The networking of universities in collaborative projects is a complex sequence of activities, including the deployment of common information resources used on a cooperative basis by all project participants. A particular challenge in terms of the emerging risks of information interoperability is the implementation of gamification in such projects.
The several approaches which are requiring a generalisation of the principles of secure information exchange between participants can be identified. For example, projects based on cooperative game tasks execution [1] or game-based learning [2] can provide interesting insights into safe collaboration. Phishing attacks [3][4][5] are the most studied types of social engineering attacks. Moreover, gametheoretic issues of modelling intruder actions, including using stochastic and signalling games as tools [6][7][8][9], allow us to look at the problem from the perspective of attack scenario selection. Particular attention is paid to the issues of remote access and rights differentiation between the participants, while when implementing role-based interaction (e.g., for the web or social network-based projects [10]), role-based access control models can be used within the resources and information systems of the project. The scheme of access based on roles and tasks inside a gamified networked educational project is shown in Fig. 1.
It is correct to consider information interaction risks as well. When predicting the strategy of impact on information resources of a gamified collaborative project, information protection tasks can be simplified and standardized (by choosing the most suitable scenarios for the intruder for counteraction). In the following, we consider an approach that implements intruder actions evaluation for social-engineering attacks.
Social engineering attacks [11] have started to spread actively with the use of individual accounts of participants, both staff and learners, in online educational projects. The boundaries of privacy have shifted. A personal account can be attacked during an educational interaction and privileged within the information system of an online educational project.
Thus, the aim of the project is to identify and investigate strategies of social engineering attacks directed through participants in networked educational projects, especially gamified ones, against the shared information resources of such projects.
The choice of intruder strategy is shown through the features of role-and task-based access control model in the information system of collaborative educational project. The goals of the intruder at each levels of social-engineering attack are shown. The feature of quantitative assessment of the scenario will be the application of an indistinct attack readiness indicator when selecting a scenario of an attack. Next, the practical relevance is assessed using the example of attacks carried out on educational resources.
This will show some general steps for identifying such an attack scenario and analysing it from the intruder's perspective.
Based on the characteristics of social engineering and APT attacks, including those for gaming tasks [12][13][14], it is possible to formulate an intruder's algorithm of action:
1. Identifying a module or sub-process containing the aspect of players and/or organisers interaction which is the intruder's goal. This may be the transfer of keys to the game tasks or the formation of a solution as part of a shared resource's cooperative use.
2 Define the tasks to be undertaken by the module or process defined in step 1.
3. An empirical estimator of parameters and metrics suitable for assessing the vulnerability of participants (participants' social network accounts) in a gamified collaborative project to social engineering attacks.
3а. Estimation of "simple" metrics such as the number of friends and followers, formation of strong (relatives) and weak (living in the same city, etc.) ties, assessment of the intensity of information exchange.
3b. (if necessary). Estimation of "complex" metrics, working with the social graph, clarifying possible pathways and secondary (tertiary, etc.) targets of attack.
4. Estimate the qualitative content of the participant-resource linkages in order to estimate additional motivation.
5. (if necessary). Complementing the participant model with the means to protect against social engineering attacks that the participant or the social network itself implements.
6. Implementing the attack. Having decided on a primary attack scenario, the intruder uses the idea of the greatest benefit to refine the scenario. The model below describes how it is possible to predict an intruder's actions when using a particular scenario or a combination of scenarios.
At the same time, within the framework of the task of implementing a social engineering attack, several basic scenarios can be identified for common information resources of gamified network projects.
Such scenarios could be:
1. Exposure to rules and content. Pretexting. Implementation of reverse social engineering.
2. Attack to the web interface. Introducing elements to facilitate a phishing attack.
3. Account theft and spoofing. Identify a participant's place in a role-and task-based access control model and use their account to execute an attack.
4. Attack to the communications, including interception or spoofing for social media, forums or email messages.
5. Infrastructure integrity attack, i.e. the substitution or distortion of a common resource to implement a social engineering attack.
Working within the specified algorithm, an intruder chooses one or more scenarios for an attack. The choice of scenario will primarily be based on the access control features of the project, depending on the purpose of the attack (Fig. 2).
From the intruder's perspective, (given the constraints of the security policy framework in which the attacked entity operates), the following sequence of indistinct evaluations can be constructed. Let an information system X have a security policy that involves the following components: O is the set of system objects; S is the set of subjects (S →О);
T is a set of types; X = {r (read), w (write), x (execution)} is the set of access types. U is the set of user competences.
Then the owner of object O can be defined for any X as T →U, and the access of subjects to certain objects of the system is T×R → {allow, deny}. The intruder considers the attack context and possible targets for the attack, formed as an enumeration of objects with specified owners. An affiliation matrix can be formed like this: Next, forming the coefficients of importance for the implementation of scenarios based on expert estimation of the capabilities of the managerial staff of the organization (the intruder, applying methods of targeting, select a specific target -LMS administrator, the owner of the in-game process, in-game role and the person who assigns it) and adjust from their position set
As a result of expert qualitative estimation of the set of system objects O in the form of a set of indistinct CE evaluations, it is possible to propose a definition of the attack readiness indicator in the form of an indistinct number 𝐿𝑆 ~𝑗:
where ∑ ~ indistinct addition performed using one of the methods of implementing indistinct arithmetic operations.
From this position in the simulation, an attack scenario can be identified that provides information on both the possible depth of attack (see Fig. 2) and the attack target that the intruder will choose based on the analysis of potential targets.
Within the framework of the considered scenarios of attack implementation in network learning and gamification it is necessary to consider a possible set of office applications, social networks and networking environments of communication and interaction between users. The use of which is convenient and commonplace both within the interaction of the educational project and the everyday activities of the participants. As such, let us consider the following representatives of the mentioned classes:
1. Discord messaging system (discord. com/); 2. Adobe Acrobat Reader is a reading and editing tool; 3. The social network VKontakte (vk. com); 4. LMS Moodle. The scenario of an intruder gaining access to the system of any participant in the same messenger communication channel can be illustrated by the use of the closed 2020 Discord vulnerability CVE-2020-15174 [15] for cross-site scripting in iframe. The latter is an attack using social engineering techniques, as with this technology an intruder can get participants of a conversation interested in unusual content (a video, 3d model, interactive module), with content that can be tailored to a specific person or be interesting to all, followed by connection filtering.
The use of PDF documents containing interactive elements with JavaScript code to distribute tasks, receiving responses from participants via interactive forms, could lead to a similar situation. If we consider the number of vulnerabilities that Adobe addresses in this product and the relatively infrequent updates by the end user, the level of risk will be quite high.
As an example, here is a list of vulnerabilities resolved at the end of 2020 from CVE-2020-9693 to CVE-2020-9723. These allow access outside of the user's memory area and execution of arbitrary code [15].
LMS Moodle as a basis for educational projects also has a set of vulnerabilities [15]. Some relevant ones can be highlighted. For example, CVE-2019-3810, CVE-2019-3848 were used for additional information extraction.
CVE-2019-10154 was used for messaging analysis. CVE-2019-10186 was used to obtain a session key in certain XML handling situations, and CVE-2019-3849 was used for privilege escalation. Within the resource interaction, CVE-2019-3850 (comment handling) and CVE-2019-10133 (link handling) should also be noted.
The approach shown for estimating an intruder's actions in a social engineering attack on information resources is not only suitable for networked educational projects. In any distributed work with databases or other shared resources, this approach is acceptable.
In addition, it should be noted that the approach takes into account some peculiarities of the development of network education projects, which have not been considered much before. For example, the issue of mixing personal and corporate accounts is touched upon. The idea of vulnerability of particular representatives of project administration to targeted social-engineering attack is also taken into account. Working with project resources from the intruder's point of view is also possible, taking into account the peculiarities of the access control model.
Assessing the potential for targeted attacks on the information resources of online education projects will be shown in future research, but given existing publications [7,8], this seems to be a promising avenue.
This work was supported by the Russian Foundation for Basic Research project No 19-013-00711 a.