A CyberCIEGE scenario illustrating PKI interoperability issues through e-mail communications in a corporate environment
11Dec%5FNg%5FT.pdf (921.6Kb)Abstract
To help educate computer/network users and administrators on the complexities and potential implementation pitfalls of PKI, the work outlined in this thesis extended the CyberCIEGE computer security simulation game with additional PKI-related functionality. The research developed a scenario definition file for the CyberCIEGE game engine that supports a new game scenario that illustrates PKI concepts (e.g., cross-certification, certificate path processing and certificate revocation), configuration choices, and the security implications thereof. The game engine was enhanced to realistically model the parameters of an actual X.509 digital certificate. Test cases designed for this game extension verified that the scenario reasonably portrayed realistic PKI deployment issues and provided feedback consistent with real-world PKI implementations.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Related items
Showing items related by title, author, creator and subject.
-
A Security Simulation Game Scenario Definition Language
(IEEE, 2004-06-00);The Center for the Information Systems Studies and Research (CISR) at the Naval Postgraduate School has established a broad program in computer and network security education. The program, founded on a core in traditional ... -
Authentication scenario for CyberCIEGE
(Monterey, California. Naval Postgraduate School, 2005-09);Frequent media reports of the loss or compromise of data stored on computer systems indicate that attempts to educate users on proper computer security policies and procedures seem to be ineffective. In an effort to provide ... -
CyberCIEGE scenario illustrating secrecy issues through mandatory and discretionary access control policies in a multi-level security network
(Monterey, California. Naval Postgraduate School, 2004-06);User training in computer and network security is crucial to the survival of modern networks, yet the methods employed to train users often seem ineffective. One possible reason is that users are not fully engaged during ...
