A CYBERCIEGE SCENARIO ILLUSTRATING MULTILEVEL SECRECY ISSUES IN AN AIR OPERATIONS CENTER ENVIRONMENT
Marc K. Meyer
Co-Advisors: Cynthia Irvine, Paul C. Clark
Second Reader: Mike Thompson
CyberCIEGE provides an addition to traditional Information Assurance (IA) education in the form of an interactive, entertaining, commercial-grade PC-based computer game. Educational objectives are contained in scenarios that serve to teach particular IA concepts. The details of a scenario are contained in a Scenario Definition File (SDF), which is written in the CyberCIEGE Scenario Definition Language. This language is rich enough to express a range of information security policies and operational data access requirements, resulting in a nearly limitless pool of possible scenarios.
This thesis developed a playable scenario illustrating confidentiality protection concepts in an open storage environment modeled after an Air Operations Center. Educational goals include physical protection of high value assets and use of strong authentication policies to protect moderate value assets. The major work of this thesis was designing an SDF to reflect a military information security policy and work flow environment contained in the educational goals. The confirmation of the proper operation of selected aspects of the CyberCIEGE game engine, and the assurance that the SDF confronts the player with the security trade-offs occurred through the application of a testing methodology. The creation of detailed solutions and incorrect gameplay examples constitute this testing process.
Download complete thesis as PDF