skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: A Design for a Collaborative Make-the-Flag Exercise
Many people know how to compromise existing systems, and capture-the-flag contests are increasing this number. There is a dearth of people who know how to design and build secure systems. A collaborative contest to build secure systems to meet specific goals -- a “make-the-flag” exercise -- could encourage more people to participate in cybersecurity exercises, and learn how to design and build secure systems. This paper presents a generic design for such an exercise. It explores the goals, organization, constraints, and rules. It also discusses preparations and how to run the exercise and evaluate the results. Several variations are also presented.  more » « less
Award ID(s):
1739025
PAR ID:
10317419
Author(s) / Creator(s):
Editor(s):
Drevin, Lynette; Theocharidou, Marianthi
Date Published:
Journal Name:
Proceedings of the 11th IFIP WG 11.8 World Conference on Information Security Education
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; (, 2023 Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE))
    This paper proposes a design for an introductory password cracking exercise that gives students the opportunity to develop foundational cybersecurity skills while increasing their confidence and agency. This exercise aims to educate students about the brittle nature of passwords while increasing students' cybersecurity soft skills, such as collaboration, autonomy, and problem solving. To do so, the exercise uses pedagogical methods such as the Gradual Release of Responsibility model and guiding questions. The exercise is holistic, hands-on, and consists of three scaffolded levels: Password guessing, intelligence gathering, and spear phishing. • Manually attempting a “credential stuffing” attack on a simple password. • Scripting an automated password cracking tool. This exercise will educate students about passwords, how to attack them, and how to choose secure passwords while building foundational cybersecurity skills and keeping less experienced students interested, engaged, and motivated. 
    more » « less
  2. ; ; (, Proceedings of the 2021 CHI Conference on Human Factors in computing Systems)
    null (Ed.)
    “Notice and choice” is the predominant approach for data privacy protection today. There is considerable user-centered research on providing effective privacy notices but not enough guidance on designing privacy choices. Recent data privacy regulations worldwide established new requirements for privacy choices, but system practitioners struggle to implement legally compliant privacy choices that also provide users meaningful privacy control. We construct a design space for privacy choices based on a user-centered analysis of how people exercise privacy choices in real-world systems. This work contributes a conceptual framework that considers privacy choice as a user-centered process as well as a taxonomy for practitioners to design meaningful privacy choices in their systems. We also present a use case of how we leverage the design space to finalize the design decisions for a real-world privacy choice platform, the Internet of Things (IoT) Assistant, to provide meaningful privacy control in the IoT. 
    more » « less
  3. ; ; (, ACM Conference on Human Factors in Computing Systems)
    null (Ed.)
    “Notice and choice” is the predominant approach for data privacy protection today. There is considerable user-centered research on providing efective privacy notices but not enough guidance on designing privacy choices. Recent data privacy regulations worldwide established new requirements for privacy choices, but system practitioners struggle to implement legally compliant privacy choices that also provide users meaningful privacy control. We construct a design space for privacy choices based on a user-centered analysis of how people exercise privacy choices in real-world systems. This work contributes a conceptual framework that considers privacy choice as a user-centered process as well as a taxonomy for practitioners to design meaningful privacy choices in their systems. We also present a use case of how we leverage the design space to fnalize the design decisions for a real-world privacy choice platform, the Internet of Things (IoT) Assistant, to provide meaningful privacy control in the IoT. 
    more » « less
  4. ; ; (, Proceedings of the USENIX Security Symposium)
    Augmented reality (AR), which overlays virtual content on top of the user’s perception of the real world, has now begun to enter the consumer market. Besides smartphone platforms, early-stage head-mounted displays such as the Microsoft HoloLens are under active development. Many compelling uses of these technologies are multi-user: e.g., inperson collaborative tools, multiplayer gaming, and telepresence. While prior work on AR security and privacy has studied potential risks from AR applications, new risks will also arise among multiple human users. In this work, we explore the challenges that arise in designing secure and private content sharing for multi-user AR. We analyze representative application case studies and systematize design goals for security and functionality that a multi-user AR platform should support. We design an AR content sharing control module that achieves these goals and build a prototype implementation (ShareAR) for the HoloLens. This work builds foundations for secure and private multi-user AR interactions. 
    more » « less
  5. ; ; (, Conference on Research in Equity and Sustained Participation in Engineering, Computing, and Technology (RESPECT))
    To make computer science (CS) more equitable, many educational efforts are shifting foci from access and content understanding to include identification, agency, and social change. As part of these efforts, we look at how learners perceive themselves in relation to what they believe CS is and what it means to participate in CS. Informed by three design lenses, unblackboxing, culturally responsive computing, and creative production, we designed a physical computing kit and activities. Drawing from qualitative analysis of interviews, artifacts, and observation of six young people in a weeklong summer workshop, we report on the experiences of two young Black women designers. We found that using these materials young people were able to: leverage personal goals and prior experiences in computing work; feel as if they were figuring out computing systems; and recognize computational technologies as created by people for particular purposes. We observed that while the mix of materials and activities created some frustration for participants, it also prompted processes of community building and inquiry. We discuss implications for design of computational tools in equity-centered CS education and pose seamfulness as an emergent heuristic when designing for learning that engages young people with the social, not just material, systems of computing. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email