Automatic Challenge Generation for Teaching Computer Security

Abstract

Computer Security is an increasingly important area, considering the sophistication and increase of threats present in the digital world. The need for information protection contrasts with the lack of professionals and the limited space dedicated to the area in Information Technology (IT) courses. Games and competitions have been used to motivate Computing students to improve their practical knowledge on the subject and also to foster the interest of potential students and professionals in Security. The creation of these games requires specialized knowledge to develop new problems, since the novelty of these games is important to reach the desired level of difficulty and to ensure competitiveness. This work proposes the use of randomization to generate problems and entire competitions in an automated way, obtaining exclusive instances of problems for each player. A tool for generating challenges was developed as proof of concept to evaluate the proposal. Competitions with automatically generated problems were held with undergraduate and continuing education students, at two different institutions. The performance in the competitions and the perception of satisfaction, interest and learning of the involved students were analyzed. The results show that the automatic generation of challenges is feasible and the use of competitions to teach Computer Security is motivating and effective for didactic purposes.