Gamifying software security education and training via secure coding duels in code hunt

Tao Xie, Judith Bishop, Nikolai Tillmann, Jonathan De Halleux

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Sophistication and flexibility of software development make it easy to leave security vulnerabilities in software applications for attackers. It is critical to educate and train software engineers to avoid introducing vulnerabilities in software applications in the first place such as adopting secure coding mechanisms and conducting security testing. A number of websites provide training grounds to train people's hacking skills, which are highly related to security testing skills, and train people's secure coding skills. However, there exists no interactive gaming platform for instilling gaming aspects into the education and training of secure coding. To address this issue, we propose to construct secure coding duels in Code Hunt, a high-impact serious gaming platform released by Microsoft Research. In Code Hunt, a coding duel consists of two code segments: a secret code segment and a player-visible code segment. To solve a coding duel, a player iteratively modifies the player-visible code segment to match the functional behaviors of the secret code segment. During the duel-solving process, the player is given clues as a set of automatically generated test cases to characterize sample functional behaviors of the secret code segment. The game aspect in Code Hunt is to recognize a pattern from the test cases, and to re-engineer the player-visible code segment to exhibit the expected behaviors. Secure coding duels proposed in this work are coding duels that are carefully designed to train players' secure coding skills, such as sufficient input validation and access control.

Original languageEnglish (US)
Title of host publicationProceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450333764
DOIs
StatePublished - Apr 21 2015
EventSymposium and Bootcamp on the Science of Security, HotSoS 2015 - Urbana, United States
Duration: Apr 21 2015Apr 22 2015

Publication series

NameACM International Conference Proceeding Series
Volume21-22-April-2015

Other

OtherSymposium and Bootcamp on the Science of Security, HotSoS 2015
CountryUnited States
CityUrbana
Period4/21/154/22/15

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Gamifying software security education and training via secure coding duels in code hunt'. Together they form a unique fingerprint.

Cite this