TULIPS: Projects

Technology Usability Lab In Privacy and Security

Security Games

Training new people in cyber security and privacy is a serious issue as we face a global shortage of workers skilled in this area. In this work, we explore the use of gamification to engage people interested in learning about various aspects of cyber security.

Gamification is the process of taking a training exercise or other activity and converting it into a game. Luckily cyber security already has goals which align well with game-type thinking. There is often a resource (computer, system, data) which needs to be protected or attacked. There are also various tools which can be used to perform or defend against those attacks which the player must become familiar with.

In this project we are exploring the use of games to teach security and privacy concepts to all types of students.

Also see:

People

Current

Related Student Projects

Project screenshot.

Desinging a tool to teach password security to future developers

Constance Crowe (2016-2018, Undergraduate and Masters Thesis)

Supervisor: Kami Vaniea

Interactive tutorial that allows people to try out some basic password cracking techniques. My project teaches programmers how to break into a "secure" site by attacking the password, I demonstrate potential vulnerabilities from an attacker's point of view as well as how they can be solved from the defender's perspective.

Project screenshot.

Firewall administration, the game

Ying-An (Annie) Chen (2016-2017, Undergraduate Thesis)

Supervisors: William Waites, Kami Vaniea

Board game focused on configuration of Firewall rules. Computer security is becoming increasingly important in system administration. For this thesis I focused on firewalls as they are a common component of security management. I built a board game which is engaging and motivates people to learn more about Firewalls.

Project screenshot.

Firewall administration the game

Congcong He (2016-2017, Masters Thesis)

Supervisor: Kami Vaniea

Card game that teaches the IPTables command line to players. During the game players gather Learning cards which teach them about different aspects of IPTables such as chains. They then use the Learning cards to construct IPTables commands to accomplish missions.

Project screenshot.

An Educational Game for Computer Security

Yini Huang (2016-2017, Masters Thesis)

Supervisor: Kami Vaniea

Card game where each player must manage a personal computer which hosts services (make money) and defend their network (costs money). Players then try and take down rivals by playing well known attacks against them, and they defend by correctly identifing how to prevent the attack. The game is intended for students who are currently taking a computer security course and want a good way to review common computer security material in a fun way.

Project screenshot.

Blue Team : A firewall setup game

Karel Kuzmiak (2017-2017, Internship)

Supervisor: Kami Vaniea

Developed an educational game that can be played in a browser and teaches the basic idea behind firewall administration on a network. The aim of the game is to set up firewall rules in different scenarios, in order to teach the player about iptables syntax, and attack logs from IDS.

Project screenshot.

Firewall simulator as a WebApp

Patrik Mjartan (2016-2017, Undergraduate Thesis)

Supervisors: William Waites, Kami Vaniea

A firewall is a rather straightforward entity at its core - packets trying to get through get inspected and are either let through, or denied. However, configuring and testing a firewall setup can be rather inaccessable to people like students. In particular, setting up multiple machines and VMs can be error prone and problematic for learning. In this project I sought to create a friewall simulator as a WebApp, hence erasing the potentially difficult and time consuming act of setting up the machines.

Project screenshot.

Permission Impossible - the design and evaluation of a video game that teaches beginners about firewalls

Sibylle Sehl (2016-2017, Masters Thesis)

Supervisor: Kami Vaniea

Certain topics in Computer Security, for example firewalls, can often seem inaccessible or very difficult to beginners. This project aims to bridge this gap by providing an engaging and friendly environment for beginners to learn about firewalls. Permission Impossible teaches novices about basic firewall terminology and concepts as well as how to build a firewall rule set to enable incoming and outgoing packet traffic.

Project screenshot.

Firewall administration the game

Scott Thompson (2016-2017, Undergraduate Thesis)

Supervisors: Kami Vaniea, William Waites

Managing the Firewall policy rules for a large network is a challenging task, even for a skilled system administrator. Learning these skills can seem insurmountable. In this thesis, I present a Flash game that teaches people how to wirte IPTables rules through a mission-based game.

Project screenshot.

Learn Security

Rory Mathers (2015-2016, Undergraduate Thesis)

Supervisor: Don Sannella

Android app for teaching about the following kinds of web security threats, from the OWASP top 10 list: session attacks, SQL injection, cross-site scripting, cross-site request forgery, and sensitive data exposure. It's designed for smartphones; it works on tablets as well but looks better on 7-inch tablets than on large tablets. It's completely self-contained, demonstrating attacks on a simulated bank website, and countermeasures, and requires no permissions to install - there is no danger to your security.

Project screenshot.

Learn Security

Mac Chong (2014-2015, Undergraduate Thesis)

Supervisor: Don Sannella

Android app for teaching about the following kinds of web security threats, from the OWASP top 10 list: session attacks, SQL injection, cross-site scripting, cross-site request forgery, and sensitive data exposure. It's designed for smartphones; it works on tablets as well but looks better on 7-inch tablets than on large tablets. It's completely self-contained, demonstrating attacks on a simulated bank website, and countermeasures, and requires no permissions to install - there is no danger to your security.