Craig Jordan, Matt Knapp, Dan Mitchell, Mark Claypool and Kathi Fisler
Computer security has become vital for protecting users, applications and data, yet the field still faces severe shortages in skilled professionals. Typical methods to teach security from textbooks and academic papers are not engaging and take considerable time. Our hypothesis is that a security game that closely emulates real-world systems can improve learning about computer security above and beyond just reading technical documents. Our security game, CounterMeasures, provides a game-type environment for learning and practicing security skills through a series of guided objectives. CounterMeasures uses a real, interactive shell for input and targets a real server for exploits to provide an environment resembling security systems currently deployed. Evaluation with 20 test subjects illustrates the merits and shows the potential of our approach.