Pub Date : 2019-05-25DOI: 10.1109/ICSE-Companion.2019.00115
D. Gopinath, C. Pasareanu, Kaiyuan Wang, Mengshi Zhang, S. Khurshid
This paper introduces DeepCheck, a new approach for validating Deep Neural Networks (DNNs) based on core ideas from program analysis, specifically from symbolic execution. DeepCheck implements techniques for lightweight symbolic analysis of DNNs and applies them in the context of image classification to address two challenging problems: 1) identification of important pixels (for attribution and adversarial generation); and 2) creation of adversarial attacks. Experimental results using the MNIST data-set show that DeepCheck's lightweight symbolic analysis provides a valuable tool for DNN validation.
{"title":"Symbolic Execution for Attribution and Attack Synthesis in Neural Networks","authors":"D. Gopinath, C. Pasareanu, Kaiyuan Wang, Mengshi Zhang, S. Khurshid","doi":"10.1109/ICSE-Companion.2019.00115","DOIUrl":"https://doi.org/10.1109/ICSE-Companion.2019.00115","url":null,"abstract":"This paper introduces DeepCheck, a new approach for validating Deep Neural Networks (DNNs) based on core ideas from program analysis, specifically from symbolic execution. DeepCheck implements techniques for lightweight symbolic analysis of DNNs and applies them in the context of image classification to address two challenging problems: 1) identification of important pixels (for attribution and adversarial generation); and 2) creation of adversarial attacks. Experimental results using the MNIST data-set show that DeepCheck's lightweight symbolic analysis provides a valuable tool for DNN validation.","PeriodicalId":273100,"journal":{"name":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121282370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-25DOI: 10.1109/ICSE-Companion.2019.00123
Sebastian Loss, Raffaele Ciriello, Jürgen Cito
User acceptance tests (UAT) are an integral part of software engineering. This study aims to question the appropriateness of UATs to collect usable feedback for Software-as-a-Service (SaaS) applications, which are continuously delivered rather than rolled out during a one-off signoff process. Our preliminary results from an exploratory qualitative field study at a multinational SaaS provider in Denmark show that UATs often address the wrong problem in that positive user acceptance may paradoxically indicate a negative user experience. Hence, SaaS providers should be careful not to rest on what we initially term disengaged user acceptance. Instead, we aim to explore how SaaS providers can purposefully query users for ambivalent emotions to evoke constructive criticism. We briefly outline the adverse effects of disengaged user acceptance on testing SaaS applications.
{"title":"Beware of Disengaged User Acceptance in Testing Software-as-a-Service","authors":"Sebastian Loss, Raffaele Ciriello, Jürgen Cito","doi":"10.1109/ICSE-Companion.2019.00123","DOIUrl":"https://doi.org/10.1109/ICSE-Companion.2019.00123","url":null,"abstract":"User acceptance tests (UAT) are an integral part of software engineering. This study aims to question the appropriateness of UATs to collect usable feedback for Software-as-a-Service (SaaS) applications, which are continuously delivered rather than rolled out during a one-off signoff process. Our preliminary results from an exploratory qualitative field study at a multinational SaaS provider in Denmark show that UATs often address the wrong problem in that positive user acceptance may paradoxically indicate a negative user experience. Hence, SaaS providers should be careful not to rest on what we initially term disengaged user acceptance. Instead, we aim to explore how SaaS providers can purposefully query users for ambivalent emotions to evoke constructive criticism. We briefly outline the adverse effects of disengaged user acceptance on testing SaaS applications.","PeriodicalId":273100,"journal":{"name":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128917506","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-25DOI: 10.1109/ICSE-Companion.2019.00099
R. Chanin, Jorge Melegati, Afonso Sales, Mariana Detoni, Xiaofeng Wang, R. Prikladnicki
Software engineering researchers and practitioners are increasingly more concerned about non-technical issues like user involvement and interaction as a way to improve software development process efficiency. This issue is also present in software engineering education. The IEEE/ACM software engineering guidelines highlights that an undergraduate course in this matter should have a real-world basis. In this paper, we present an undergraduate program that connect students with real-world projects throughout their studies. To evaluate educational results, we performed a survey with 111 students from this software engineering program. The results indicate that students in the end of this program has a much better chance of taking users' desires into consideration instead of focusing on software implementation.
{"title":"Incorporating Real Projects Into a Software Engineering Undergraduate Curriculum","authors":"R. Chanin, Jorge Melegati, Afonso Sales, Mariana Detoni, Xiaofeng Wang, R. Prikladnicki","doi":"10.1109/ICSE-Companion.2019.00099","DOIUrl":"https://doi.org/10.1109/ICSE-Companion.2019.00099","url":null,"abstract":"Software engineering researchers and practitioners are increasingly more concerned about non-technical issues like user involvement and interaction as a way to improve software development process efficiency. This issue is also present in software engineering education. The IEEE/ACM software engineering guidelines highlights that an undergraduate course in this matter should have a real-world basis. In this paper, we present an undergraduate program that connect students with real-world projects throughout their studies. To evaluate educational results, we performed a survey with 111 students from this software engineering program. The results indicate that students in the end of this program has a much better chance of taking users' desires into consideration instead of focusing on software implementation.","PeriodicalId":273100,"journal":{"name":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128971278","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-25DOI: 10.1109/ICSE-COMPANION.2019.00120
Orges Cico, M. L. Jaccheri
Contemporary approaches and trends, in software engineering courses have been continuously updated over the last four decades. Adaptation to industry needs is crucial for future educational purposes. The goal of this poster paper is to present some preliminary results related to what degree contemporary industry trends are being adopted in updating software engineering teaching approaches. This study is a systematic mapping. A total of 138 papers were selected based on education goals, research, and contribution type. Of the primary education topics, around 78% are related to teaching approaches, 9% to globalisation and training methods, and less than 5% to tech startup and industry innovation. Less investigated areas that have recently become common industry trends, such as tech startup models adopting lean methodology, require further attention and might create opportunities for updating the curricula. Future work will investigate possibilities for exploiting tech startups as a means for renewing future capstone courses.
{"title":"Industry Trends in Software Engineering Education: A Systematic Mapping Study","authors":"Orges Cico, M. L. Jaccheri","doi":"10.1109/ICSE-COMPANION.2019.00120","DOIUrl":"https://doi.org/10.1109/ICSE-COMPANION.2019.00120","url":null,"abstract":"Contemporary approaches and trends, in software engineering courses have been continuously updated over the last four decades. Adaptation to industry needs is crucial for future educational purposes. The goal of this poster paper is to present some preliminary results related to what degree contemporary industry trends are being adopted in updating software engineering teaching approaches. This study is a systematic mapping. A total of 138 papers were selected based on education goals, research, and contribution type. Of the primary education topics, around 78% are related to teaching approaches, 9% to globalisation and training methods, and less than 5% to tech startup and industry innovation. Less investigated areas that have recently become common industry trends, such as tech startup models adopting lean methodology, require further attention and might create opportunities for updating the curricula. Future work will investigate possibilities for exploiting tech startups as a means for renewing future capstone courses.","PeriodicalId":273100,"journal":{"name":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115381399","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-25DOI: 10.1109/ICSE-Companion.2019.00066
Tongtong Xu
Although being recognized as a critical step in automated program repair, fault localization has been only loosely coupled into the fixing process in existing program repair approaches, in the sense that fault localization has limited interactions with other activities in fixing. We propose in this paper to deeply integrate fault localization into the fixing process to achieve more effective and efficient program repair. Our approach introduces a feedback loop in fixing between the activities for locating the fault causes and those for generating and evaluating candidate fixes. The feedback loop enables partial evaluation results of candidate fixes to be used to locate fault localization more accurately, and eventually leads to fixing processes with improved effectiveness and efficiency. We have implemented the approach into a tool, named RESTORE, based on the JAID program repair system. Experiments involving faults from the DEFECTS4J standard benchmark indicate that the integrated fault localization can boost automated program repair: RESTORE produced valid fixes to 63 faults and correct ones to 38 faults, outperforming any other state-of-the-art repair tool for Java while taking 36% less running time compared with JAID.
{"title":"Improving Automated Program Repair with Retrospective Fault Localization","authors":"Tongtong Xu","doi":"10.1109/ICSE-Companion.2019.00066","DOIUrl":"https://doi.org/10.1109/ICSE-Companion.2019.00066","url":null,"abstract":"Although being recognized as a critical step in automated program repair, fault localization has been only loosely coupled into the fixing process in existing program repair approaches, in the sense that fault localization has limited interactions with other activities in fixing. We propose in this paper to deeply integrate fault localization into the fixing process to achieve more effective and efficient program repair. Our approach introduces a feedback loop in fixing between the activities for locating the fault causes and those for generating and evaluating candidate fixes. The feedback loop enables partial evaluation results of candidate fixes to be used to locate fault localization more accurately, and eventually leads to fixing processes with improved effectiveness and efficiency. We have implemented the approach into a tool, named RESTORE, based on the JAID program repair system. Experiments involving faults from the DEFECTS4J standard benchmark indicate that the integrated fault localization can boost automated program repair: RESTORE produced valid fixes to 63 faults and correct ones to 38 faults, outperforming any other state-of-the-art repair tool for Java while taking 36% less running time compared with JAID.","PeriodicalId":273100,"journal":{"name":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126825667","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-25DOI: 10.1109/ICSE-Companion.2019.00113
Yijun Yu
Frequently source code analysis tools need to exchange internal representations of abstract syntax trees (AST) with each other. Conveniently, and intuitively, the externalised representations are in the form of hierarchical trees. We argue, counter-intuitively, that hierarchical representation is not the most efficient way for source analysis tools to exchange parsed AST. In this work, we propose to speed up AST parsing whilst preserving the equivalence of hierarchies in binary forms: (1) AST could be saved as a flat one-dimensional array where pointers to tree nodes are converted into integer offsets, and (2) such flattened AST are more efficient to access by programming tools through the generated application programming interfaces (API). In programming language-agnostic evaluations, we show that parsing flattened AST becomes 100x faster than in textual form AST on a benchmark of open-source projects of 6 different programming languages.
{"title":"fAST: Flattening Abstract Syntax Trees for Efficiency","authors":"Yijun Yu","doi":"10.1109/ICSE-Companion.2019.00113","DOIUrl":"https://doi.org/10.1109/ICSE-Companion.2019.00113","url":null,"abstract":"Frequently source code analysis tools need to exchange internal representations of abstract syntax trees (AST) with each other. Conveniently, and intuitively, the externalised representations are in the form of hierarchical trees. We argue, counter-intuitively, that hierarchical representation is not the most efficient way for source analysis tools to exchange parsed AST. In this work, we propose to speed up AST parsing whilst preserving the equivalence of hierarchies in binary forms: (1) AST could be saved as a flat one-dimensional array where pointers to tree nodes are converted into integer offsets, and (2) such flattened AST are more efficient to access by programming tools through the generated application programming interfaces (API). In programming language-agnostic evaluations, we show that parsing flattened AST becomes 100x faster than in textual form AST on a benchmark of open-source projects of 6 different programming languages.","PeriodicalId":273100,"journal":{"name":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"2016 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127514320","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-25DOI: 10.1109/ICSE-Companion.2019.00111
Roman Haas, Rainer Niedermayr, T. Roehm, S. Apel
Grown software systems often contain code that is not necessary anymore. Unnecessary code wastes resources during development and maintenance, for example, when preparing code for migration or certification. Running a profiler may reveal code that is not used in production, but it is often time-consuming to obtain representative data this way. We investigate to what extent a static analysis approach which is based on code stability and code centrality, is able to identify unnecessary code and whether its recommendations are relevant in practice. To study the feasibility and usefulness of our static approach, we conducted a study involving 14 open-source and closed-source software systems. As there is no perfect oracle for unnecessary code, we compared recommendations of our approach with historical cleanup actions, runtime usage data, and feedback from 25 developers of 5 software projects. Our study shows that recommendations generated from stability and centrality information point to unnecessary code. Our results suggest that static analysis can provide quick feedback on unnecessary code that is useful in practice.
{"title":"Recommending Unnecessary Source Code Based on Static Analysis","authors":"Roman Haas, Rainer Niedermayr, T. Roehm, S. Apel","doi":"10.1109/ICSE-Companion.2019.00111","DOIUrl":"https://doi.org/10.1109/ICSE-Companion.2019.00111","url":null,"abstract":"Grown software systems often contain code that is not necessary anymore. Unnecessary code wastes resources during development and maintenance, for example, when preparing code for migration or certification. Running a profiler may reveal code that is not used in production, but it is often time-consuming to obtain representative data this way. We investigate to what extent a static analysis approach which is based on code stability and code centrality, is able to identify unnecessary code and whether its recommendations are relevant in practice. To study the feasibility and usefulness of our static approach, we conducted a study involving 14 open-source and closed-source software systems. As there is no perfect oracle for unnecessary code, we compared recommendations of our approach with historical cleanup actions, runtime usage data, and feedback from 25 developers of 5 software projects. Our study shows that recommendations generated from stability and centrality information point to unnecessary code. Our results suggest that static analysis can provide quick feedback on unnecessary code that is useful in practice.","PeriodicalId":273100,"journal":{"name":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124510150","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-25DOI: 10.1109/ICSE-Companion.2019.00079
L. Silva
Collaborative software development allows developers to contribute to the same project simultaneously performing different activities. Although this might increase development productivity, it also brings conflicts among developers contributions. Different kinds of conflicts can arise, but previous studies have often focused on merge conflicts. So we aim to further investigate build and test conflicts occurrence, that are conflicts revealed by failures when building and testing integrated code, respectively. For that, we intend to study the causes of build and test conflicts, their adopted resolution patterns, and the factors that are associated with the conflict occurrence. Based on these results, we plan to develop a tool for helping developers when resolving build and test conflicts. Our initial results, analyzing Java projects, show that most build conflicts are caused by missing declarations removed or renamed by one developer but referenced by the changes of another developer. We also verified these conflicts are often resolved by removing the dangling reference. Based on such finding, we developed a prototype that recommends fixes for these build conflicts.
{"title":"Detecting, Understanding and Resolving Build and Test Conflicts","authors":"L. Silva","doi":"10.1109/ICSE-Companion.2019.00079","DOIUrl":"https://doi.org/10.1109/ICSE-Companion.2019.00079","url":null,"abstract":"Collaborative software development allows developers to contribute to the same project simultaneously performing different activities. Although this might increase development productivity, it also brings conflicts among developers contributions. Different kinds of conflicts can arise, but previous studies have often focused on merge conflicts. So we aim to further investigate build and test conflicts occurrence, that are conflicts revealed by failures when building and testing integrated code, respectively. For that, we intend to study the causes of build and test conflicts, their adopted resolution patterns, and the factors that are associated with the conflict occurrence. Based on these results, we plan to develop a tool for helping developers when resolving build and test conflicts. Our initial results, analyzing Java projects, show that most build conflicts are caused by missing declarations removed or renamed by one developer but referenced by the changes of another developer. We also verified these conflicts are often resolved by removing the dangling reference. Based on such finding, we developed a prototype that recommends fixes for these build conflicts.","PeriodicalId":273100,"journal":{"name":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133692525","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-25DOI: 10.1109/ICSE-Companion.2019.00101
Max Kesselbacher, A. Bollin
Pupils are often first exposed to programming in block-based programming environments like Scratch. Identifying and measuring the previous experience of students learning to program is a key to improve the teaching of programming. In this contribution, we outline an approach to measure and evaluate programming interactions with the block-based programming environment Scratch. First results, obtained with eight upper secondary school students, show that programming skills and patterns can be quantified with interaction metrics measured during program construction. The aim is a more fine-grained identification and assessment of programming skills.
{"title":"Quantifying Patterns and Programming Strategies in Block-Based Programming Environments","authors":"Max Kesselbacher, A. Bollin","doi":"10.1109/ICSE-Companion.2019.00101","DOIUrl":"https://doi.org/10.1109/ICSE-Companion.2019.00101","url":null,"abstract":"Pupils are often first exposed to programming in block-based programming environments like Scratch. Identifying and measuring the previous experience of students learning to program is a key to improve the teaching of programming. In this contribution, we outline an approach to measure and evaluate programming interactions with the block-based programming environment Scratch. First results, obtained with eight upper secondary school students, show that programming skills and patterns can be quantified with interaction metrics measured during program construction. The aim is a more fine-grained identification and assessment of programming skills.","PeriodicalId":273100,"journal":{"name":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114212532","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-25DOI: 10.1109/ICSE-Companion.2019.00102
Dag Erik Homdrum Løvgren, Jingyue Li, Tosin Daniel Oyetoyan
Many universities have started to educate students on how to develop secure software and systems. One challenge of teaching information security is that the curriculum can easily be outdated, because new attacks and mitigation approaches arise. It is therefore necessary to provide software developers with methods and tools that are attractive (e.g., computer games) for self-study and up-to-date information security knowledge during and after the university education. This paper presents an on-going study to develop an educational game to facilitate information security education. The game is developed as a single player Tower Defense (TD) game. The educational goal of the game is to teach developers, who are not security experts, how to choose proper mitigation strategies and patterns to defend against various security attack scenarios. One key benefit of our game is that it is data driven, meaning, it can continuously fetch data from relevant security-based online sources (e.g., Common Attack Pattern Enumeration Classification CAPEC) to stay up to date with any new information. This is done automatically. We evaluated the game by letting students play it and give comments. Evaluation results show that the game can facilitate students learning of mitigation strategies to defend against attack scenarios.
{"title":"A Data-Driven Security Game to Facilitate Information Security Education","authors":"Dag Erik Homdrum Løvgren, Jingyue Li, Tosin Daniel Oyetoyan","doi":"10.1109/ICSE-Companion.2019.00102","DOIUrl":"https://doi.org/10.1109/ICSE-Companion.2019.00102","url":null,"abstract":"Many universities have started to educate students on how to develop secure software and systems. One challenge of teaching information security is that the curriculum can easily be outdated, because new attacks and mitigation approaches arise. It is therefore necessary to provide software developers with methods and tools that are attractive (e.g., computer games) for self-study and up-to-date information security knowledge during and after the university education. This paper presents an on-going study to develop an educational game to facilitate information security education. The game is developed as a single player Tower Defense (TD) game. The educational goal of the game is to teach developers, who are not security experts, how to choose proper mitigation strategies and patterns to defend against various security attack scenarios. One key benefit of our game is that it is data driven, meaning, it can continuously fetch data from relevant security-based online sources (e.g., Common Attack Pattern Enumeration Classification CAPEC) to stay up to date with any new information. This is done automatically. We evaluated the game by letting students play it and give comments. Evaluation results show that the game can facilitate students learning of mitigation strategies to defend against attack scenarios.","PeriodicalId":273100,"journal":{"name":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114250777","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: