Zero-days are vulnerabilities that the software vendor does not know about and thus cannot provide a patch for. Their value has caused markets to develop, divided by the purchase intention. This thesis focuses on the white and grey markets, that is those buying to patch and those buying to exploit. While states generally have an interest in both, they currently spend money to exploit zerodays, keeping software insecure. The lack of knowledge and awareness surrounding this practice is the problem targeted in this thesis. Serious games, aiming to be both entertaining and educational, represent one opportunity to create awareness. They fit our circumstances particularly well because understanding the problem space requires adversarial thinking and lots of different concepts. Our research goal has thus been to create a serious game that accurately illuminates the dilemma experienced by states. Design science was the research strategy employed to reach the stated goal. Our main contribution is Minimator, a multiplayer, web-based game in which players, acting as states, have to protect their infrastructure and deal with zero-day markets. Additionally, we present a formal model of states’ treatment of zero-day markets developed using game theory and shown to resemble the n-players prisoners’ dilemma. An expert evaluation was conducted, delivering promising results in terms of gameplay appeal, and accuracy. A naturalistic evaluation remains, but is suggested in detail for future endeavours. Minimator is original as, to our knowledge, no similar artefact exists. It provides value by potentially creating a starting point for and encouraging an informed, public debate about the trade-off between national and infrastructure security, which is inherently political.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:su-219695 |
Date | January 2022 |
Creators | Cseresnyes, Ehud, Sharma, Hans |
Publisher | Stockholms universitet, Institutionen för data- och systemvetenskap |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0024 seconds