Research Article
Role-Playing Game for Studying User Behaviors in Security: A Case Study on Email Secrecy
@INPROCEEDINGS{10.4108/icst.collaboratecom.2014.257242, author={Kui Xu and Danfeng Yao and Manuel A. Perez-Quinones and Casey Link and E. Scott Geller}, title={Role-Playing Game for Studying User Behaviors in Security: A Case Study on Email Secrecy}, proceedings={10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing}, publisher={IEEE}, proceedings_a={COLLABORATECOM}, year={2014}, month={11}, keywords={adversary's knowledge privacy social interaction cyber game}, doi={10.4108/icst.collaboratecom.2014.257242} }- Kui Xu
Danfeng Yao
Manuel A. Perez-Quinones
Casey Link
E. Scott Geller
Year: 2014
Role-Playing Game for Studying User Behaviors in Security: A Case Study on Email Secrecy
COLLABORATECOM
IEEE
DOI: 10.4108/icst.collaboratecom.2014.257242
Abstract
Understanding the capabilities of adversaries (e.g., how much the adversary knows about a target) is important for building strong security defenses. Computing an adversary's knowledge about a target requires new modeling techniques and experimental methods. Our work describes a quantitative analysis technique for modeling an adversary's knowledge about private information at workplace. Our technical enabler is a new emulation environment for conducting user experiments on attack behaviors. We develop a role-playing cyber game for our evaluation, where the participants take on the adversary role to launch ID theft attacks by answering challenge questions about a target. We measure an adversary's knowledge based on how well he or she answers the authentication questions about a target. We present our empirical modeling results based on the data collected from a total of 36 users.