Search Results

Documents authored by Zhao, Tiange

Document
DOI: 10.4230/OASIcs.ICPEC.2022.6
Cloud of Assets and Threats: A Playful Method to Raise Awareness for Cloud Security in Industry

Authors: Tiange Zhao, Ulrike Lechner, Maria Pinto-Albuquerque, and Ece Ata

Published in: OASIcs, Volume 102, Third International Computer Programming Education Conference (ICPEC 2022)

Abstract
Cloud computing has become a convenient technology widely used in industry, providing profit and flexibility to companies. Many enterprises embrace cloud service by migrating their products and solutions from on-premise to cloud environments. Cloud assets and applications are vulnerable to security challenges if not adequately protected. Regulations, standards and guidelines aim to enforce cloud security controls in the industry and practitioners need training to raise awareness of cloud security issues and learn about the defense mechanisms and controls. We propose a serious game Cloud of Assets and Threats (CAT) for enhancing cloud security awareness of industrial practitioners. This study extends first results of applying such a serious game in industry [Zhao et al., 2021] and refines its design in two iterations. In the first design iteration, we implemented a digital game platform with six attack scenarios and developed a new player versus environment gaming mode. In the second design iteration, we adjusted the attack scenarios and introduced different difficulty levels for the scenarios. We present, analyse, and discuss the game events. We conclude that CAT is a promising method to raise awareness for cloud security in the industry.
Cite as

Tiange Zhao, Ulrike Lechner, Maria Pinto-Albuquerque, and Ece Ata. Cloud of Assets and Threats: A Playful Method to Raise Awareness for Cloud Security in Industry. In Third International Computer Programming Education Conference (ICPEC 2022). Open Access Series in Informatics (OASIcs), Volume 102, pp. 6:1-6:13, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)

Copy BibTex To Clipboard

@InProceedings{zhao_et_al:OASIcs.ICPEC.2022.6,
  author =	{Zhao, Tiange and Lechner, Ulrike and Pinto-Albuquerque, Maria and Ata, Ece},
  title =	{{Cloud of Assets and Threats: A Playful Method to Raise Awareness for Cloud Security in Industry}},
  booktitle =	{Third International Computer Programming Education Conference (ICPEC 2022)},
  pages =	{6:1--6:13},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-229-7},
  ISSN =	{2190-6807},
  year =	{2022},
  volume =	{102},
  editor =	{Sim\~{o}es, Alberto and Silva, Jo\~{a}o Carlos},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.ICPEC.2022.6},
  URN =		{urn:nbn:de:0030-drops-166107},
  doi =		{10.4230/OASIcs.ICPEC.2022.6},
  annote =	{Keywords: Cloud security, Cloud control matrix, Shared-responsibility model, Industry, Training, Gamification}
}
Document
Short Paper
DOI: 10.4230/OASIcs.ICPEC.2021.11
Exploring a Board Game to Improve Cloud Security Training in Industry (Short Paper)

Authors: Tiange Zhao, Tiago Espinha Gasiba, Ulrike Lechner, and Maria Pinto-Albuquerque

Published in: OASIcs, Volume 91, Second International Computer Programming Education Conference (ICPEC 2021)

Abstract
Nowadays, companies are increasingly using cloud-based platform for its convenience and flexibility. However, companies still need to protect their assets when deploying their infrastructure in the cloud. Over the last years, the number of cloud-specific vulnerabilities has been increasing. In this work, we introduce a serious game to help participants to understand the inherent risks, understand the different roles, and to encourage proactive defensive thinking. Our game includes an automated evaluator as a novel element. The players are invited to build defense plans and attack plans, which will be checked by the evaluator. We design the game and organize a trial-run in an industrial setting. Our preliminary results bring insight into the design of such a game, and constitute the first step in a research using design science.
Cite as

Tiange Zhao, Tiago Espinha Gasiba, Ulrike Lechner, and Maria Pinto-Albuquerque. Exploring a Board Game to Improve Cloud Security Training in Industry (Short Paper). In Second International Computer Programming Education Conference (ICPEC 2021). Open Access Series in Informatics (OASIcs), Volume 91, pp. 11:1-11:8, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021)

Copy BibTex To Clipboard

@InProceedings{zhao_et_al:OASIcs.ICPEC.2021.11,
  author =	{Zhao, Tiange and Gasiba, Tiago Espinha and Lechner, Ulrike and Pinto-Albuquerque, Maria},
  title =	{{Exploring a Board Game to Improve Cloud Security Training in Industry}},
  booktitle =	{Second International Computer Programming Education Conference (ICPEC 2021)},
  pages =	{11:1--11:8},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-194-8},
  ISSN =	{2190-6807},
  year =	{2021},
  volume =	{91},
  editor =	{Henriques, Pedro Rangel and Portela, Filipe and Queir\'{o}s, Ricardo and Sim\~{o}es, Alberto},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.ICPEC.2021.11},
  URN =		{urn:nbn:de:0030-drops-142276},
  doi =		{10.4230/OASIcs.ICPEC.2021.11},
  annote =	{Keywords: cloud security, cloud control matrix, shared-responsibility model, industry, training, gamification}
}
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail
© 2023-2024 Schloss Dagstuhl – LZI GmbH About DROPS Imprint Privacy Contact