Disturbed playing: Another kind of educational
Link to publication 
Link to original publication 
Download Bibtex entry
Koch and Jörg Schneider and Jan Nordholz
|Title of Book
Workshop on Cyber Security Experimentation and Test at Usenix Security
have a long tradition in teaching IT security: Ranging from
international capture-the-flag competitions
played by multiple teams to educational simulation games where
individual students can get a feeling for the
effects of security decisions.
All these games have in common, that the game's main goal is keeping
up the security. In this paper, we propose
another kind of educational security games which feature a game goal
unrelated to IT security.
However, during the game session gradually more and more attacks on
the underlying infrastructure disturb the game play.
Such a scenario is very close to the reality of an IT security expert,
where establishing security is just a
necessary requirement to reach the company's goals.
By preparing and analyzing the game sessions, the students learn how
to develop a security policy for a simplified scenario.
Additionally, the students learn to decide when to apply technical
security measures, when to establish emergency plans,
and which risks cannot be covered economically.
As an example for such a disturbed playing game, we present our
distributed air traffic control scenario.
The game play is disturbed by attacking the integrity and availability
of the underlying network in a coordinated
manner, i.e., all student teams experience the same failures at the
same state of the game.
Beside presenting the technical aspects of the setup, we are also
discussing the didactic approach and the experiences made in the last