Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach

Detalhes bibliográficos
Autor(a) principal: Gasiba, T.
Data de Publicação: 2020
Outros Autores: Lechner, U., Pinto-Albuquerque, M.
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10071/21395
Resumo: Software vulnerabilities, when actively exploited by malicious parties, can lead to catastrophic consequences. Proper handling of software vulnerabilities is essential in the industrial context, particularly when the software is deployed in critical infrastructures. Therefore, several industrial standards mandate secure coding guidelines and industrial software developers’ training, as software quality is a significant contributor to secure software. CyberSecurity Challenges (CSC) form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry. These cybersecurity awareness events have been used with success in industrial environments. However, until now, these coached events took place on-site. In the present work, we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online. The introduced cybersecurity awareness platform, which the authors call Sifu, performs automatic assessment of challenges in compliance to secure coding guidelines, and uses an artificial intelligence method to provide players with solution-guiding hints. Furthermore, due to its characteristics, the Sifu platform allows for remote (online) learning, in times of social distancing. The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events. We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.
id RCAP_a08782b52d80d0f27d99659bfb01546e
oai_identifier_str oai:repositorio.iscte-iul.pt:10071/21395
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coachCybersecurityAwarenessTrainingArtificial intelligenceSerious gamesSecure codingStatic application security testingCapture-the-flagSoftware development in industrySoftware vulnerabilities, when actively exploited by malicious parties, can lead to catastrophic consequences. Proper handling of software vulnerabilities is essential in the industrial context, particularly when the software is deployed in critical infrastructures. Therefore, several industrial standards mandate secure coding guidelines and industrial software developers’ training, as software quality is a significant contributor to secure software. CyberSecurity Challenges (CSC) form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry. These cybersecurity awareness events have been used with success in industrial environments. However, until now, these coached events took place on-site. In the present work, we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online. The introduced cybersecurity awareness platform, which the authors call Sifu, performs automatic assessment of challenges in compliance to secure coding guidelines, and uses an artificial intelligence method to provide players with solution-guiding hints. Furthermore, due to its characteristics, the Sifu platform allows for remote (online) learning, in times of social distancing. The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events. We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.Springer2021-01-20T13:49:18Z2020-01-01T00:00:00Z20202021-01-20T13:48:20Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/10071/21395eng2523-324610.1186/s42400-020-00064-4Gasiba, T.Lechner, U.Pinto-Albuquerque, M.info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-09T17:27:16Zoai:repositorio.iscte-iul.pt:10071/21395Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T22:12:09.620098Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach
title Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach
spellingShingle Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach
Gasiba, T.
Cybersecurity
Awareness
Training
Artificial intelligence
Serious games
Secure coding
Static application security testing
Capture-the-flag
Software development in industry
title_short Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach
title_full Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach
title_fullStr Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach
title_full_unstemmed Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach
title_sort Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach
author Gasiba, T.
author_facet Gasiba, T.
Lechner, U.
Pinto-Albuquerque, M.
author_role author
author2 Lechner, U.
Pinto-Albuquerque, M.
author2_role author
author
dc.contributor.author.fl_str_mv Gasiba, T.
Lechner, U.
Pinto-Albuquerque, M.
dc.subject.por.fl_str_mv Cybersecurity
Awareness
Training
Artificial intelligence
Serious games
Secure coding
Static application security testing
Capture-the-flag
Software development in industry
topic Cybersecurity
Awareness
Training
Artificial intelligence
Serious games
Secure coding
Static application security testing
Capture-the-flag
Software development in industry
description Software vulnerabilities, when actively exploited by malicious parties, can lead to catastrophic consequences. Proper handling of software vulnerabilities is essential in the industrial context, particularly when the software is deployed in critical infrastructures. Therefore, several industrial standards mandate secure coding guidelines and industrial software developers’ training, as software quality is a significant contributor to secure software. CyberSecurity Challenges (CSC) form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry. These cybersecurity awareness events have been used with success in industrial environments. However, until now, these coached events took place on-site. In the present work, we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online. The introduced cybersecurity awareness platform, which the authors call Sifu, performs automatic assessment of challenges in compliance to secure coding guidelines, and uses an artificial intelligence method to provide players with solution-guiding hints. Furthermore, due to its characteristics, the Sifu platform allows for remote (online) learning, in times of social distancing. The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events. We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.
publishDate 2020
dc.date.none.fl_str_mv 2020-01-01T00:00:00Z
2020
2021-01-20T13:49:18Z
2021-01-20T13:48:20Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10071/21395
url http://hdl.handle.net/10071/21395
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2523-3246
10.1186/s42400-020-00064-4
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Springer
publisher.none.fl_str_mv Springer
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799134676889108480

Registros relacionados