education Conference (ICPEC 2021). Open Access Series in Informatics (OASIcs), Volume 91, pp. 10:1-10:11, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021)


Copy BibTex To Clipboard

@InProceedings{casqueiro_et_al:OASIcs.ICPEC.2021.10,
  author =	{Casqueiro, Lu{\'\i}s Afonso and Gasiba, Tiago Espinha and Pinto-Albuquerque, Maria and Lechner, Ulrike},
  title =	{{Automated Java Challenges' Security Assessment for Training in Industry - Preliminary Results}},
  booktitle =	{Second International Computer Programming Education Conference (ICPEC 2021)},
  pages =	{10:1--10:11},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-194-8},
  ISSN =	{2190-6807},
  year =	{2021},
  volume =	{91},
  editor =	{Henriques, Pedro Rangel and Portela, Filipe and Queir\'{o}s, Ricardo and Sim\~{o}es, Alberto},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.ICPEC.2021.10},
  URN =		{urn:nbn:de:0030-drops-142269},
  doi =		{10.4230/OASIcs.ICPEC.2021.10},
  annote =	{Keywords: Education, Teaching, Training, Awareness, Secure Coding, Industry, Programming, Cybersecurity, Capture-the-Flag, Intelligent Coach}
}
Document
Short Paper
Exploring a Board Game to Improve Cloud Security Training in Industry (Short Paper)

Authors: Tiange Zhao, Tiago Espinha Gasiba, Ulrike Lechner, and Maria Pinto-Albuquerque

Published in: OASIcs, Volume 91, Second International Computer Programming Education Conference (ICPEC 2021)


Abstract
Nowadays, companies are increasingly using cloud-based platform for its convenience and flexibility. However, companies still need to protect their assets when deploying their infrastructure in the cloud. Over the last years, the number of cloud-specific vulnerabilities has been increasing. In this work, we introduce a serious game to help participants to understand the inherent risks, understand the different roles, and to encourage proactive defensive thinking. Our game includes an automated evaluator as a novel element. The players are invited to build defense plans and attack plans, which will be checked by the evaluator. We design the game and organize a trial-run in an industrial setting. Our preliminary results bring insight into the design of such a game, and constitute the first step in a research using design science.

Cite as

Tiange Zhao, Tiago Espinha Gasiba, Ulrike Lechner, and Maria Pinto-Albuquerque. Exploring a Board Game to Improve Cloud Security Training in Industry (Short Paper). In Second International Computer Programming Education Conference (ICPEC 2021). Open Access Series in Informatics (OASIcs), Volume 91, pp. 11:1-11:8, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021)


Copy BibTex To Clipboard

@InProceedings{zhao_et_al:OASIcs.ICPEC.2021.11,
  author =	{Zhao, Tiange and Gasiba, Tiago Espinha and Lechner, Ulrike and Pinto-Albuquerque, Maria},
  title =	{{Exploring a Board Game to Improve Cloud Security Training in Industry}},
  booktitle =	{Second International Computer Programming Education Conference (ICPEC 2021)},
  pages =	{11:1--11:8},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-194-8},
  ISSN =	{2190-6807},
  year =	{2021},
  volume =	{91},
  editor =	{Henriques, Pedro Rangel and Portela, Filipe and Queir\'{o}s, Ricardo and Sim\~{o}es, Alberto},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.ICPEC.2021.11},
  URN =		{urn:nbn:de:0030-drops-142276},
  doi =		{10.4230/OASIcs.ICPEC.2021.11},
  annote =	{Keywords: cloud security, cloud control matrix, shared-responsibility model, industry, training, gamification}
}

Gasiba, Tiago

Document
Short Paper
Sifu Reloaded: An Open-Source Gamified Web-Based CyberSecurity Awareness Platform (Short Paper)

Authors: José Carlos Paiva, Ricardo Queirós, and Tiago Gasiba

Published in: OASIcs, Volume 112, 4th International Computer Programming Education Conference (ICPEC 2023)


Abstract
Malicious actors can cause severe damage by exploiting software vulnerabilities. In industrial settings, where critical infrastructures rely on software, handling these vulnerabilities with utmost care is crucial to prevent catastrophic consequences. For this purpose, a cybersecurity awareness platform called Sifu was created. This platform automatically assesses challenges to verify its compliance to secure coding guidelines. Using an artificial intelligence method, an interactive component provides players with solution-guiding hints. This paper presents an improved version of the Sifu platform, which evolves the tool in the following aspects: architecture, data model and user interface. The new platform separates the server and client-side using a REST API architecture. It also accommodates an intrinsic and richer layer of gamification, which explores the concept of game rooms at an organizational and gamification level. Finally, it offers an improved interactive training experience for individuals and organizations through a responsive and intuitive single-page web application.

Cite as

José Carlos Paiva, Ricardo Queirós, and Tiago Gasiba. Sifu Reloaded: An Open-Source Gamified Web-Based CyberSecurity Awareness Platform (Short Paper). In 4th International Computer Programming Education Conference (ICPEC 2023). Open Access Series in Informatics (OASIcs), Volume 112, pp. 5:1-5:8, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023)


Copy BibTex To Clipboard

@InProceedings{paiva_et_al:OASIcs.ICPEC.2023.5,
  author =	{Paiva, Jos\'{e} Carlos and Queir\'{o}s, Ricardo and Gasiba, Tiago},
  title =	{{Sifu Reloaded: An Open-Source Gamified Web-Based CyberSecurity Awareness Platform}},
  booktitle =	{4th International Computer Programming Education Conference (ICPEC 2023)},
  pages =	{5:1--5:8},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-290-7},
  ISSN =	{2190-6807},
  year =	{2023},
  volume =	{112},
  editor =	{Peixoto de Queir\'{o}s, Ricardo Alexandre and Teixeira Pinto, M\'{a}rio Paulo},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.ICPEC.2023.5},
  URN =		{urn:nbn:de:0030-drops-185014},
  doi =		{10.4230/OASIcs.ICPEC.2023.5},
  annote =	{Keywords: learning environment, cybersecurity, challenges, gamification, automatic assessment}
}
Document
Understanding the Usage of IT-Security Games in the Industry and Its Mapping to Job Profiles

Authors: Tilman Dewes, Tiago Gasiba, and Thomas Schreck

Published in: OASIcs, Volume 102, Third International Computer Programming Education Conference (ICPEC 2022)


Abstract
Due to the increasing dependency on IT systems in both the private and industrial sectors, IT security training is becoming increasingly important. One way to teach IT security topics is through serious games, which besides being fun to play, impart knowledge on certain topics. As these games are more and more used in the industrial environment, this paper aims to develop a mapping between industrial roles and the games to show which game fits how well for the training of an industrial role. In doing so, an evaluation of the games was established that allows for comparability across the different roles. Thus, the research question which serious games is suitable for which industrial role could be addressed. Further results of the work are an ontology, which contains the essential characteristics of serious games for this work, a collection of industrial roles with their required IT-skills and a collection of serious games with an evaluation of the level of support of IT-skills.

Cite as

Tilman Dewes, Tiago Gasiba, and Thomas Schreck. Understanding the Usage of IT-Security Games in the Industry and Its Mapping to Job Profiles. In Third International Computer Programming Education Conference (ICPEC 2022). Open Access Series in Informatics (OASIcs), Volume 102, pp. 3:1-3:12, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)


Copy BibTex To Clipboard

@InProceedings{dewes_et_al:OASIcs.ICPEC.2022.3,
  author =	{Dewes, Tilman and Gasiba, Tiago and Schreck, Thomas},
  title =	{{Understanding the Usage of IT-Security Games in the Industry and Its Mapping to Job Profiles}},
  booktitle =	{Third International Computer Programming Education Conference (ICPEC 2022)},
  pages =	{3:1--3:12},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-229-7},
  ISSN =	{2190-6807},
  year =	{2022},
  volume =	{102},
  editor =	{Sim\~{o}es, Alberto and Silva, Jo\~{a}o Carlos},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.ICPEC.2022.3},
  URN =		{urn:nbn:de:0030-drops-166077},
  doi =		{10.4230/OASIcs.ICPEC.2022.3},
  annote =	{Keywords: Serious Games, IT-Security, Industrial Roles, Mapping, Ontology}
}
Document
Cybersecurity Games for Secure Programming Education in the Industry: Gameplay Analysis

Authors: Tiago Gasiba, Ulrike Lechner, Filip Rezabek, and Maria Pinto-Albuquerque

Published in: OASIcs, Volume 81, First International Computer Programming Education Conference (ICPEC 2020)


Abstract
To minimize the possibility of introducing vulnerabilities in source code, software developers may attend security awareness and secure coding training. From the various approaches of how to raise awareness and adherence to coding standards, one promising novel approach is Cybersecurity Challenges. However, in an industrial setting, time is a precious resource, and, therefore, one needs to understand how to optimize the gaming experience of Cybersecurity Challenges and the effect of this game on secure coding skills. This work identifies the time spent solving challenges of different categories, analyzes gaming strategies in terms of a slow and fast team profile, and relates these profiles to the game success. First results indicate that the slow strategy is more successful than the fast approach. The authors also analyze the possible implications in the design and the training of secure coding in an industrial setting by means of Cybersecurity Challenges. This work concludes with a brief overview of its limitations and next steps in the study.

Cite as

Tiago Gasiba, Ulrike Lechner, Filip Rezabek, and Maria Pinto-Albuquerque. Cybersecurity Games for Secure Programming Education in the Industry: Gameplay Analysis. In First International Computer Programming Education Conference (ICPEC 2020). Open Access Series in Informatics (OASIcs), Volume 81, pp. 10:1-10:11, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2020)


Copy BibTex To Clipboard

@InProceedings{gasiba_et_al:OASIcs.ICPEC.2020.10,
  author =	{Gasiba, Tiago and Lechner, Ulrike and Rezabek, Filip and Pinto-Albuquerque, Maria},
  title =	{{Cybersecurity Games for Secure Programming Education in the Industry: Gameplay Analysis}},
  booktitle =	{First International Computer Programming Education Conference (ICPEC 2020)},
  pages =	{10:1--10:11},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-153-5},
  ISSN =	{2190-6807},
  year =	{2020},
  volume =	{81},
  editor =	{Queir\'{o}s, Ricardo and Portela, Filipe and Pinto, M\'{a}rio and Sim\~{o}es, Alberto},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.ICPEC.2020.10},
  URN =		{urn:nbn:de:0030-drops-122977},
  doi =		{10.4230/OASIcs.ICPEC.2020.10},
  annote =	{Keywords: education, training, secure coding, industry, cybersecurity, capture-the-flag, game analysis, cybersecurity challenge}
}
Document
Ranking Secure Coding Guidelines for Software Developer Awareness Training in the Industry

Authors: Tiago Gasiba, Ulrike Lechner, Jorge Cuellar, and Alae Zouitni

Published in: OASIcs, Volume 81, First International Computer Programming Education Conference (ICPEC 2020)


Abstract
Secure coding guidelines are essential material used to train and raise awareness of software developers on the topic of secure software development. In industrial environments, since developer time is costly, and training and education is part of non-productive hours, it is important to address and stress the most important topics first. In this work, we devise a method, based on publicly available real-world vulnerability databases and secure coding guideline databases, to rank important secure coding guidelines based on defined industry-relevant metrics. The goal is to define priorities for a teaching curriculum on raising cybersecurity awareness of software developers on secure coding guidelines. Furthermore, we do a small comparison study by asking computer science students from university on how they rank the importance of secure coding guidelines and compare the outcome to our results.

Cite as

Tiago Gasiba, Ulrike Lechner, Jorge Cuellar, and Alae Zouitni. Ranking Secure Coding Guidelines for Software Developer Awareness Training in the Industry. In First International Computer Programming Education Conference (ICPEC 2020). Open Access Series in Informatics (OASIcs), Volume 81, pp. 11:1-11:11, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2020)


Copy BibTex To Clipboard

@InProceedings{gasiba_et_al:OASIcs.ICPEC.2020.11,
  author =	{Gasiba, Tiago and Lechner, Ulrike and Cuellar, Jorge and Zouitni, Alae},
  title =	{{Ranking Secure Coding Guidelines for Software Developer Awareness Training in the Industry}},
  booktitle =	{First International Computer Programming Education Conference (ICPEC 2020)},
  pages =	{11:1--11:11},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-153-5},
  ISSN =	{2190-6807},
  year =	{2020},
  volume =	{81},
  editor =	{Queir\'{o}s, Ricardo and Portela, Filipe and Pinto, M\'{a}rio and Sim\~{o}es, Alberto},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.ICPEC.2020.11},
  URN =		{urn:nbn:de:0030-drops-122988},
  doi =		{10.4230/OASIcs.ICPEC.2020.11},
  annote =	{Keywords: education, teaching, training, secure coding, industry, cybersecurity, capture-the-flag, game analysis, game design, cybersecurity challenge}
}
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail