CyberCIEGE Change Log
CyberCIEGE Change List
New Features and Corrected Discrepancies
 

1.9v3
  • Hard Rain scenario lets player complete final phase even though some users cannot achieve goals.
  • Replay of email events fails to clear CRL settings, and log entry type was wrong for CRL add log entries.
  • Add button to allow instructor to replay a log from the Campaign Analyzer.  If a log event was selected in the log
  • viewer, that event is set as an initial breakpoint in the replay dialog (which will automatically launch when the game starts).
  • Don’t open asset content dialog if asset has no content.
  • Component descriptions in Component Screen could lead to crash.
  • When a multiple choice question is triggered, and then suppressed because the player had previously answered it, log the previous answer so that replays of the logs will suppress the question.
  • Allow the Campaign Analyzer to create a report using default scenarios and students where the students are all those found in the game directory and the scenarios are any that at least one students tried.
  • Selecting users for dragging misses sometimes, resulting in the floor dragging.  Adjust selection logic to more quickly assume the user is to be dragged.
  • In the Hard Rain scenario, repeat the hint to purchase your own CA.  And increase startup funds so the player does not go negative too soon.
  • Add condition to determine if a goal is failing because the player requires a CRL but there is no server.  Add this condition to Hard Rain to provide the player with a clue about that.
  • Add quiz questions to Hard rain to test players knowledge of using email encryption and signing.
  • Chairs left in incorrect positions if users are moved while chair is adjusting.
  • Determine the workspace in which to drop a user based on whatever workspace was lit up so that player  can reliably determine where the user will end up and avoid problem of "missing" the workspace by  putting the user just outside the outer wall, resulting in the user being returned to its original location.
  • Include a summary of quiz questions answered correctly vs. asked in the Campaign Analyzer reports.
  • Allow packet logs to be collected on computers other than the source / destination, and add some network traffic to the Key Types scenario.
  • Game engine random condition values being reset too soon because dependent trigger assessment was affected by attack-response trigger optimizations.
  • Packet log entries not always recorded in the proper sequence because Java thread execution was not being sequenced.
1.9v2
  • CyberCIEGE now runs on Linux using Wine!
  • Provide player with clear visual distinction between quiz question and guide question so that instructors can direct students to 'correctly' answer the former while freely experimenting with the latter.
  • Game skips questions that have been correctly answered by the player during past sessions.  However, the register values are not set to reflect those correct answers, and thus game conditions may prevent
  • objective completion.  When collecting previously answered questions, load the register with the proper answer value.
  • Packet log generation in Network Traffic Analysis scenario causes the game to momentarily freeze while logs are generated.  Large logs can cause freeze of several seconds.  Add threading to the packet log generation, while ensuring logs are complete before CyberChark views the logs.
  • Attack messages for non-email assets sometimes report 'email was unprotected'.
  • Add option to erase triggered thoughts if conditions change.  This avoids confusing the student with user thoughts that are not consistent with current configurations and game state.
  • User thoughts from failed goals report devices have blocking filters, but in some cases, the reported device is not visible to the character, e.g., because of filters closer to the character.  Clear such thoughts if the character can’t reach the blocking device.
  • Don’t allow easy password sniffing installation on remote computers if local authentication is required.
  • Add condition to determine if two assets are on the same computer, intended to provide hints for DMZ allocation of assets to components.
  • Default office diagram displayed in zone screen should be blank rather than some arbitrary office.
  • Msc fixes to help the game run on WINE:  popup menus fail if they fall off the edge of the frame, make the frame/panel big enough and make it clear (paint it with a screenshot of the affected area).
  • Filter dialogs change application to blocked if exceptions are cleared.  In such a case, the application should remain unblocked.
  • Begin cleanup of Network Traffic Analysis scenario: Remove guard at door; describe users; objective triggers not based on success of attacks.  Redundant workspaces definitions caused Tina to wander. 
  • Added 'customer' who needs access to PGA web page as foil for early blocking of entire domain.
  • Withdraw DoS ticker messages if the DoS attack abates.
  • Attempts to close the game fail if java dialogs are up, which can be particularly frustrating if there are a long list of questions.
  • Purchase of software was blocked if cash was negative even though the scenario was configured to allow negative funds.
  • If a character has no thoughts, display 'hmmm' as the thought, but don’t pop up a bubble speech if player hovers over the user.
  • Alter DoS attack log entries to indicate that the 'attack continues' and add an attack log entry indicating that the attack symptoms have abated.
  • DoS attacks were not forcing an immediate recalculation of user goals, this led to potential player confusion and breakage of trigger logic that references user productivity.
  • Replayed session breakpoints were not keeping logged answers from being provided to multiple choice questions.
  • Saved games that had multiple attacker network domains crash upon reload.
  • In asset assignment dialog, alter the lower pane to restate the asset name and where it currently resides (for clarity). 
  • Add tooltips to FilterException dialog to note that both host and domain values should not be provided within an exception.
  • Add 'AssetSuffersDoS' condition to reflect if an asset is undergoing a successful denial of service attack.  Modify the Traffic Analysis scenario packet-generation triggers to use such a condition instead of an attack condition so that the packets continue to flow during the attack.
  • Immediately after a DoS attack, a trigger to generate network traffic could have waited five game minutes to fire.  Alter trigger processing to assess packet xForm triggers right away if the trigger game state counter is less than the global game state counter.
  • Slow down the crawl ticker for fast machines.
  • Under WINE, java dialogs would not come to front if the game window is clicked, and were thus hidden by the game window with no clue to the user that a dialog needed input.  Use a thread to bring dialog to the front.
  • Running saved games from the Campaign Player in WINE failed because of nested quotes.  Clean up quote handling to strip quotes on parameter input and apply them as needed later, e.g., value=%~2
  • Encyclopedia launch from campaign player under WINE was delayed until game started or campaign changed.  Unexplained behavior.  Changed the player and campaign.properties to launch hh.exe directly rather than via a bat file.
  • When opening lab manuals from the game, display a message if a PDF reader is not found.  Also, try using a hard-coded Foxit reader path if no reader is found (for WINE installations).  And change java player to redirect output to temp log files when starting processes to run the game.

1.9v1
  • Purchased devices domain setting do not reflect zone into which the device is placed.  Side effects include incorrect computer lists in configuration dialogs.
  • Game fails to run if Windows user DPI setting is > 100%.  Check settings and suggest change to the user.
  • Don’t look for local Java installation (use the copy we distribute) unless the user can taken an explicit action, i.e., created a 'localJava' file in the user application directory.
  • During installation, look for Intel HD video with potentially failed drivers and report to the user with suggestion to use a driver version that does not fail to render background.
  • Expand VPN offsite zone to cover entire building. Moving computers or devices between sites should disconnect local networks
1.9u8
  • Game distribution  now includes the JRE.  Note, there is no update to this version.
1.9u7
  • Authentication server scenario could not be completed becuase of software being subverted.
1.9u6
  • Filters scenario hangs on question triggers.

1.9u5
  • Add CertAttack scenario (student thesis) to illustrate self-signed certificates, key usage, etc.
  • Add  Network Traffic Analysis scenario (student thesis)
1.9u4
  • SDK question form lacked scroll bar
  • Replay log function not configuring lan and host fields for remote hosts having vpn clients, which should be set to wildcard.
  • The AssetToNetworkByFilterType condition should ignore attacker computer names when configured to simulate goal processing
Update 1.9u2
  • If quiz questions answered correctly, subsequent play of that scenario could lead to game stalling in a phase
Update 1.9u1
  • When adding a new certificate, new certificate not utilized until it was clicked (even though it appeared as selected in the UI).
  • Serial numbers not assigned to default user certificates.
  • Alter ParaZog so workstations don’t report patch problems.  And distinguish attack type counts so malware exfiltration happens at least twice before a question is seen.
Update 1.9u
  • In Campaign Player log collection, rename user directories to name provided by user.  Alter Campaign Analyzer to detect cs3600 log zips.   
  • Generate student reports directly from the campaign analyzer (don’t rely on sql database).
  • In Campaign Analyzer, when tracking student time spent on scenarios, don’t count time that appears to be idle.
  • Add GoalHasRoot condition to assess if a root cert from a given domain is used within a given goal.
  • Subverted CAs not resulting in integrity attacks against email in some configurations.

Update 1.9t5r3
  • If the sender of email can no longer reach the server containing the email, delete it.
  • Alter SSL scenario so that web server will not work with one-time passwords. 
  • In the SSL scenario, the contractor equipment should be static.
  • In the ParaZog scenario, add the new users to the out-sourced email server so player can choose to use that.
  • In the Hard Rain scenario, permit loans.  Also, question about having the CA on the lan was not displayed when Marlene was the attacker.
  • Saving and restoring previous email goal information led to incorrect attacks.
  • LDAP (SSL) application filter ports not staying blocked.

Update 1.9t5r2
  • Highlight network filter entries that have exceptions (text in red).
  • SDT: creating some XML components resulted in overwriting of values upon  saving as a side effect of seeing if the element set had changes to save.  Also, remove SSL server assets from sets if they are not used in the scenario (otherwise they persist and load into the game, e.g., if an asset is removed from a scenario.)
  • Self-signed certificates leading to game crash.
  • Add user thought reflecting lack of account on servers.
  • Add GoalUsesSSL condition to test if SSL being used to protect an asset.
  • Add ComputerAddUser trigger to add user accounts on static servers.
  • Changing email settings from using weak public ca does not prevent spoofing if resulting configuration causes goal failures.

Update 1.9t5r1
  • Filter blocking treats destination exceptions as a full port block for purposes of attacks, thus preventing some attacks.
  • Highlight network filter entries that have exceptions (text in red).
Update 1.9t5r
  • Running saved games from campaign player led to crash.
  • Add questions to the IdDB scenario.
  • Provide question-based feedback (e.g., for malware exfiltrating secrets from user’s workstations)
  • Remove inference phase from the Identity Database scenario.
  • Attack log not including key compromise information (e.g., when private key compromised by attacker.)
  • PCA scenario permits win even though asset compromised - not testing for Sponsor List. 
  • Large filters cause replay to end without notice.  Increase token reader string size.

Update 1.9t5q9
  • VPN client dialog crashed game, so did VPN test dialogs.
  • Update VPN dialogs to use new PKI certificate viewers

Update 1.9t5q8
  • Game crash on reload of some PKI scenarios.
  • Email logic should prevent user goal from being achieved on workstation thatis not at the user’s current site.
  • Player log processing too slow
Update 1.9t5q7
  • PKI certificate display enhanced to better represent X.509 certificates.
  • Email: distinguish between recipient failing to authenticate the email signature and the recipient failing to authenticate the certificate.  Add new procedural choice to email client.  Add new 'spoof email' attack type.  Also, in Asset screen only reflect sender choices (i.e., encrypt and/or sign) and don’t reflect whether the receiver authenticates the email or the certificates.
  • Create a new game condition to assess if a named CA has signed the certificate for some other named CA.  Name the first CA in terms of user goals and the second directly (assumption is the second CA is static).
  • Create 'PacketXform' trigger for managing renaming of components within packet logs.  Add PacketXform scenario element type.  Add 'view packet log' menu item for computers.  PacketXform supports random name assignments and includes component and domain naming.
  • Extend network filter 'exceptions' to let user deny application service requests to/from selected remote components or domains.
  • Change email client heading from 'Email Client Encyrption' to 'Email Client Security'.
  • Add 'AttackerName' trigger to associate a name with the attacker computer and the domain from which the attacker occurs.  The names are used when assessing network filters during attacks and during AssetToNetworkByFilter type conditions.
  • Canceling purchase of a desk leaves the ghost image laying around.
  • Add pop-up questions to Hard Rain, e.g., to prompt player about subverted CA when on the LAN and encrypting quotes to UFO.  And selection of smart-card reader.
  • CA on isolated network led to compromise in Hard Rain scenario.  Attacker used own computer hooked to isolated network.  Limit CA attacks to situation where CA on net with other computers.
  • When an email recipient cannot achieve a goal, there should be no integrity compromise.
  • Add 'CRL' to email goals.  Introduce 'LDAP' as software type and associate with CRL servers.  CRL goals will require access to a LDAP server in the subject’s domain.  Add 'ExposeKey' trigger to simulate exposure of private keys (e.g., theft of laptop having same soft cert as workstation).  Use of CRL mitigates resulting attacks.
  • Introduce support for multiple distinct subject certificates, the immediate goal is to lull players into deploying 'signing' certificates for use when authenticating via TLS with the intent of created bogus signed email. Change management of 'MyCA' to manage a set of application certificates generated for a given user/workstation.  Certificates will include a 'intended use' type of extension that is currently 'email' or 'identity'.  Initial selection of a CA via 'My CA' will result in a certificate of the type appropriate for the application.  However, if a second application selects the same CA, the player will be prompted to use the existing certificate.  Declining leads to the interface via which new certificates of different types can be generated.  Reflect revoked certificates and CRL servers in certificates.
  • Add a denial of service attack type to simulate a flood-type of attack. This attack will not depend on unpatched flaws in services.
  • Move player visible certificate validation to Java, extend distinct certentries to smart cards.
  • Networks can be connected/disconnected to components in static zones via themenus.
  • Distinguish DoS flood attacks from other DoS attacks, 'undo' them separately.
  • Use Java JDK version 1.6
  • Extend Campaign Analyzer to include a table with one entry per game played bythe student.  Selecting an entry from that table will determine which game’slog is displayed in the game log table.
  • Filter scenario race condition where description of Mary’s goal appears beforeshe actually has the goal.
  • Display wait cursor when loading java and when starting game.
  • Installation default to Program Files (if running as admin).  Always place
  • logs in application data directory unless user already has a log relative togame - or game is on a network drive.
  • Potential buffer overrun in EndGameLog.
Update 1.9t5p1
  • User speaks time out if player changes screen after speak starts (potentially before player ever see’s it.  Base duration on amount of time the office screen is displayed with no dialogs.
  • Password scenario gives incorrect player feedback if played at high time compression because final delay on win was based on real time.
  • SSL goal feedback sometimes reports 'missing client' when the problem is an inability to validate the server cert.
  • Patches scenario masks vulnerability of remote user’s unencrypted password on Internet.  Alter goal to use SSL via a self-signed certificate.
  • SDT fails creation of new SSL client because of missing xml file.
  • Revise Campaign Manager to eliminate need for a separate campaignlist.ini file, move all prerequisite handling into the campaign catalogue and reflect it in the gui.
  • Assign points to scenarios and track player’s accumulation of points as a metric of progress through campaigns.
  • DMZ scenario crashes in version 1.9t5p due to missing question.

Update 1.9t5p
  • Encyclopedia keyboard shortcut description for compressing time not clear.
  • Network filters exception title description truncated in dialog.
  • DMZ scenario not saving after each phase, and not saving 'proxy for' values.
  • The 'FilterNamesComponent' condition is not saved with its condition class, leading to crashes.
  • Revise domain handling such that components in the 'www' zone can have their own explicit domains.  Begin to decouple domains from zones.
  • DMZ functions could lead to crashes on reload.
  • Give the 'hidden' domain a name, i.e., 'Conreel ISP'.  Show the domain in dialogs, but hide the components (e.g., simulating NAT or other filtering).
  • Extend network scan domain to include OS description.
  • Revisit all scenarios to clarify the domain of offsite components and assign domains to components in the www zone.
  • Extend QuestionMult triggers to alternately name a user who will speak the responses appropriate for the given answer provided by the player.
  • SDT: Add a third text field to triggers.
  • SDT: when deciding if rebuild is needed, check dates on xml files named within scenario element sets.

Update 1.9t5o1
  • Key Types scenario insider attacks succeeding against assets because application patch level moderate instead of few.
  • Clear briefing screen and tool tips if player pressing <esc> or <enter>.
  • Process selected triggers during display of java dialogs, e.g., to log player view of dialogs.
  • Some malware attacks resulted in two attack messages.
  • Log viewing of attack log.
  • Close message dialogs if player presses <return>.
  • Validate SDT trigger references to Questions.
  • Alter Introduction tutorial scenario to include attacks that enter the log. 
  • Point players to the attack log using a tool tip.
  • Convert Key Types scenario quiz to the new question forms.
  • Allow java dialog help links to be modified while the dialog is up (i.e., via encyclopedia triggers).
  • Release JNI allocated string memory.
  • Add a 'static' tag to component descriptions to indicate text to display when player attempts to modify that equipment.
  • Replay question responses, when displaying questions and responses, include brief delay.
  • Clear right click if dialog is up so menu does not appear when dialog is cleared.
  • Alter trace route output to start at source of trace.  Reduce tab spaces and use indenting.
  • Not attacking SSL equivalent software types, e.g., if filter blocks access to vulnerable web service but not its SSL version.
  • Network scan trace route not including SSL versions of software if filter blocks non-SSL version.  Also, if SSH, hide information about the application as if port forwarding were taking place.
  • Add an 'AddSoftware' trigger to put weak applications on user’s machines, e.g., if player filters access to one weak app, add another.
  • Add 'Scan from Internet' to basic 'floor' menu to simplify access to internet scans.
  • SDT, validate trigger time delay fields.
  • Add questions to the filters scenario, and add triggers to add weak software to Larry’s workstation.
  • Add tutorial video on use of 'installed roots.'
  • Conditions that count components should not count hidden components.
  • Add 'back-end' software types to per-asset goal specifications.  Also clean up SDT goal form so that filtered software and back-end software is specified in the per-asset entries and do not appear in a separate list.
  • Authentication server client lists only exclude static workstations. Revamp so that any workstation within the authentication server’s domain is included unless static (because static implies no change to component to name the authentication server.)
  • Reformat goal description in USER screen to identify software needed for the goals.  Distinguish local software from services and back-end software.
  • Email moved to sender/receiver workstation not subject to targeted malware attacks. 
  • Add computer menu item to move an asset to a selected computer.   Remove 'intended access' section from the display since it is not correct.
  • Scenario replay function not handling player-driven asset moves.
  • Software buy/remove lists were displaying SSL variants of applications.
  • SDT, when determining if an element set has changed, don’t update the file if the changes are only syntactical.  Save new and old versions of the file and compare the results of the save.
  • Alter Filter exception handling such that exceptions are defined for sources when traffic is from a network, and exceptions are defined for destinations when traffic is to a network.
  • Campaign Analyzer: add summary column reflecting the number of times a scenario was played subsequent to the first win of the scenario.
  • Extend DMZ scenario to include deployment of a web server that accesses a backend database.
  • Alter AssetToNetworkByFilterType to not account for asset access if the 'goal  value is true, i.e., just see if the software type can reach the asset’s computer.
  • Alter Hard Rain server description to include reason why player cannot modify the server.
  • Widen the campaign player Saved Games list.  Shrink Campaigns and Scenarios list a bit.
  • Campaign player 'show tips' turns off by default once the preferences are opened.
  • Change attack log text area to be non-editable so that cursor remains as a pointer.
  • Moving or adding assets results in incorrect group ACL settings if no user entry.
  • Block user creation of assets to which they have read-only access.  May result in need for player intervention to create the asset.
  • Improve feedback to player when user cannot create an asset.
  • Web access without any authentication was being treated as 'accountable' access, leading to password compromise in some cases where no password was used.


Update 1.9t5o
  • Log network scans
  • Network scans from networks not displaying components that lack services.  It is more consistent to show all components that might be visible.
  • Add Question form to simplify management of multiple choice questions and responses to player choices.  Add new trigger type to display these new questions.  The old 'Question Triggers' should still be used for cases where responses to player answers are other than messages (e.g., if they are user speaks).
  • Player responses to questions were not being logged.
  • When zones are broken into as part of attacks, include the zone strength and motive in the attack log.
  • Physical security scenario: add a debriefing to distinguish physical breakin of a zone vs attacker having access to the zone.
  • Change VPN scenario help page to the VPN section of the network configuration. 
  • Network scans from workstation reports connections though the workstation should be blocked by a vpn client.
  • Add a ComputerDiagnosticUser condition to assess a given user’s workstation for attack properties (e.g., VPN client that blocks access to goals) and use that in the VPN scenarios.
  • VPN scenarios, make sure they will complete and provide accurate feedback, even if player topology is unexpected (e.g., VPN client on server side).
  • Malware unable to exfiltrate assets through filters (without subverting the filter) if all incoming ports are blocked.  Alter to enable exfiltration if any outgoing port is open.
  • Change attack assessment ordering so that malware is chosen before OS flaw.
  • Previous change to attack reporting masked reports on some kinds of attacks.
  • Remove the Extras campaign - too many scenario crash or otherwise don’t work.
  • Campaign player change to display  campaign list along side of scenario list. Some players failed to notice campaigns other than the training campaign.
  • Enable 'Starting Scenarios' as soon as player completes 'stop worms'.
  • Network scan from Internet not seeing SSL applications through firewall which blocks non-SSL version of app.
  • Previous version masks some password vulnerabilities, e.g., writing down passwords.
  • Add condition to reflect if a goal uses a VPN.
  • Shared goals led to inaccurate goal failure reasons.
  • Introduce high assurance router into Filters scenario catalogue.
Update 1.9t5n5
  • Requirement for web authentication should over-ride lack of remote authentication for the component - at least for user goals.
  • Add application attribute that reflects incompatibility with one-time password generators for use in web servers in scenarios where we want to force students to deploy smart-card based TLS solutions.
  • Wiretapped passwords led to compromise even though one-time passwords in use.
  • Change to SSL/TLS interface resulted in incorrect goal achievement when TLS is selected without selecting SSL.   This allowed players to complete the SSL scenario despite not being able to validate the business partner’s TLS certificate.
  • Selecting SSL for email server without assigning CA’s to clients can lead to crash.  
  • Hide night in DMZ scenario and adjust so money lost if Dan fails web.  And make Bev’s equipment static.
  • Put VPN key management selection into a button group.
  • If a component is static, but appears to offer public access, permit player modification of the browser.
  • Lock configuration interfaces when dialogs are up.
  • SSL client dialog sometimes disappears behind the game screen.
  • SSL functions not clearly distinguishing between cross certification vulnerabilities and installation of third party roots.
  • When player assigns a CA to a public browser in a foreign office, assume the subject of the certificate is the user who might try using that workstation. Inconsistent behavior when web service requires authentication. 
  • Campaign player window is clipped when virtual machine displays shrink.  Resize the player whenever it is clicked.
Update 1.9t5n4
  • Removing software from computers results in crashes.

  • Unable to discover/scan from static workstations.

Update 1.9t5n3
  • Java dialogs begin to paint very slowly on some systems (VMs in particular). This may be related to multiple active dialogs (e.g., email followed by validation).  Introduce logic to lock primary dialogs until secondary dialogs close. 
  • DMZ scenario displays incorrect lab manual when the lab manual button is pressed (Encyclopedia has correct manual.)
  • When two java dialogs are up (e.g., email and certificate validation), closing the parent can lead to child dialog being hidden by the game screen.
Update 1.9t5n2
  • Hard Rain scenario help triggers not firing properly.  Alter EmailProtected condition to employ asset motives by default.
Update 1.9t5n
New Features
  • Add DMZ scenario
  • Add tutorial video on Patch Management.
  • Alter filters to permit host or domain exceptions to denial of application service requests.  Transition interface to java. 
  • Add FilterNamesComponent condition to assess if player created exception.
  • Add ChangeComponentName trigger to prevent users from setting unrealistically specific exceptions for services, e,g., to some remote SMTP server.
  • Introduce email proxies that inherit accounts from a named server.  Email proxies receive email for those users, and forward the email to the named server.  Proxy indication within the email server application configuration. Reflect use of email server as SMTP server in component screen.
  • Denial of Service was lacking a clear abstraction, i.e., how does player observe the dos and its effects?  How does the player mitigate the DoS and see the effects of that?  Successful DoS will degrade availability of affected computers.
  • Email SSL:  if client configured for it, then it is used (the server would have to have a CA).  If PoP and server offers it, then client must have root.  If SMTP, only used if client configured for it, or client has root or remote server has root.
  • Add Discovery / Scan function to scan computers in a domain from a given network.  Scan will also divulge additional information about applications related to patches depending on the component’s patch management and the applications patch requirements.  Displayed values include:
    •      Patches up-to-date
    •      Old patch level, vulnerable application
    •      Very frequent patches, zero-day a month
Corrected Discrepancies
  • User thought display in Info panel will sometimes truncate start of text.  Try reduced text box indenting.
  • Email servers for senders not found if shorter route previously found. Revised for filter exceptions anyway. 
  • Player should not be able to buy/remove software on static computers.
  • Provide player feedback when the user is locked out of the main office.
  • Pressing <esc> while in a popup menu resulted in game hanging.
  • Delay after last attack in Parazog leads to saved games that end with no debriefing.
  • Don’t include attack routes in automated debrief screens.
  • Attack paths that include smartcards missed the shortest attack path.
  • Parazog scenario allowed player modification of contractor’s email server.
  • Network view horizontal scroll bar can enter a state in which it continues to scroll in one direction.
  • Password scenario does not end if player fails to protect Lucy’s computer, and may lead to game crash.
  • Look for mis configured email proxy and report that ahead of filters blocking access by email senders.
  • The updatePatches:none and updateAntivirus:none conditions did not work.
  • User authentication scenario allows player to modify customer router.
  • Create game runtime JVM from the CCSE directory.
  • Add help to MAC integrity scenario in response to player selecting a SECRET network connection for Sean.
  • Pressing tab in other windows other than the main office window brings up office window artifact.
  • Camera-to-Index trigger does not adjust to different building.
  • Modify network screen network button help to more clearly reflect effects of clicking network buttons.
  • Block player from placing computers in checkpoint workspaces.
  • Copy eventlog dtd file when campaign analyzer is run to cover cases where the logs are not in folders created by an installation (e.g., student log collections.)
  • Hide attack log button in all but office screen -- was appearing in network screen
  • Update Filters scenario to present consistent domains and view of Regulator’s office.
  • SDF defined ACLs and player defined ACLs should be in force even if 'Protect with ACL' is not selected.
  • If link encryptor is only connected to one network, then 'reversing' networks can result in a crash.
  • When assessing 'AssetToNetworkByFilterType', only require read access.
  • Update Patches scenario to present consistent domains and block player from using filter exceptions to avoid patch management.
  • Remove Instructor Notes from the encyclopedia and distribute them separately to instructors (e.g., via a web-link given only to instructors.)
  • Hiring IT staff to relieve deficit does not re-compute software assurance so old patch management trouble carries forward.
  • Selection of 'requires TLS' should cause use of SSL (player should not have to select both.)
  • Attacks on Certification Authorities don’t reflect typical game vulnerabilities, particularly with respect to insider attacks. 
  • Advanced VPN scenario displays the Introductory VPN lab manual.
  • Game time in seconds not computed on game reload, resulting in the game failing to limit triggered attacks to prescribed frequency.
  • Disconnection of computer from network via pop-up menu not logged.
  • Don’t display group in ACL list unless computer knows user or it has a setting.
  • Scenario replays remain paused if replay game time gets behind original game time.
  • Race conditions in detecting selection of a popup menu item.
  • Hard rain scenario 'EmailProtected' condition missing access mode.

Update 1.9t5m
  • In the Down Time scenario, make Chester a industrial spy.
Update 1.9t5l
  • In filters dialog, let player click either left or right side of application entry to toggle port setting.
  • 'Who Are You?' scenario failed identity database access because zone users were no longer able to access servers. 
  • 'Who Are You' should not experience wall defacement if player deployed biometrics.
Update 1.9t5k
  • Not saving SSL Client 'promiscuous roots' setting leads to failure of Filters scenario if started from saved game.
Update 1.9t5j
  • Alter smartcard descriptions to clarify where they come from and how they are managed.   Clarify that some scenarios have a central source for smartcards and others require the use of smartcard minters.  Alter IM scenarios to have centralized smart-card minter. Alter encyclopedia F1 help to distinguish between workstation smartcard readers and zone access devices.
  • Modify scenarios so that CA software not purchasable.
  • Advanced VPN scenario breaks if players uses symmetric keys for all but final purchase goal because XCert trigger does not go off.  Add trigger to XCert all of an enterprise’s certificates.  Also add condition to test if a domain has a CA.
  • Viewing encyclopedia on VMWare virtual machines can lead to slow page painting. 
  • Adjust game engine 'somethingToRender' logic to give more time to other applications.
Update 1.9t5i
  • In ParaZog scenario, move up reporting of microwaved smart card so it does not step on an attack report.
  • Some Windows 7 systems cannot find the msvcr71.dll which used by the getdxver program that checks direct x versions.
  • Allow player to double click on scenario or saved game in the Campaign Player to launch a game.
  • Escape out of Yes/No dialogs failed.
  • Network connection labels change from player selected values due to error in range storage method.  Game crashes if only either secrecy or integrity label is selected.
  • MAC label management encoding is very confusing. Simplify for maintenance.
  • Change 'can’t drag visitors' message to a tool tip from a message.  Message display from within checkObject corrupts cursor display.
  • Users in visitor group not displaying unless scenario includes the 'hideUsers' switch.  Enable student log management to handle multiple sections during a quarter.
  • Advanced VPNs failing to compromise assets protected by public CA and wide-open connection profiles.
  • Add game tips to campaign player startup.
  • Create dummy cursor to display when creating video’s from screen capture.  Activate via '-J' run option.
  • Change goal failure ticker to read '<user> cannot <goal>' instead of '<user> cannot access <goal>'.
  • Add titles to popup menus.
  • Rephrase VPN scenario descriptions to avoid confusing players into thinking the point is to let the two users directly communicate over the internet - only the remote user is accessing the internet.
  • VPN interface use of term 'Protected Network' is confusing in that some players assume that is the internal secure network.  Change name to 'vulnerable network'.
  • In VPNs with symmetric keys, selection of 'N' or 'B' should blank out key id and not result in cost to deploy.
  • In Hard Rain Scenario, if pay-per-cert CA is included as a root, and that leads to multiple attacks, generate a game-stopping popup that explains what is happening. 
  • Hard Rain scenario lacks a dialog for the 'quit' screen and clarify that only Miller needs to send quotes.
  • Loan management not accounting for IT costs, resulting in player not being  able to get loan to purchase equipment.
  • Saved games don’t appear in the game campaign player if the associated log is corrupt due to a crash.
  • Try flushing logs on each added entry.
  • When attacking with computers as gateways, treat the computer as the starting component (in place of the asset computer) - this allows the VPN logic to allow the computer to match local profiles.
  • When assessing wiretaps, relying on compromise costs leads to missed attacks when catastrophic compromise costs are set to zero.
  • When players select a VPN symmetric key that the designer specified as 'previously used' i.e., one that in a component that is static and within same domain as the configured VPN mechanism,  the player will get a pop-up saying:    
    • "Conveniently for you, the secret key you selected is already distributed     throughout the enterprise and therefore you incur no key distribution     costs."
  • If two offsite zones are in the same domain, engine was reporting they are not, and vice versa.
  • Disable navigation and info-panel buttons if dialogs are up.
  • SSL scenario can crash if smartcard required and not smart card minter. 
  • Add user thought noting need for smart card minter.
  • Hard Rain scenario has inadequate feedback when attacks occur because the CA is on the network.
  • When viewing SSL client configuration from the SDT, display element goals in addition to potential scenario-based goals (the viewed set’s goals may not include any from the current scenario).
  • Web authentication requirement bypassed when asset has public ACL.
  • Auxiliary files (e.g., asset table content) not being copied when games are saved.

Update 1.9t5h
  • Network menus should not include labeling options if component has no network connections.
  • Help tip message on pause/play button can display the wrong message for some sequences.
  • Add computer diagnostic for multilevel channel connected to non-multilevel channel.  And AssetComputerMLNet condition to detect multilevel channel.

Update 1.9t5g
  • Hard Rain scenario, hint to buy own CA displays again after CA is purchased.
  • When crashing, don’t suggest player send 'crash.txt'.  Change message to email error if crash is repeatable.
  • In VPN introduction scenario, change name of 'Entire Office' to 'Boil Plate Corporate Offices'.
  • In VPN test functions, failure to select a host can result in a game crash.
  • Dragging device across sites results in 2 copies within the network screen.
  • VPN scenario server is actually a workstation, it should be a server so users can’t use it to achieve goals.
  • VPN scenario camera moves to Adam’s office for no apparent reason.
  • VPN logic fails when asset’s computer contains a VPN client.  Allow VPN clients in servers and allow client-to-client VPNs.
  • Scrapping computer not resulting in ssl data cleanup.   
  • Don’t display hidden computers in PKI interfaces.
  • Angle Locks scenario, some goal failures don’t result in penalty;  increase goal bonus; add questions and save game after phases.
  • Assets that should be hidden (e.g., because not currently part of a user’s goal) may appear after loading a saved game.
  • Network menus should not include labeling options if component has no network connections.
  • Add trigger to enalbe/disable tabbing to particular viewpoint.

Update 1.9t5f
New Features
  • Added SSH into the SSL functions.
  • Introduce self-signed server certificates and user settings to
  • accept any server certificate or root.
Discrepancies
  • When retrieving PKI client application records, single user default case should rely on whether or not the workstation requires local authentication- user’s can authenticate even if not necessary (e.g., on a system having an open guest account.)
  • Scenario replay function assigning users to servers.  Still an approximation,but only do assignment if it is a workstation.
  • Link encryptor network connection via menus failed to update encryptor-specific state.  Resulted in crashes of scenario.
  • Revert IdDB scenario back to using Web services to access data.   ACL protection works for authenticated web sessions.
  • Error handling of bad video interface to report message and shut down gracefully.
Update 1.9t5e
Discrepancy
  • Down time” scenario attacks on email server succeeding.  These should not occur.  Side effect of web/ssl changes.
Update 1.9t5d
New Features
  • Completed SSL scenario including use of TLS and smartcards.
  • New MAC and integrity scenarios in a new MAC campaign
  • Distinct logic to steal web/email passwords via wiretaps.
  • Add 'shared' attribute to assets in goals to reflect cases where all asset goals having that shared asset must succeed or all such user goals will fail.
  • Add 'Asset Computer Single Level Network' condition to assess label on the component containing an asset for the network connected to a given user’s computer.
Discrepancies
  • Loading scenarios with existing email goals leads to crash if computer is later scrapped.
  • Permit assignment of network labels via the menus and support replay logs.
  • Video status debug function failed due to earlier change in user entity management.
  • Network MAC connection type comparisons not accounting for non-MAC components.
  • Flow between network of different labels not properly accounted for. 
  • Incorrect integrity motive calculation, typo in code.
  • Asset goal description truncated, shorten line length.
  • Browser configured to use smart card for TLS not requiring smart card reader.
  • Remove 'Asset Protection:' field from SDT - has not been used.  Intend that 'Use ACLs' be used instead.
  • Zone domain calculation for sub-zones returns invalid value.
  • Alter User Identification scenario to use SSH for remote access from the hotel computer - the web service is vulnerable because of its patch frequency.
  • Clarify meaning of software assurance with respect to software integrity.  
  • Application assurance reflects integrity.  O/S assurance reflects policy enforcement strength.  A different O/S value (Integrity) reflects integrity.
  • Replace high motive integrity logic with new topology assessment, removing old, now unused, code.
  • Stop Worms help tip for returning to office comes from wrong location.
  • Do not process gamecore when malware added to a computer, wait for next cycle because it won’t effect goals immediately.
  • Change IdDB scenario to use SSH to access identity database instead of web server to avoid web SUID feature descriptions.
  • In Link Encryptor scenario, remove extraneous LANs to simplify player help.
  • Error message if designer includes network connections on workstation ID devices.
  • Repaint menus to avoid blank menu displays.

Update 1.9t5b
Discrepancies
  • User Identity scenario missing files prevented new SSL functions from protecting remote communications within the scenario.
  • Treat pay-per-cert fees as losses when computing player loans.  Was keeping Hard Rain scenario from letting player buy a router.
Update 1.9t5a
Discrepancies
  • Remove motive to modify email in hard rain scenario.
  • If user given account on one workstation, and the workstation is otherwise unassigned, assign the user to that workstation.
  • Hard Rain scenario not penalizing player when Miller cannot construct the quote.  And add popup help for cases where scenario is one of the first played by a student.
  • Users being selected for speaks when cursor is off the displayed office.
  • Email client dialog not displaying CA combo box when checkbox is selected.
  • Custom component configuration not handling null replay file names.
  • Add 'CompanyHasWorkstations' condition to assess workstation counts.
  • Clarify attack messages when a public CA is spoofed into issuing bogus email certificates.
Update 1.9t5
New Features
  • Reimplement SSL functions to make  use of PKI features.  Include TLS and smart card-based access.  Distinguish web-based authentication from other remote authentication.  (Some saved scenarios that use SSL, e.g., IdDB, may fail with this update.)
  • Initial implmementation of SSL scenario (Angle Locks).
  • Associate users default group with a domain as a means of identifying which domain a user belongs to.  
  • Introduce daemon entries into ACLs, e.g., for email and web services.
  • Add custom trigger and component interface handing to allow developers to call out to external software.  
Discrepancies
  • In ParaZog, change label of 'Derivative Database Instructions' so it is not attacked before the carbon credits derivatives. 
  • Don’t let scroll bar fiddling result in double click events.
  • Some reloaded games initially display without a status panel.
  • SDT game run script syntax error kept some windows command processors from parsing the sdf file name.
  • Player scenario advancement broken.  Needs to reflect progress per campaign.
  • F1 pressed in email client form brought up VPN help.
  • Saving game with time compression causes restored games to return to that time compression.
  • Loading scenario missed PKI CA’s if the CA is not also one of the installed roots.
  • Add user thought if network filter might be blocking goal.
  • Error in 'userClaims' determination of which workstation used by a user for a given goal.  Could affect email attacks.
  • Add 'minutes played' column to campaign analyzer summary table.
  • When attacker assumes some user’s ID, require NFS as a minimum (for filtering).
  • Attack button no longer appearing after debrief screen. 
  • Extend sniffed password logic to make password available to attacker from wherever.   Take advantage of the attack cycle, with assumed id’s occurring first.   Per-server, record users whose passwords are compromised. Also record post-it passwords. 
  • Authorization profile logic not accounting for clearances and group membership.
  • Measurement of user training for computer does not account for remote access to servers.
  • Link Encryptor scenario 'stale keys' reported even if keys are changed if game is replayed. (save / restore lastKey and lastTime)
  • SDT library tree not displaying elements with lower case suffixes.
  • ACL rights not properly saved/loaded when they differ from intended rights.
  • SDT would not open set if another set with the same name was open, even though the sets are of different types.
  • Email client configurations managed within authentication servers.
  • Use of email services in attacks should depend on whether the target asset is an email.
  • Not checking authorization profiles for locally defined profiles.
  • Reference integrity attack descriptions missing goal related information.
  • Alter runPlayer.bat to try java in system path if registry is not visible.
  • Replace the CyberCIEGE.exe compiled bat file with an explicit bat file - some platforms will  not run the compiled bat files.
  • Saving a scenario that has not been started leads to crash when scenario starts. 
  • Camera movement: when iterating to the main office building without a viewpoint, use the world center for the main office instead of the initial camera position (which may be offsite).
  • When user position not within a defined zone, walking path calculations can cause a crash.  At least provide an error message.
  • When moving to a new phase, reset the frequency reference clock for attack triggers whose motive is -3 (governed attack triggers).
  • Public access to web server access was being determined based on intended access vice the ACL values.
  • Reporting loose filters allowed access to a subverted service even though the service was not subverted.
  • Reference integrity wiretap attacks not reporting goal-based attack reasons.
  • When computing computer training values, don’t count unauthenticated access.
  • Subversion of partner CA should depend on security attributes the player can assess.
  • Add custom trigger and structure for custom component configurations.
  • Respond to Shift-F10 with popup menu for currently selected component or user. Enter key was not being accepted. 
  • Zone entry logic change to reflect users who are 'escorted' visitors, i.e., offsite visiting needing access to a workstation.  Or assigning a user to a desk.
  • Add patch management status to subverted service attack feedback.
  • Email UI missing function to let player validate PKI certificates.
  • IT Manage screen over-written by user speaks bubbles.
  • When computing IT staffing-based 'trust' in components, don’t penalize components that are in foreign domains.
  • Hiring IT staff not immediately effecting IT-dependent security.
  • VPN use of spoofed roots not accounting for policies that require certs from selected domains and no cross certification.
  • Filters scenario steel formula asset missing dac protection setting.
  • Physical security scenario can be won even if Jerry fails his goal.
  • Update player cash for costs along with other updates, don’t wait until end of the day.
  • Saved games were storing calculated rights for ACLs vice explicit modes.  ACLs don’t use calculated rights.
  • Some game reloads cause crash, moved UI re-init before scenario loading.
  • When dragging users, calculate access to closest workspace rather than mouse position.
  • Adjust GenesRus economy so Mary’s goal failure puts player into a penalty

Update 1.9t4b (no update available, only full installation)
Discrepancies
  • NMCI platforms hide the registry from the command processor, look for Java in the system path if regedit fails.
  • Some platforms cannot execute compiled batch files.  Replace the run-from-cd compiled batch file with a simple batch file.
Update 1.9t4a
Discrepancy
  • Campaign player not advancing scenarios.
Update 1.9t4
Discrepancies
  • VPN Scenario allows advancement to phase four even though web access goal fails.
  • Save game function crashes when workstations deleted prior to save.
  • 2d animation and fire system not being shut down before scenario reload.
  • Identity database scenario would not load due to duplicate component name checking error.
  • Right click on a server rack, but not on the computer causes a crash.
  • Advanced VPN scenario is insufficient money to purchase a CA and the VPN gateway.
  • Hard rain scenario ending leaves player thinking they should do something different to avoid the negative ending.
  • Spot light grouping not really working.  Disable fire light group in small base.
  • Triggered game saves are not creating asset content files. And game not loading proper folder.
  • Attack feedback when compromised crypto software leads to wiretap.
  • When player pauses game, reset time compression to the initial time compression defined for the scenario.
  • Parazog scenario saves an interim point in phase three.  Rename that point to 'ParazogPhaseThreeA' to be consistent with other saved file names.
  • Deselecting the 'guard at door' entry in the ZONE screen should cause the associated guard to wander and not be associated with the zone.
  • Single click on asset subsequent to a double click causes asset content to display.  Also, double click on empty asset displays empty form.
  • Don’t save currently selected devices or computers - not really kept.
  • Appending (PARAGRAPH) to text when saving causes multiple lines of that.
  • VPN logic failed to account for NOXCERT policies in some profiles.
  • In the ParaZog scenario, clarify that Max is done with the offsite office.
  • Loading saved versions of ParaZog can cause phase three to be skipped. 
  • Lack of smartcard minter not reflected in failed goal thoughts, and does not lead to failure to decrypt email.
  • Don’t let player scrap CA’s.
  • Hide attack log button when in the network screen.
  • Email client dialog CA selection combo box not hidden if 'use card' is selected
  • Authentication server scenario required the data server have long passwords to get past that objective - it should only be required of the user workstations.
  • Authentication server scenario, player had to run a few seconds into phase 2 before new user appears.
  • Who Are You? VPN domain selection does not include offsite locations.  Define two primary offsite locations as separate domains.
  • VPN client can access servers on local LANs though configuration should prohibit it.
  • Add guard feedback if ID Device VPN setting prevents communication with databases.
  • Asset screen intended access listing of discretionary controls should have column headings so it is clear that 'modify' is a mode of access.  Also, don’t open group popup dialog if player selects 'public'.
  • Alter Patches scenario to have an introductory phase that encourages the player to first just watch what happens.
  • Attack response trigger frequency setting of -1 subject to side effects of random value logic. 
  • Checkpoint direction faces wrong direction (introduced by recent change).
  • Door location logic in military base too narrow at wide outer door.
  • Loading saved game results in incorrect time if saved at 12:xx.
  • If workstation has a configured VPN client that keeps it from meeting goal (e.g., because player also configured a local gateway) reflect that in a user thought.
  • SDT scenario form scrollable text areas hard-coded too large.
  • Change the Caf? scenario to use forced cameras.
  • Add encyclopedia trigger and hint to Hard Rain scenario to give player a clue about configuring the email application.
  • Key Types scenario floor plan missing server room image.
  • Don’t let scroll bar fiddling result in double click events.
  • In ParaZog, change label of 'Derivative Database Instructions' so it is not attacked before the carbon credits derivatives. 
  • Some reloaded games initially display without a status panel.
  • SDT game run script syntax error kept some windows command processors from parsing the sdf file name.
  • Spot light grouping not really working.  Disable fire light group in small base.
  • Triggered game saves are not creating asset content files.
  • 2d animation and fire system not being shut down before scenario reload.
  • Identity database scenario would not load due to duplicate component name checking error.
  • Right click on a server rack, but not on the computer causes a crash.
  • Advanced VPN scenario is insufficient money to purchase a CA and the VPN gateway.
  • Thinkpad laptop problem with display of java dialogs - kept flashing dialogs.  May be related to 'blue window' problem with java dialogs.  Fix by setting focus to null after each call to dialogs.
  • Camera tracking logic and 'Force Camera' scenario reworked. 
  • Player could cause camera to lock onto unintended location. 
  • Rework user walking through doorway logic to more reliably prevent the camera from turning until the user is clear of the door.
  • VPN Scenario allows advancement to phase four even though web goal not met.
  • Save game function crashes when workstations deleted prior to save.

Update 1.9t
Discrepancies
  • Attack descriptions for subverted services truncated -error introduced in version 1.9s5.
  • When camera is tracking one use, a single click on another user will change the Information Panel, but will not alter the camera tracking.  Cameratracking should be disabled at that point.
  • Guards not walking to new assignments at new zone checkpoints.
  • In the ZONE screen, move the physical security display above the zone description.
  • When attacker assumes a user’s ID (e.g., via poor passwords) access should be limited to the modes of access permitted the user.
  • Monthly costs of IT staff/guards incorrect after firing someone.
  • Convert security and IT staff costs to $/hr to better hide fact that single staff covers 3 shifts.
  • Change log renaming logic to copy the temporary log file rather than rename it.  Anti virus or unknown software might open the temporary file, preventing it from being renamed.
  • Player able to select the attack log while a dialog is up - that led to hiding the dialog, effectively freezing the game.
  • Insiders at main site should not physically attack offsite zones.
  • Move the directX/java query executable to the game/exe directory so that it can make use of the msvcr71.dll.
  • Error in camera tracking logic caused camera to shudder between positions.
  • Correct placement of ID devices within internal checkpoints.
  • Provide pull-down menu functions for firing guards and IT staff. And extend the 'other' pull down menu to include hiring staff.
  • Relax non-fatal error checking when game is in automated test mode.
  • Increase size of user description and user goals windows so texts more readable and more clearly laid out.
  • Error messages for Windows 7 video issues.
  • Use of remote service (e.g., web server) to access asset with no password protection reported as a subverted service.
  • Revise format of attack log entries to have one component or network per line.  Make it easier for users to understand the attack logs.
  • User speaks and component diagnostic messages: test that camera has stopped panning before displaying message for component or stationary user.
  • In SDT, let designer move elements from one set to another.
  • 'Network Authentication Through Cryptography' movie does not display from encyclopedia if encyclopedia started with F1 (but it works if started from Campaign Player).  This one movie used to have a Microsoft digital signature problem, but rebuild of movies fixed that - go back to standard way of playing this movie.
  • Link Encryptor scenario lab manual question about when link encryptors fail on when used over the Internet is not clear.  Rephrase to make clear what  it is that is failing.
  • When saving and loading games, don’t display directories that have the name 'log' or that start with 'saved_', the latter being holders for scenario attributes such as asset content.
  • In response to player double click on vpn gateway, move vpn display invocation to gameshell loop to avoid invoking Java from CheckObject loops.
  • Checkpoint location calculation sometimes depended on zone information instead of workspace information.
  • Add staff 'fire' event to replay log processing.  And give the player a choice to reset zone guard-dependent selections when a guard is fired.
  • If zone break-in is aided by zone ID equipment that lacks policy or guard/key lock, report that in attack logs.
  • Zone settings for 'Scan Visitors' and 'Log All Entry' had negative value.
  • Yes-No dialogs display broken when button text is long - repack components. Iterating through devices and computers can cause crash after scrapping a component.
  • Change automatically saved SDF names to scenario-specific names.
  • Saving game with small military base as offsite leads to crash on reload.
  • Caf? scenario: incorrect feedback if player chooses to use the
  • USB to store pictures, but not to access hardened browser.
  • Closing game load/save dialog without choice can lead to lost log files.
  • Save Game Trigger change to allow symbolic substitution of the scenario name so that sdf names are unique across scenarios within the same project.
  • Check for duplicate component names at startup.
  • Not completely saving pki goal state for email senders and receivers.

Update 1.9s5a
Discrepancy
  • Key Types scenario fails to attack vulnerable assets via wiretaps.   Also reports need for PKI setup twice.

Update 1.9s5
Features
  • First draft of Identity Database scenario. 
  • Introduction of asset content viewing and inference condition.  
  • Campaign Analyzer: Have the tool consume any zip files it finds in the game folder so instructors don’t have to unzip and differences in zip tools won’t affect the folder hierarchy.
Discrepancies
  • Event log viewer not completely including background check changes, also include background checks as replay log function.
  • Targeted malware attacks should corrupt data from a subverted goal source computer if the goal’s user has modify access to the asset.
  • Make FlipStrip O/S compatible with bitflipper router for hardened routers.
  • In SDT, during clone operation, don’t report 'existing directory' unless the directory contains something.
  • SDT: delete temp files on exit.
  • Filters should not protect assets if open ports leads to an unprotected service and the attacker has access to the asset (e.g., no remote authentication required).
  • Alter exception handling to give graphics exceptions a chance to display.
  • In directX and java check function of installation, handle strings from the batch file (e.g., to report 64 bit platform java requirements.)
  • Alter runplayer.bat to check for 64-bit platform and java.exe in the x86 system directory.
  • When assessing server-side applications for transport and higher encryption, only consider filtered software types.
  • Hide groups until they are used (e.g., some user appears who belongs to the group).
  • Random occurrence of virus when designer specifies only Trojan horse, and vice versa.
  • SDT would run old SDF if recent build/run operation resulted in validation error.

Update 1.9s4
Discrepancy
  • Neglected to distriubte texture files for  new cafe scenario signs.
Update 1.9s3
Features
  • Initial relase of "Identity Aggregation" scenario, "cafe".
  • Add QuestionUser trigger so that players can revisit questions concerning behavior of characters.  Indicate 'good' answers that are intended to let the scenario play forward, thus breaking the link to the question.  While links remain, user goals will fail and the player can revisit the question via a right click on the user.
  • Add ObjectTexture trigger to change the tga used for a dynamic object.  This trigger must occur before the first show-object trigger.
Discrepancies
  • Recent change to 'findZone' logic to not depend on zone ordering resulted in incorrect selection of largest zone when other zones were given a higher index number.
  • ParaZog scenario lab manual not loaded  in scenario file.
  • ParaZog scenario not hiding unused assets. 
  • ParaZog, 'Survey Targets' asset gets attacked in later phase if game is reloaded even though the asset was protected.  (Save and restore indication that a goal’s asset is protected via PKI.)
  • If lose trigger fires with blank debriefing text, use text from latest attack log entry.
  • Add AssetVulnerable condition to determine if an asset would be compromised.
  • Stop user animations when dragging user.
  • ParaZog scenario, don’t describe carbon credit attack until it is visible to the player. 
  • Change MoveUser trigger to optionally not move the character - just re-assign workspace.
  • Question and multiple choice dialog text areas should not be editable.
  • Add game switch (-J) to set and display windows arrow cursor.  Intended for use when screen capturing demo movies, otherwise an hourglass is captured.
  • Revise height offsets of 'smoking' characters.
  • Smooth camera rotations
  • Limit previous character path walking adjustment to cases where X position is increasing.
  • Database selection function in IdM scenarios cause crash.
  • Reload of scenario with DNA scanner caused crash.
  • Purchase of computer while game running and user walking can cause user to freeze.
  • SDT user manual missing some triggers and condition.  Also, clean up the computer configuration and procedural setting values in the 'AssignedComputerHas' condition.
Update 1.9s2
Discrepancy
  • Database selection function in IdM scenarios cause crash.
Update 1.9s1
Discrepancies
  • Users no longer walk through chairs when sitting down and getting up.
  • Encyclopedia 'troubleshooting' entry goes to update page instead of support page.
  • Moving a user to a workspace lacking a computer caused crash if user’s old computer was then deleted.
  • Sitting female users sunk a bit before standing up.
  • Camera control: restore limits to camera panning to prevent camera getting lost. 
  • Right button down dragging for rotate and height adjust.  When panning, if cursor leaves office area, keep panning in that direction as long as the left button stays down.
  • update SDT log viewer to 'find' scenario element related to double-clicked log entry (e.g., specific trigger).
  • Permit email encryption without signing.
  • ParaZog scenario: increase penalty if Molly can’t receive derivative database email.
  • Pending loan amounts not zeroed when buying staff or physical security.  
  • Calculation to determine if player has enough money to buy item with the load fails to account for current cash.
  • Attempt to hire guard without enough money results in no guard, but the hire screen reflects the guard is hired.
  • When determining potential email clients for users, include only workstations that explicitly have an account for the user (or via auth server) excluding 'public' access to workstations.  And when displaying email configuration dialogs, display the USER name.
  • Email client logic not incorporating authentication servers

Update 1.9s
Features
  • New "ParaZog" scenario to illustate use of smartcard-enabled email clients to encrypt and sign emails.
  • Add semantics to 'SelfAdminister' for servers - implies all locally known users have admin and can see all data.
  • Alter wiretap attack logic to include an encryption assurance that simply reflects the algorithm.  Attacks on keys and mechanisms occur in attacks other than wiretaps.
  • Add MoveUser trigger to move users offsite
  • Add AddZoneAccess trigger to add user to zone access list (e.g., to simulate insider getting access via some other means.)
  • Add smartcard media data exfiltration as an attack type.  Such an attack may succeed if a single user has two email goals each being satisfied via smartcard encryption and/or authentication.  Such a situation can result in 'computer as a gateway' topologies whereby one workstation links to another workstation via the smartcard.
  • Add UserSetClearance trigger to set/change a user’s clearance.  And don’t display unused clearances.
  • Add RemoveAsset trigger
Discrepancies
  • SDT VPN form buttons have wrong labels after 'Add' operation.
  • Failed to call 'setFrame' when new set element selected, leading to failure to open VPN set elements.
  • With respect to achieving goals, users cannot leave the site that they are currently assigned.
  • Set email and VPN client forms such that myCA values are not editable so players cannot issue certificates across domains (other than pay-per-cert).
  • In the zone screen, display zones in order prescribed by designer.
  • Attacker direct access to computer results in subverted boot if motive > 50 and assurance less than 400.
  • Add FlipStrip O/S as compatable with IdM devices.
  • Phase description and objectives for VPN Intro scenario have artifacts from VPN Advanced scenario, remove the last phase and change the Win debriefing.
  • Untrustworthy insider does not accidently install malware if training >= 95
  • When tabbing viewpoints, skip those that fall within a hidden zone.
  • GetTrojanOnMachine logic - begin to rework.  Only look at the given computer, deal with remote TH access to assets elsewhere.
  • Components self administered by hostile insiders being missed via red herring password policies.
  • SDT tabs truncates set names that include periods.
  • When displaying user clearances, hide those for which there currently exists no visible assests.
  • SDT trigger form 'slaved to' convenience listing missed the third slave of a trigger.
  • In the runPlayer.bat script, detect 64-bit OS when java is missing and tell user to install both 64 and 32-bit versions of java.
  • A little bit easier to select a user for dragging.
  • When dragging and moving users (via trigger), orient the user per the target workspace.
  • Revise 'findZone' logic to not depend on zone ordering so that designers are free to order zones in list as needed.
  • Incomplete dereferencing of email goals when computer deleted led to crash.
  • Permit scrap of ID devices
  • Zone screen physical security selection corrupted by help tip buffer overflow.
  • Extend loan logic to hiring guards who cost at startup.
  • Erase goal failure tickers when goal is met.
  • Display Costs and Budget as per/hr values.
  • Don’t advance User Identification scenario until player provides individual accountability.
  • In Filters scenario, restart internet attacks after  phase two so player can’t just open all ports.
  • Refine automated camera rotation to get further from walls if possible.
  • When buying: if you cancel a workspace buy, the subsequent computer placement can lead to a crash.
  • Alter trigger processing such that '-1' as a trigger frequency means the trigger conditions will be evaluated subsequent to each asset compromise. 
  • This is intended for attack feedback triggers to reduce the window of time between a player’s change to a configuration and the display of feedback from a compromise that occurred prior to the change made by the player.
  • Ampersand (&) in logs confused xml processing.
  • In Filters scenario, reduce motive on research data so all firewalls are strong enough to defeat attacks.
  • Game save logic was saving computer rights vice explicit access lists. 
  • Only appeared to be a problem if 'local authentication' was not set on component.
  • Some speaks were not appearing when in replay log processing.  When in replay, change infinite speaks to short duration speaks.
  • Change remaining message dialogs to use java dialogs.
  • Link encryptors scenario was saving phase state before phase transitioned.
  • Key types scenario adjustment so that selection of PKI crypto after third user shows up results in consistent player feedback.
  • Revise loan logic to let player take loan that is smaller than triggered amount if the triggered amount exceeds total losses less loans-to-date.
  • Error in vpn connection profiles when source computer explicitly named in unprotected connection
Update 1.9r1
Discrepancy
Patches scenario crashed on launch
 
Update 1.9r
Features
  • Initial release of the "Hard Rain" email encryption scenario.
  • List email protections on Assets screen.
  • Add an EmailProtected condition.
  • Add emailInstallRoot trigger to cause a root cert to be installed into some vendor’s email client.
  • Add semantics to 'SelfAdminister' for servers -- implies all locally known users have admin and can see all data.

Discrepancies
  • Renaming log files failed due to race conditions?  (more likely antivirus opening files).
  • Malware warning log entries missing component identification.
  • User thoughts: if failed all goal and startIndex = posIndex, think 'I have no place to work.'.   If failed all goals and no computer,'would be nice to have a computer.'
  • When creating missing assets - let virtual users create assets on static computers.  And do not let malware introduction into static servers.
  • Happiness adjust trigger should affect displayed happiness, AND base happiness.
  • SDT manual description of CompareTriggers condition had triggers reversed.
  • Check java version during setup installation and launch.
  • Game crash iterating between non-existent components.
  • Smoother camera motion when following a user.
  • Reset workspace lighting (highlighting workspace of wandering, selected user) when user sits down.
  • In DescribeAttacks speaks, change text to first person.
  • Logic to limit assessment of assetAttacked conditions within triggers to once per attack failed when condition only appeared with a trigger condition parameter.
  • In computer screen, don’t display hidden users in access list.
  • Hidden zones can cause crash when going to network screen.
  • Alter camera auto-rotate logic to start with the current angle, sweep in one direction half the arc, and then the other. 
  • Don’t rename static computers when assigned users become active.
  • When determining whether an asset failure is new, distinguish between failure to access and failure to create.
  • When conducting indirect attacks, try computers in all accessible zones prior to using your own computer.
  • Don’t display user’s membership in the 'public' group.
  • Sequence insider attacks such that they first try using computers that they have goal claims upon.
  • When in Network Screen, don’t display zones that lack components.
  • Not returning to correct screen after going to software screen from computer screen.
  • Run the getdxver.exe if java not found in runplayer.bat to remind user they are missing java.
  • OnScreen conditions reflecting office screen during startup for short window of time - the condition value should be the briefing screen. 
  •  Buying network device after buying computer caused player to be charged the computer price rather than the device price.
  •  
Update 1.9q3
Discrepancies
  • Identity theft scenario hints for connecting to internet after connection is made if protections set on user’s asset.  Change condition on hints to only consider connectivity.
  • Make user speaks and help tip triangles translucent.
  • Opening encyclopedia from a java dialog and then ending the game hung the campaign player until the encyclopedia is closed. 
  • Stop the game clock (but don’t pause the game) if the game loses focus to something like the encyclopedia.  Restart the clock as soon as focus returns. 
  • Make hand scanner and iris scanner exclusive in zone policy screens.
  • Buy screen items scroll off the screen.
  • Use of <esc> key when in network screen and filters or link encryptor dialogs corrupts the screen.
  • Configure from network screen leads to crash.
  • Selecting one-time-password moves camera to non-existent user if done early.
  • Enforce no-loans on zone security and permit loans per existing logic.
  • Introduction scenario help tips on physical security appear even when enough security is selected.
  • Change network services logic such that if remote authentication is required, attackers must compromise web service (or any other network service) to access accets having non-public intended access regardless of their ACL. 
  • Setup scripts for updates failing to over-write some files.  Change update create process to ensure each update contains at most onecopy of each file
Update 1.9q2
Discrepancies
  • Crash in IdM Who Are You scenario due to error in vector data type handling.
  • Crashes resulting from some game re-loads due to errors saving users and computers
Update 1.9q1
Features
  • Add clearRegister trigger to clear registers in cases where conditions other than the answers determine the feedback to the player.
Discrepancies
  • Identity management changes not included in previous update, stronger router to avoid some internet attacks, fix conditions for quiz responses.
  • Game crash in some Identity Device conditions
  • Let player escape out of java dialogs (sometimes java hangs without drawing buttons)

Update 1.9q
Features
  • Extend Advanced VPN scenario to include a need for cross certification.
  • Add VPN_XCERT_CA trigger to sign some CA’s cert, intended for use with external remote parties (e.g., suppliers)
  • Rework right-click component menus to support submenus.  Allow network connection / disconnection via these menus.
  • Add 'HideSite' trigger to hide or show a site and its components and users.
  • Add a fourth offsite zone
  • Add 'LimitVPNs' trigger to limit the number of VPN mechanisms the player can deploy at a site - thereby forcing the player to establish certificate polices rather than deploying parallel VPNs.
  • Extended game engine to support encrypted and signed email using PKI -- no scenario yet and not fully tested, but try it out.  See descriptions in the Encyclopedia and the SDT User's Guide.
  • Add attack properties reflecting use of computer as a gateway and attacker allowed into the zone.
Discrepancies
  • VPN connection test dialog did not expand properly when remote gateway selected - lack of java ui pack function.
  • Log entry for component scan events included null values.
  • Error check for no internet connection to a computer coming out of the SDT.
  • Attack profile grew larger than 32 - extend to 64 (long long).
  • Catch designer error condition where more offsite zones are defined than are expressed within the Scenario Form’s office type definition.
  • When user has no department, don’t display 'Dept:' labels.
  • Revise user thoughts when goals fail to be more descriptive.
  • When workstation availability goes down and user thinks  about it - identify the workstation.
  • In SDT, create copies of xml files (e.g., for vpn definitions) when designer does save as or add functions.
  • Alter loan logic such that players can only take out loans against losses incurred.  Thus, if the designer provides enough money for a limited set of equipment, and the player loses money, the player
  • can still purchase the limited equipment via a loan - but the player cannot take loans beyond the intended capitalization.
  • AssetToNetwork condition was not accounting for wiretaps.
  • Add diagnostics messages when JVM cannot be found by the game engine.
  • Change trigger system such that the slaves of selected trigger classes will not fire if the trigger does not 'succeed'.  First instance is the VPNXCertCA trigger (for cross certifying certificates).
  • VPN connection test not accounting for no selection of encrypted network.  Also, permit connection test for simple scenarios.
  • Network screen did not select component when player uses Internet cloud as network button.  Also did not display 'cannot alter' message when player selected static network component.  And stop using helpId to identify components.
  • Reflect user goal failure penalties as $/hour in user screen.
  • When player scraps a component, tell the player how much refund will be within the dialog.
  • Extend menus for buying and help.
  • Saved SDFs should store names of visited users and computers rather than numeric IDs.  Also, when saving and SDF, store the users in the order in which they appeared in the original SDF.
  • Save and restore camera selections.
  • Dragging user when other user was selected in info panel sometimes lead to user’s occupying the same space.
  • Condition classes measured for 'greater than' as condition parameters should include the 'Company_Has_X' conditions.
  • Error in handling hidden assets lead to crashes.
  • Handle static components in vpn dialogs - don’t let player update static components.
  • Replay function not recording correct cost of components.
  • Save game not correctly writing trigger condition properties (bit masks)
  • Alter Campaign Player batch file to find java in the registry rather than relying on it being in the system path.
  • Distinguish between virus and Trojan horse in log entries.
  • Replay function must assign same name to bought components as was done in original play.  Also, log and replay player initiated component renaming.
  • Not withdrawing availability tickers when game engine sees staffing as not 100%.
  • Save and restore computer malware descriptions.
  • Seed the random number generator.
  • Catch and report more errors initializing 3d acceleration.
  • Logic removing user thought types failed to remove all thoughts of the given type.
  • Uninitialized string in netview.
  • Right click on component in list to see menu.
  • When selecting ID devices, display whether it is associated with a workstation and limit menu options based on its use.
  • In the ID device pull down menus, if the ID device does not have a potential external ID database or activity log, don’t include a configure option in the menu.  If it does, display the option as 'Select ID Database or Log'.
  • Database selection values for ID devices not correctly initialized.
  • In Filters scenario, detect use of computer as a gateway and distinguish ticker message to not suggest Mary has Internet access.


Update 1.9p
Features
  • New tutorial movie on Public Key Infrastructure and some of its vulnerabilities.
  • Feature to zip the folders that contain log files and place the zip on the user’s desktop. 
Discrepancies
  • Don’t select user for following / emotion icons unless player clicks on theuser and the user is already selected.  (Logic was lost as side effect of previouscamera logic change.)
  • In the SDT, don’t delete software from components just because scenario lacksit - unless designer has selected a new O/S.
  • When selecting computer upon which users will create assets, was not accountingfor filtered software types when assets had labels.
  • SDT 'New Scenario' failed because file not created (new scenarios typically donevia 'save as' to inherit zone, workspace and other basic files.
  • Prior to first unpause of game, some goals have ambiguous status untilit is determined if user can create assets on the topology provided by theplayer.  Display a 'unpause to see' message under the user’s'failed goals' in such cases.

Update 1.9o
Features
  • PKI additions to VPN mechanisms and identity devices.
  • Each gateway and client (including ID devices) can be configured by the player for either symmetric or public key encryption.  A scenario switch can force 'simple' vpns that hide key management decisions.
  • Symmetric keys require key management by selecting keys named A-Z in the connection profiles.
  • Public keys require purchase of a CA or selection of Cert-for-Fee certs.
  • Each component is configured with one or more Root CA.  This could be a locally purchased CA, or a cert-for-fee CA. 
  • Function for one CA to sign another’s cert. 
  • Certification Authorities occur when that software type appears on a computer. 
  • Add diagnostic type function to VPN dialog to test connectivity with remote component.
  • Add trigger (VPN_CA) that will cause an indirectly named CA to issue a certificate for a named VPN mechanism.  The CA is named in terms of an user’s access to a given asset, i.e., 'whatever CA facilitates the data side of Joe’s access to the Roadmap.'  Intended for use with VPN mechanisms controlled by rogue users within an enterprise
Discrepancies
  • Playing saved scenarios failed out of the campaign player
  • Remove SDT 'Import' function - it is no longer supported or used.
  • Don’t list internal mechanism 'zone users' under users allowed in zone
  • Expand multiple choice to A-F and provide multiple guess option (checklists of answers)
  • When user selects a group name, display the background check dialog.
  • User speaks flicker distractingly while users walk, alternating between triangle coming from side of text box and bottom.
  • Extend computer diagnostics function to devices, and support diagnostics in the Network screen.
  • Alter menu handling so that unused items are simply not shown, and item indexes are fixed regardless of context.
  • During initialization, don’t assign user to workspace unless the user has an asset goal utilization.
  • Improve automatic camera rotation when following  a user, e.g., if user going through a door,  wait until the user completes that before trying to rotate the camera.
  • Clean up java error handling, terminate game shell on JVM errors.
  • Remove remoteFromMyComputerSet from user data structure (and related unused relics).
  • Double click on vpn gateway brings up both the vpn dialog and the filters dialog.
  • Disable scene mousing when dialogs are up.
  • Remove attempts to display hourglass when cursor leaves java dialogs, leave it as a hand for now.
  • Permit alternate syntax to express trigger condition parameters as 2^n (i.e., for attack properties).
  • Extend AssetAttacked attack profiles to wiretap attacks.
  • Fix paragraph handling for second trigger text fields.
  • Attacks on VPNs with symmetric keys via rogue components with same key should only occur if attacker has access to physical network (e.g., Internet). 
  • For now, motives above 80 lead to these attacks regardless of physical network access.
  • When dumping condition values, display AssetAttacked evaluated answers as powers of two, e.g, [4][12]
  • Expand condition structure to include attack profile for use in AssetAttacked and other conditions that have attack profiles (which are unsigned longs treated as large sets).
  • SDT attempts to open empty set folders should not report 'corrupt file', it should be ignored.
  • Adding virus via SOFT_SelectRandomSWofType failed.
  • Remove 'Instantiated' flag from SDT asset definitions.
  • Don’t copy subversion directories when cloning projects
  • Virus software types were being ignored in the software lists.
  • Add duration to computer burn triggers
  • When resetting wandering users, use the relocation logic to more reliably return them to their desks.
  • Allow designer to select an offsite office without defining the zone (at least prevent crashes).
  • Withdraw component 'abnormal access'-type tickers if problem is fixed.
  • Don’t add zero-cost attacks to the attack log unless/until the asset is named in a lose trigger that fires.
  • Replace the briefing text with the debriefing description after a loss.
  • In SDT, don’t create a new set if there is already a set with that name.
  • Add an 'interesting square' to the server rack to that IT staff reliably visit computers in racks.
  • If help tip triangles line up with bottom of the box, the triangle does not display.
  • Allow 'Bad Policy' attack triggers to be limited to Trojan horses or viruses based on overloading the motive field, which is otherwise unused for these attack types.
  • Select of 'apply patches as released' failed to prevent attacks in Patches scenario.
  • Revise SDT tutorial base scenario (Start Office) and correct the instructions.
  • Fix virus propagation logic to not distribute other malware strains.
  • When proving the player with a loan, take it back if the player cancels the purchase.
  • Prevent speaks when not in office screen.
  • Replay loans.
  • Clear server/user/device info window when tabbing around. 
  • Change SDT project clone function to retain original file dates.
Update 1.9n
Features
  • Associate a set of assets with each zone ID device.  The set is madeup of assets from each active zone goal that has a filtered softwaretype defined in the goal.  This set is then used to list assets in apopup screen for configuring the ID device.  If there is a singleasset, then that asset will be selected by default.  And if thereis one asset that is an activity log that asset will also be selected. Otherwise, the player must select which assets will be accessed bythe zone ID device.  Zone goals will not be attempted (i.e., theywill just appear as failed) unless the corresponding assets are selected.
  • Add an "AssetAttackCount" condition to simplify changes in user feedbackbased on attacks.
  • Alter CheckpointFail condition to permit specifying any user.
  • Add CompanyHasDevices condition to go along with CompanyHasComputers condition.
  • Add AttackCount that measures the number of attacks on an asset. Have it reference an AssetAttacked condition as the specificationfor which asset and which attack type.
  • When buying or moving, hide walls.
  • Rework integrity abstractions to reflect the mechanisms via which highintegrity assets are read by users who rely on high integrity.  Addan integrity value to user goals to reflect the amount of integrity thatthat user expects when reading the associated assets.  (As always weassume the scenario designer has not created inconsistent cases suchas where goals require integrity not found in the corresponding assets.)   This 'reference integrity' will include a cost to the enterprise and amotive, just like an asset.  Wiretap attack logic will change such thatwhen read-only goals put assets on the wire, the asset motive formodification will be set to the reference integrity motive.  Otherwise, a read-only goal puts no modification motive on the wire. And wiretap logic for modify goals need not change since the assetitself could be corrupted. 
  • In the network screen, treat the Internet Icons the same as if the player clicksthe Internet button.
Discrepancies
  • Zone goals for IdM scenarios were not saved.
  • Change 'Badges Required' to 'Photo ID Badge'.
  • Rework RandomValue condition such that random values are only assignedvia triggers and each ready dependent trigger has an opportunity toobserve the previous random value before it changes.
  • Add attack profile for subverted operating system.
  • Attack log buffer not cleared in some situations.
  • Set hourglass cursor when SDT is busy.
  • Event log should not be modal in context of the SDT - let developer browsescenario elements while looking at the log.
  • SDT scenario class overrode java’s 'isValid' method, causing the scenarioform to not display.
  • Training and Awareness scenario has broken camera settings.
  • Default intrinsic trigger condition parameter values to zero so whendesigners forget to fill it in, there is at least a value.
  • Don’t delete speaks on mouse click unless the click is on the speak. And, for speaks without time expirations, delete them when player unpausesthe game (the speak pauses the game).
  • Split up user thoughts so they can be expanded without having to recompilethe entire code base.
  • Don’t log goal failures that occur when testing asset creation.
  • Add BurnHere trigger to start a fire in a specified location.
  • In network screen, popup help does not appear when hovering over networkdevices - only when hovering over computer devices.
  • When in network screen, if player selects network, display help on how to connect.
  • Add confirmation to 'Scrap' operations
  • Outsider breakin attacks not occurring in phase 2 of Authentication Scenario.
  • Loaded saved game asset attack times should ignore attack types whosecount is zero.
  • Don’t sleep during java dialog display so that animations continue.
  • Shorten mouse hover pop-up time by about half a second, maybe less. Compare to browser hover times.
  • wasd keys have 'a' and 's' reversed.
  • When cursor moves over a selectable office object, turn cursor to a hand.
  • In Filters scenario, make it clear to the player that the Gov’t regulatoris authorized to access the data AND management has determined that SSHis a suitable mechanism for this purpose. 
  • esc key in any other screen should return to the office screen
  • Rework attack engine to remove redundant logic paths such that trackingthe cause of attacks is simplified.  This includes tracking the sourceof malicious software (e.g., user downloads unauthorized software.)
  • Utilize new attack management logic to simplify conditions controllingattacks within the VPN scenario.
  • Double click a vpn in the office screen should open vpn dialog.
  • Add a 'Block' protection value to VPN connection profiles to keepsubsequent wildcard entries from affecting selected connections.
  • Computer diagnostics pop-up speaks did not handle computers inserver racks.
  • Rework Java dialogs (e.g., message popups and VPN configurations) managementso that the game screen continues to be refreshed while the dialog isdisplayed.
  • If trigger delay is longer than the frequency, ignore the frequency.
  • Clear speaks balloons when displaying filters dialog.
  • Remove ticker warnings of attempted malware installations - they are confusing.
  • In filters scenario, remove inactive workspaces to keep playerfrom dropping routers on the floor behind walls.
  • TriggerGoneOff processing was setting the condition timestamp incorrectly. 
  • Also, Event Sequence condition conditions were not being evaluated if theydid not also so up explicitly in trigger conditions.
  • When setting condition mins and maxes for intrinsic conditions, set the minto 1 so that it becomes true if at least one.  Explicit valueswithin intrinsic conditions are now used in event sequence condition processing.
  • Game could crash when workspace overlapped with outside the building andcomputer placed in that workspace.
  • In network screen help, change popup help depending on whether component isselected, and whether the component can connect to networks.
  • Stop tickers when player leaves OFFICE screen.
  • GameState condition not setting evaluated value.
  • Error in reading workspaces caused duplicate workspace entries for last entry,sometimes causing computers to be placed beneath a user’s desk.
  • Sometimes briefing text is truncated - add extra line feeds at the end.
  • When closing tooltips upon mouse exit, only delete those that are closeto the mouse so that triggered help tips persist.
  • When VPN client island hoping is possible, mask the subverted vpn attack property.
  • Remove "Joe lacks browser" type tickers if Joe has no computer assigned.
  • Withdraw the "understaffed" ticker when staffing brought back up.
  • Let player move VPN configuration screens.

Update 1.9m1
Discrepancy
  • Training and awareness scenario had broken camera management causing scene to go off camera.
Update 1.9m
Features
  • Expand User Identification scenario to illustrate individual accountability and access control (ACLs) as uses for user identity.
  • Add a UserAnimation condition to measure current user animation sequence. Initial intended use is help time events, e.g., delay attacks until user is sitting.
  • The AttackTrigger now includes a mechanism by which attacks are suppressed for some period subsequent to a successful asset compromise. 
  • Alter AttackAsset triggers to let designer cause attack cycle to end if an asset is successfully compromised.
  • Add software costs to designer-defined applications and allow designer to specify that applications cannot be purchased or removed.
  • Add "No OS Protection" attack property.
  • Allow "UnaccountableWSAccess" to apply to all assigned workstations.
  • Add diagnostic message if invalid display configuration found (attempt to detect bad drivers or insufficient video support.)
Discrepancies
  • Increase width of trigger conditions list in SDT form.
  • AssetOnWire error - don’t put asset on the wire when testing asset creation.  It will get there are part of normal goal achievement.
  • Change assetToInternetNoVPN to AssetToNetworkNoVPN since VPN’s are not limited to Internet traffic.
  • Computer diagnostic speaks should be deleted when player presses <esc> or clicks nothing.
  • Workstation usage broken by recent change such that too many users can use the same workstation to achieve their goals.  Alter method of recording workstation claims.
  • Change syntax of ComputerCopyACLtoAssetRights to not redundantly pass in the computer.
  • Don’t require remote authentication for access to publicly accessible assets that are part of a web server goal.
  • Log replays of ACL changes.
  • Tie ACL dialog "help" button to encyclopedia description of ACLs.
  • In buy screen, if no items of a particular type are offered, display that message to the player.
  • In the SDT trigger form, error check for blanks before ) and after (.

Update 1.9l
Features
  • Add VPN client functions to workstations.  Introduce "connection profiles" as a mechanism for controlling the computers that can be reached through VPNs.
  • VPN gateways can now connect to any network as the encrypted network.
  • Add network domains to the game for use in connection profiles.
  • Add "measured boot" configuration to workstations and allow player to tie VPN client key use to the measured boot to reduce risks of subverted VPN clients.
  • Revise VPN attack engine logic for split tunnel and island hopping scenarios.
  • Add pop-up menus for components and devices to allow player to selectfunctions such as configure, scrap and VPN configurations.
  • Automatic camera rotations so the player can see components and users insteadof walls.
  • Add "ComputersAreConnected" condition to measure physical connections independent offilters, VPNs and such.
  • Add an offsite office that is just a floor and a sign reading "World Wide Web,"intended for use in depicting simple static web resources.
  • Add scan for malicious software menu item to component menus.
  • Add moderate assurance operating system for use in VPN gateways.
  • Create a set of functions that allow computers and devices to uses speaks toexpress problems they are having.  Start with measured boot problems.
  • Add function to allow player to take a loan when cash is not sufficient to
    purchase necessary equipment.  Loans are subtracted from cash at the end of the game.
Discrepancies
  • Bad workspace x,y values should result in some kind of warning message from game engine.
  • When selecting screen objects, distinguish between sitting users and standing users so that selection of working user’s computers is easier.
  • When running replay logs, don’t automatically close the attack logs or the vpn dialogs.
  • Add error checking for bad phase names
  • Put the attack route into the attack log.
  • Change event log type to a class so strings can be easily initialized.
  • Move attack logic into its own source file, create VPN open tunnel class.
  • Replay dialog logic bug in control of when to automatically close dialogs
  • Remove x3dview for now.
  • Change "validation profile" to "authentication profile".
  • Precalculate sw assurance prior to attacks so that network traversal logic is not interfered with.
  • At start of game engine, verify all existing assets are on a computer.
  • Record the attack property as the evaluated condition value for assetAttacked conditions.
  • Add option to erase a triggered speak if game conditions that led to the speak become false.
  • Insider attacks not properly foiled by "Remote Authentication" setting.
  • Redo trigger processing after user goal processing to immediately catch changed goal state. 
  • Preprocess authentication server connectivity so it does not interfere with attack traversals (after changing logic to use attack traversals rather than old network connectivity logic.)
  • Add "Software" button to the component screen.  Add VPN Client button to networks window bottom.
  • If user authenticates to workstation using ID Device and authorization profile, then user is also authenticated to servers that use the same authentication server as the workstation.
  • GUIMaker bitmap file management would not reload revised bitmap files because it tested for unchanged filenames. 
  • Now files are reloaded each time the properties dialog is closed.
  • Initialize intrinsic TriggerGoneOff conditions such that zero or more firings of the named trigger take the condition to true.
  • Use keybindings to catch F1 key in the in-game java dialogs
  • Improve support for reporting on attacks by recording per-component attack properties (e.g., subverted).
  • Add shortcut to execute off CD in the event autorun is disabled
  • Handle <shift> F10 as a right click.   
  • Allow operating systems that have no compatible software, e.g., for appliances.
  • Use of ID Device with a workstation (e.g., for authorization profiles) should not require that the workstation be configured to require ID Devices.
  • Compute Internet access for each workstation once per attack cycle (i.e., to determine if computer potentially receives external email) as an optimization.
  • Withdrawing tickers could lead to missed ticker messages.   Also, withdrawing any one ticker should withdraw all tickers from that same trigger.
  • Only check user goals in Office Screen and User screen.
  • When an authentication server has been used, unset each password and related policy in the gui to avoid confusing the player.
  • Key types scenario asset cost lists should only include disclosure costs.
  • Remove the user move button - confusing in that there is no corresponding computer move button.  Later perhaps add it back with computer move buttons or menu option.
  • Save and load character angles so characters don’t start saved scenario facing backwards in a seat.
  • Stop animation and hide speaks when software buy screen is displayed.
  • Hide speaks when buy screen is displayed.
  • When malware corrupts asset as part of a user’s goal, don’t print an attack route (it is not valid).
  • Unlabeled network connections on MAC machines should not be usable to go out to a network.
  • Memory leak in text box processing.
  • Reduce logging of goal failures through use of game state tracking.
  • Change camera management in forced camera scenarios to restore either fixed camera points or selected items (e.g., computers).
  • Gamecore process whenever GAME screen or USER screen is selected to ensure latest user goals
    are reflected immediately.
  • Tie AssetToNetwork condition processing to game state to avoid unnecessary attack route
    calculations.
  • If in the debugger, create a dump of computers, etc. with game IDs for easy reference.
Update 1.9ka
Discrepancy
  • VPN Intro scenario not playable because remote site is “static” thereby preventing players from reconnecting networks on remote computers.

Update 1.9k
Features
  • Create Identity Management campaign containing "Who Are You" and User Identifiication scenarios.
  • Alter EvalUserMachinePolicy & EvalUserWsHasIdDevice to also accept workstation names rather  than a user name.  Add 'no scrap' attribute to physical components that will also prevent the component from being moved or have its name changed.
  • Add 'Attack Log'  button that presents a log of asset compromises.
  • Add 'UserCheckPointAnim' condition to test if user is approaching a checkpoint having particular ID Devices.
  • Extend intrinsic trigger condition (TriggerGoneOff) to test for that trigger having gone off within a given number of real-time seconds.  The intent is to keep two triggers from firing too close together (e.g., a popup stepping on a speaks.) and to keep a trigger from firing too long after some other trigger.
  • Add condition dump to attack log to simplify scenario debugging.
  • Support up to three Offsite offices at one time such that remote computers and devices are not as easily confused (e.g., the difference between a web server on the internet and a protected remote database.)
  • Add navigation buttons for moving between buildings, zooming and raising/lowering the camera to simplify player navigation so player can better focus on the scenario.  Add help button.
  • Add EventSequence condition to determine whether one event has occurred since the most recent occurrence of some other event.  Events are named by conditions, and include TriggerGoneOff, CheckpointFailure and AssetAttack conditions.
  • Add initial time compression value to SDF and make IdM scenario x2
  • Add help tip for placing components and users
Discrepancies
  • Log zone access additions only via UI actions and replays.
  • Buying computer into server rack leaves 'Cancel' button instead of changing back into buy button. 
  • Should not be able to buy components in static zones.
  • The 1.9i release introduced bug where some network topologies would cause the game to lock up.
  • Add second offsite office to the filters scenario to avoid confusion.
  • Character in filters scenario says 'SSL' instead of 'SSH'.
  • Remove description of 'contribution' from User encyclopedia entry.
  • Display internet connections as connections to a network cloud in the NETWORK screen.
  • When moving between screens, list items are reset to entry zero (e.g., which zone is displayed).  Keep track of the latest displayed item so returning to that screen will again display the previously selected item.
  • Bound camera height based on zoom factor to reduce confusing camera positions.
  • Restart of game caused crash if computer selected prior to game restart.
  • Reduce motive on supporting assets in Stop Worms scenario to prevent spurious attacks.
  • In the trigger system, update assetAttacked condition values when the asset is compromised.
  • When processing wiretaps, just report the highest cost compromise for each cycle.
  • Buy screen in some scenarios displayed wrong items due to bug in 'CatalogueExists' trigger.
  • Bug in initCameratoUser caused crash of some scenarios.
  • Add height and zoom to 'CameraToUser' trigger.
  • Replace trigger timing logic with something closely tied to game time and real time instead of timer tickers that get out of whack due to side-effect invocations of trigger processing.
  • Clean up memory allocation in buy screen logic.
  • Tickers stopped when game screen loses focus.  Nothing else stops, so let tickers run.
  • Repaint screen while waiting for replies to java popups.
  • Allow user balloon speaks to continue after player changes screens.
  • SDT bug resulted in lab manual entries for scenarios that lack lab manuals.
  • Introduction scenario catalog components mixed up, all components should be part of the same element set.
  • Don’t display user balloon speech if user location can’t be found.
  • Save zone queue locations when game saved.
  • Save user animation information when game saved
  • Don’t check user goals when on component or zone screens.
  • Limit network screen topology to 2 rows of components.
  • Delayed response to game state change when buying software
     
Update 1.9i
Features
  • Associate ID Devices with workstations
    • Add conditions: AssetWsHasIdDevice and UserWsHasIdDevice that assess to    same device type as ZoneHasEquip condition.
    •  Remove: Accept PKI Certs, Use Biometrics, Use Client PKI Certs,
    •  Use Token PKI Certs and add: Require Biometrics and Require Smart Card
    •  When configuration requires biometric or smartcard, benefit of added  strength not realized unless equipment is there.  Also, user can’t login   without it.
    •  Allow visitors to have goals.  Similar to authorized visitors at checkpoints.
    •  Add validation profiles to eliminate need for individual identification  information storage on componnents.  Profiles enable workstation access if  workstation has ID Device and user conforms to profile.
    •  Profiles deny workstation access if workstation uses authentication server   and workstation has a profile that user fails to conform to.
    •  Validation profiles on authentication servers are only used for ID Device  based accesses to workstations.
    •  Add "Profile" button to component User and Group Identity.  And add "Profile"   alongside "clients" button in Authentication Server popup.
    •  Visitors only sit at computers if they can achieve goals there, and if the computer is not assigned to some other user.
    •  Show visitors in user screen, highlight that they are visitors
    •  Extend Authentication scenario to illustrate ID Devices and profiles.
  • Add UnaccountableAssetAccess condition to test whether a user accesses an asset without being identified (e.g., public acl, etc.)  Intended for use in determining if individual accountability is maintained.  Extend authentication server scenario to include feedback if player sets public access to assets.

Discrepancies
  • Garbled video images using Intel graphics chips now fixed.
  • Some systems could not find msvcr71 dll.
  • ComputerLoader logic included 'ConfigUpdateAntivirus' rather than 'UpdateAntivirus'. Caused crash.  Alter policy effect logic to permit unused entries.
  • Transition to event driven engine rather than polling.  Start with user goal assessment done only after potential state changes.
  • Buy computer, don’t place, click zone tab crashes game.
  • Happiness adjust trigger should affect displayed happiness, not base happiness, otherwise update does not occur until goals checked.
  • Instant availability fix when IT staff hired to remove confusion on whether hire has affect.
  • Link encryptor logic allowed software keyed devices to communicate with manually keyed devices.
  • Remove "howto" movie.  It is out of date and hard to see.  Replace with text in "Getting
  • Started" and eventually with mini movies such as "how to buy a component".
  • Modify start office catalogue to have lower maintenance cost so IT not needed right away.
  • Add Time window to AssetAttacked condition to keep condition value true for some number of game seconds.
  • Don’t withdraw tickers unless designer specifies 'erase'.  Otherwise, tickers due to assetAttacked and zoneEntry get withdrawn, leaving partial messages.
  • In the SDK, when doing  a 'build all' for testing, exit on first invalid scenario.
  • No player modifications to static zones (e.g., user lists).
  • Remove 'vpn client' option and all such software from scenarios until vpn clients are supported.
  • In VPNIntro, clarify briefing by replacing 'deploy vpn gateways' to 'purchase and configure VPN gateways.'.  And increase money in that scenario.
  • Change GUIMAKER to not require hard-coded pathnames for texture files - at least look at ../inputArt under the current working directory.  This requires execution from location relative to input art, but is preferable to changing every pathname or forcing all guimaker to be under an specific path.
  • Log of triggers not including condition parameters in other than first condition.
  • Show internet links in network screen and modify arrangement so routers on right in main office and on left in offsite (at least for small numbers of components.)
  • Always prevent users from directly accessing workstations that are at a different site to achieve goals.
  • Security scenario breaks when "expensive iris scanner" selected.
  • In password scenario, add an 'objective'.
  • Expand explanation in encyclopedia about the effect of guard-dependent zone security choices if there is no guard.
  • Update encyclopedia scenario list to include authentication scenario and passwords scenario.
  • After game load, buy screen button caused crash.
  • Network trace drawing went off track on Authentication scenario - temporary fix by always drawing network segments from left to right.
  • Network traces disappear if one end scrolls off the screen (depending on which terminal point is the 'location' of the widget.  Create new widget constructor that always draws the widget regardless of whether it thinks it is on the screen.
  • Network screen zone ordering in some scenarios put offsite between other zones. 
  • Add quiescent mouse detection so that camera or user movement does not result in object selection (e.g., prevent popups if player has not moved the mouse.)
  • Interrupt wandering user if goal becomes achieved.
  • Public had access to home in identity theft scenario.
  • Identity theft asset lacked dac protection
  • SDT saveas function confused placement of form tabs,  now just add new tab to end as if newly opened.
  • Logging was missing asset ACL changes, and add to replay.
  • Transition all checks of asset 'rights' to real-time acl, account and connectivity checks.  Currently, there is no semantics to 'execute' or 'control' access, so ignore them in the logic until a clear game abstraction is established.
  • Game engine error check on missing asset (bad SDF).
  • Zone access based on labels incorrect when secrecy and integrity combined.  Require user to dominate at least one of each if each are present.
  • Remove unneeded zones from Stop Worms and Life With Macros scenarios.
  • When asset removed from computer, reset intended rights along with actual rights.
  • Cryptography for network authentication movie would not play due to MS digital signature bugs.
  • IM scenario has Navy ranks and Marine uniforms.
  • Add explicit 'visitor' attribute to goals and a new 'activity log' attribute.  The former replaces the overloading of 'promiscuous', and the latter is tied to the 'log all entry' zone parameter. 
  • Gateway network expansion is broken - only takes first gateway found on network attached to the computer. (Avoid problem with new attack logic).
  • Player should not be able to assign asset to static component.
  • Logic controlling creation of missing assets did not consider alternate computers after best candidate failed to provide necessary access.
  • Removed logic where untrained user creates asset on random machine.  Replace after context is provided to players in scenarios.
  • Suppress physical security tickers if scenario has zone access equipment.
  • Gamecore process after Internet up/down triggers.
  • Remove need for 'ResetAssetAttacked' and 'ResetCheckpointFailure' triggers by employing counters to ensure that any given attack or checkpoint failure is counted only once per trigger, i.e., to prevent a single trigger from going off multiple times due to a single asset compromise or checkpoint failure (and other triggers as they are developed.) 
  • In save files, write workspaces after zones to avoid checkpoint crashes.
  • SDT not reflecting invalid scenario in scenario file when missing descriptors.
  • Better attack management and reporting for keytypes scenario.
  • Don’t clear user balloon speaks when resuming play

Update 1.9h
Discrepancies
  • Physical security scenario failed if hand scanners were selected.
Update 1.9g
Discrepancies
  • Card reader in "Who Are You?" scenario disappears
Update 1.9f
Features
  • Add Passwords scenario to the training campaign.
  • Give designer control over selection of optional workspace items (e.g., trash cans) so large items don’t block preset camera angles.
  • Add intrinsic "TriggerGoneOff" condition for use in trigger condition assessments.  If text in brackets is found in condition list, the text is assumed to be the name of a trigger, and the condition parameter compared to the number of times that trigger has gone off when assessing the truth of condition.
  • Change the RandomValue condition and the SetRandom trigger such that triggered random values do not repeat until each value in a specified range is used once.  This will only be true for RandomValues that are triggered.
Discrepancies
  • SDT not reflecting invalid scenario in scenario file when missing descriptors.
  • Better attack management and reporting for keytypes scenario.
  • Increase font size on tooltips and speaks.
  • When selecting entities for dragging, entity would move toward back based on height of selection.  Change logic to move entities only relative to motion of  "SaveMouseHit" after that has settled out after entity selection.
  • When dragging entities, determine target workspace based on entity position, not the computed mouse position in 3d space (which is based on ray heuristics).
  • When zoomed 'very close', object selection experienced many dead zones.
  • IT Guy character’s head 3D model normals were reversed.
  • Change IT Guy frame rate from 30 to 24, leaving keys in place to speed up
  • walking a bit.
  • Alter tgaglue tool to expect '_animated' as suffix to image files that are
  • to be stitched.
  • Text wrapping in user description broke words in two.
  • In policy screen, change 'Allow writing passwords' to 'Allow passwords on post-its' to remove implication that writing down passwords is always bad.
  • Computer don’t quite sit on the desks.
  • Identity Theft scenario: allow use of 'automatic' antivirus setting.
  • Modify wiretap attacks to not engage in hacking -- they should only look at bits on the wire, or place bits on the wire.
  • Pretty much eliminate all use of 'SEC_TargetAsset' and such.  Just always cycle through every asset.  Looking for 'interest cones' is a waste of time.
  • Logic tracking flow of assets over networks based on user goals penalized software assurance and crypto capability based on pool of starting components rather than just the starting component used to achieve the goal.
  • User training of greater than 95 causes good password policy for that user regardless of procedural settings.
  • If the cost entry is specific to the user, the user has no trust (per designer's intent.  If cost entry is for a group that is not public, then user's trust is the base trust. Otherwise the user's trust is full -- based on background checks and base.
  • Add a 'Never Hide' switch to Assets to over-ride the 'Hide Unused Assets' global scenario switch.  Default to false.
  • Add LanPWHash scenario switch to reflect installations required to deploy password management mechanism that put clear pw hashes on the network.Release left button when dragging floor off game surface causes button to'stick' down.
  • Close zoom selection of users sometimes fails, (when going thru windows?).    Also, permit selection of computers through windows.
  • selecting user in viewport should not move camera.
  • adjust emotion bubbles for sitting users.
  • Clipping of the tickers causes font-foo whenever a tool tip displays.  Don’t clip.
  • SDT Asset cost list selection of user broken - filling in group to " " caused user to be set to "*".
  • Revise Speak Trigger to select user in info panel if camera index is provided and duration is negative.
  • In condition forms, if a blank parameter value is followed by a non-blank value, the blank parameter was skipped.
  • Add campaign descriptions to the campaign player
Update 1.9e
Features
  • Add initial user position that may be independent of workspace
  • Force users through physical control points to enter zone - may be guard,may be biometric or card reader.  Control points are only in main officeto inner zones or to main office (currently only in MS3B military site.
  •      Zone guard position are used to identify zone choke points
  •      Same positions can appear in workspace file with type "C" if
  •     there is to be peripherals (e.g., iris scanner)
  •      Add global switch that would require zone settings (e.g., iris scanner)
  •     to have corresponding components deployed to get the effect.
  •      Define device attributes reflecting scanner / card reader, etc.
  •     - just different hardware bases, need that anyway to select
  •     different artwork.  - define new type "ID_DEVICE" that is created as
  •     a computer.
  •      new conditions:
  •          ZoneHasEquip - if zone has equipment of given type as access
  •         control
  •          CheckPointFail - if given user blocked from entering given zone.
  •       Add a CheckPointReset trigger modeled on resetAssetAttack
  •      Add SetZoneBlocked Trigger to block access to a zone by a given user. 
  •     Trigger includes optional user ID (-2 applies to all users).
  •      Add LogAllEntry setting on zone security
  •      Add UserInZone condition to measure user’s current physical location.
  •      Add user animations for checkpoint actions (e.g., eye scanner).
  •      Expand buy screen to include "ID Devices".
  • Add ResetUser trigger to put user back to initial location and initial state.
  • Add "special" VISITOR department - game will not list these users in group
  • lists (e.g., in zone access or ACLs).  But player can still select user to see thoughts, etc.
  • Add a ZoneGoal abstraction to test if zone access equipment is able to reach specified assets.  Will behave just like a user asset goal, however they will be used by hidden users associated with each zone - i.e., "zone users".
  • Condition to compare two TriggersGoneOff conditions.
  • Add BurnComputerAsset and BurnComputerUser triggers
  • Add ShowObject trigger to display an arbitrary 3d object at a given location.
  • Add "skipTab" switch to camera viewpoints.  Intended for skipping selected viewpoints when player tabs through views.  Skipped viewpoints might include those that are used to show a transient 3d object (via ShowObject trigger).
  • Add "replay" function to game engine that consumes a selected log file to redo the player choices.  Intent is to aid testing longer scenarios.
  • Add "hardware base" attributes to goal such that user-interface computer must be in a specified set of allowed hardware bases (e.g., hardware must be combination scanner and card reader.)
  • Add "InternetDown" trigger to cause the Internet to fail as a delivery network. Should only (mostly) effect user goals rather than attacks.
  • Extend user definition to include parameter to dictate a specific game character (e.g., to avoid random selection of different textures, etc.)
  • Add new character textures including khaki officer and enlisted female.  And add new animations for idle sequences.
  • Add log filter for attack triggers.
  • If installed via an administrator account, two cyberciege icons appear on the desktop.
  • Password length logic failed to remove none when other choice selected in some situations.
  • Log asset allocation player choices.

Discrepancies
  • Filter logging not accurately reflecting flow direction.
  • Logging of user addition to computer broken by change in user account management.
  • Zone access based on user clearance broken when categories used.
  • VPN's auto connected to internet, don't log it or replay chokes
  • A type of VPN not recognized because of inconsistent hardware ordering.
  • Include trigger condition values in each trigger log entry.
  • Missing assets being created by users in situations where they can’t properly access the asset anyway.  Add game logic to temporarily create the asset in order to test the full asset goal logic.
  • Restore 'computer in undefined zone' error and explicitly treat guard shack as part of the main zone for ms3b base.
  • Female users’s feet don’t quite reach the floor - and thus don’t properly interact with checkpoint devices.
  • Incomplete logic to stop game action when player leaves the OFFICE screen.
  • Revise user selection logic:
  •     user not in infoPanel -> select user in info panel
  •     user in infoPanel && not bubbleSelect -> bubble select & camera select
  •     user bubbleselect -> unselect bubble and unselect camera
  •     user camera select && not bubble select, bubble select
  • Java dialogs lost focus and thus F1 would not be caught. 
  • Game reload from saved files caused crash due to uninitialized info panel data.
  • UI widget logic failed to set drawOrder, resulting in objectives phase tabs being hidden.  Moved phase bar back to proper location.
  • Alter zone ordering such that designer can specify "-1" for offsite zone, thereby always forcing it to the far right in  the network screen.
  • Don’t pause game if loss of focus is due to java dialog
  • Don’t change ws name or accounts on ws move if user already assigned to the ws
  • On game reload, initialize state variables from the "CheckObject" functions -- was causing crashes.
  • Network label assignment gui (in policyScreen) did not properly find network rights when showing popup -- but since those were last, the code worked.
  • Scenario switch "Default WS accounts" should default to true, and not be included in the SDF if true.
  • Game loader did not handle blanks in user names.
  • Detect overlapping user speaks and attempt to adjust display of speaks so they don’t overlap.
  • Include "reasons" for goal failure log entries.
  • Help links from java dialogs not properly set.
  • User’s lacking clearance caused crash if MAC components used.
  • For unassigned computers, base training on "claims" by other users, otherwise set to 100.
  • For unassigned computers, set base user trust to 100.  (Someday expand to reflect other users who utilize the computer.)
  • Info panel null values caused crash on game reloads.
  • Link to intro movie broken.
  •  Move untested and incomplete scenarios to "Extras" campaign
  • Add campaign description to player campaign selectoin dialog
  • Several scenario introductions informed player to press "e" rather than F1.

Update 1.9c
Discrepancies
  • Shorten campaign player so play button is more visible on some screens.
  • Setup file discrepancies left out User Identity scenario and student
    thesis campaigns
Update 1.9b
Discrepancies
  • Authentication server changes broke the filters and GenesRus scenarios.
  • User trust logic change broke Introduction scenario
  • Correct direct internet attack logic to not depend on malicious software.
  • Corrections to attack logic exposed error in MAC network assessments
Update 1.9a
Discrepancies
  • Running game from CD could not play saved games;
  • Corrected keyboard shortcut help
  • Restored student thesis scenarios to campaign player
Update 1.9
Features
  • Add "User Identification" scenario to illustrate federated user identity management (Authentication Servers) and challenges when identifying remote users.
  • Simplified Campaign Player, collapsed into single player with control over which campaigns and scenarios the player can start based on past achievement. Include "Advanced" menu to enable all campaigns and scenarios and to suppress the initial flash video.
  • Modify "Component Access List" logic and interface.  Change title to "Identification and Authentication".  Add SERVER button next to local.  Remove remote button.  Server will display the authentication server (if any). Remove Delete button.  The abstraction is now the user identity information known to this component, which may be explicit local lists, or may be by reference to one authentication server.  Add local authentication configuration value to components.  By default, user login is only allowed at workstations, and then only by users whom the workstation can identify (unless local authentication is not checked.)  Remote access for servers is public, but setting ACL’s requires that the server have access to user identity information, i.e., either explicitly locally managed, or via authentication server.  (UI will prevent player from defining local and authentication server.) If ACL is set with a user or group, and that group is not known to the component, the entry will be ignored but need condition to prod user. 
  • Change ACL management such that changes to ACLs are only reflected in a
  • component-local database (or shadow of rights db on asset).  These are then applied (wholesale) to the asset whenever the ACL is closed, or the identity information for the component changes.  Remote access to all components is public unless remote authentication is selected.  This then only allows access to identified users.
  • Modify button class to support tooltip rollover and right button.
  • Game switch to prevent users from being automatically added to workstation I&A databases.
  • Add user thought reflecting inability to login to assigned workstation.
  • Add AssetMissingUser and AssetMissingGroup conditions to reflect component ACL contains IDs not known to the component.
  • User thoughts confuse asset and asset goals; define both.
  • Add user thought if component containing goal’s asset does not know of the user.
  • Tracking IT support requirements.  Simplify these and make them per-zone.
  • Add actual ACL to SDF Asset form
  • Add DescribeAttack trigger that causes the attacker to speak a description of the attack.
  • Use of public computer to access remote asset requiring authentication can lead to password sniffing unless one-time passwords are required.
  • When assessing component policies, define some policies as being managed by the authentication server (if any).  Examples are password length, one-time passwords, etc.
  • Add LOGIN_AS_USER attack type to reflect attacker getting user password and thus getting user’s rights to assets.
  • Add web server ssl software type
  • Add help tip function support to buttons.
  • Change keyboard navigation to 'WASD' for up, down, left, right.  QE for rotate ccw, cw.  ZX for zoom in and out.  RT for raise lower. And CV for compress, uncompress time.
  • Add switch to control if asset creation announced via ticker
  • Change zone and component screens to make procedural and configuration lists longer.  Reduce asset allocation information to two buttons.
  • Expand time condition to include minutes
Discrepancies
  • Perform gamecore processes when new user is shown.
  • If SDT defined component has a description, include that in the COMPONENT screen summary of the component.
  • Change "No Software" to "No Applications" to reduce confusion when component has no software other than the O/S.
  • Static computers should not inherit user names, or get assigned to users who happen to appear at their workspace.
  • Start of game goal logic:  If user fails goal that does not include a missing asset, then the failure is reported and reflected in user’s status. 
  • If goal includes a missing asset, then the failure will not be noted until the game is taken off of pause and the engine has at least once chance to create the asset (as if a user were creating it).  In all cases, report a user’s failure to login to his own workstation.
  • Procedural setting of "no external software" affects whether malware is introduced, alter this to exempt user’s whose base trust is >= 95
  • log parsing failed if log numbers not contiguous starting at 1.
  • Recovery of availability after malware removed from computers.
  • Hide cursor when java popups appear
  • VPN handling logic confused by stray routers on Internet.
  • SDT string search failed, assumed a leading blank.
  • Some attacks succeeded if motive equals protection.  Motive must exceed protection for the attack to succeed.
  • Phase tabs randomly disappear - caused by assigning phase windows incorrect parent window ID -- changed parent to phase bar.
  • Enforcement of password policy controlled by authentication server

Update 1.8h
Discrepancies
  • Close background command window on game exit.
  • Release right button outside game window causes game miss button release
  • Crash.txt location not propertly communicated to user
Update 1.8g
Discrepancies
  • Crash on shared systems where user did not have write access to game/exec directory.  Move netview output files to log directories.
  • Eliminate copies of EventLog.dtd file, use file from campaign directory.
  • Fix objectives help tip on training and awareness scenario
Update 1.8f
Discrepancies
Revert to Java SDK 1.4 so customer do not require JRE 1.6

Update 1.8e
Features
  • Add navigation buttons to game interface.  Remove panning via moving cursor
    off screen. unless dragging something, or right mouse button down.
  • Make "Objectives" a tab and remove the button.  Update scenario help
    tips accordingly.  
  • Double click on log assetAttacked entry opens window with description
    of (some) attacks. 
  • Add UserAssignedZone condition to assess if user’s assigned computer is
    in the given zone
Discrepancies
  • Physical security scenario help tip to move user after the user had
    already been moved.
  • Log file errors caused game crash due to Java bug.
  • Use shortcuts with absolute paths for standard installs, and use
    relative paths for distribution CD's.  Absolute paths allow player to
    copy shortcuts.

Update 1.8d
Discrepancies
Windows not consistent across platforms when expanding environment variables in shortcuts.  Use lots of
quotes.  Kept game player from running on some platforms.

Update 1.8c
Features
  • Restructure to permit running CyberCIEGE from a CD without
    installing the program
Discrepancies
  • Remove "cost change" from asset cost list -- crashes game if used.
  • Ticker area cut off on 1024x768 displays.  Start window with top
    edge cut off instead.
  • Change minimum video RAM requirement to 64MB.
  • Fix some encyclopedia links.
  • Fix confusing directx version number dialog on installation. 
    Only display it if needed.
Update 1.8b
Discrepancies
  • Add help menu to  Campaign Player
  • Bad link to multilevel component movie from tutorial help
Update 1.8a
Discrepancies
  • Could not play saved games from campaign player
  • Could not invoke encyclopedia while message dialog displayed
Update 1.8
Features
  • Add InstallMalware trigger to place malware on a specified computer,
    unconditionally (beyond usual trigger conditions).
  • Add CameraToUser trigger.
  • Add WalkToUser, WalkToComputer Stay, triggers and UserMeetsUser condition
  • Switch to mask nighttime and all its side effects
  • Revise camera management to save scripted state (per scenario switch)
    and return to that view when play is resumed.  Player initiated pan or
    rotate will pause the game (if switch is set).
  • Allow some thoughts to depend on whether user is typing
Discrepancies
  • When in NETWORK screen, double click component should take you to
    component screen.
  • Attack logic for assets on wires should account for insiders as well as
    external attackers.  
  • Track assurance as well as (goal-driven) assets on wires.
  • Campaign Player script failed when run via a share.
  • Problem closing all SDT files when switching projects.
  • Reduce jitter in speaks bubbles when users are walking.
  • Add descriptions of causes to attack events.
  • Use Java messages instead of game engine messages so we can control placement.
  • Create dead zone around pause button to avoid accidental camera movement.
  • Highlight paused state in title bar.
  • Manage workspace files with SDF files.  CampaignManager will copy upon release.
  • Buy device without enough funds left device in limbo. Make sure it is deleted.

Update 1.7e
Features
  • Don't require administrator privilege and install into user's my documents directory 
  • Revised encyclopedia tutorials and educator's section.
Discrepancies
  • Scrap computer led to crash
Update 1.7d
Features
  • Add VirusPresentAsset condition to measure virus presence on the
    computer hosting the specific asset.
  • Add 'HoverComputerAsset" and "HoverComputerUser" triggers to display images when player hovers mouse over selected computers.  Include "duration" parameter that if non-zero is the amount of time
    the image flashes on the screen initially.  Always is hoverable until undone by another parameter.
    Modify 'set camera to user' to show user’s back.
Discrepancies
  • SDT should validate that group names do not include blanks.
  • Remove large blank spaces from workspace form in SDT.
  • Frequency of runs-while-paused triggers breaks while game is
    not paused.  Fix to clock.
  • Dragging floor sometimes does not stop when mouse button released.
  • Technical User Training Scenario missing workspace file.
  • Connectivity conditions cause sluggish game response.  Introduce
    global game state to limit assessment of these conditions to
    situations where the state has changed.
  • Add a game engine error message when SDT has a computer that
    is not in a defined zone
Update 1.7c
Features
  • Drag the floor as a way to pan the camera.
  • Add search function to SDT with automatic open of scenario element when selected from results panel.  
  • Expand user idle thoughts.
  • Standardize SDT error messages, enabling auto-open of invalid set element
  • Save SDT scenario validation state so invalid scenarios continue to be validated.
  • Moved SDT into a separate SDK distribution
Discrepancies
  • Add SDT check of all text fields to prevent use of ":", which confuses SDT and game engine since it is a delimiter.  Someday handle an escape character.
  • Remove separate SDT validate step.  Always part of build.
  • Previous fix introduced bug that keeps users from achieving shared goals using remote access
Update 1.7b
Discrepancies
  • Introduced bug to real-time triggers caused intro scenario to immediately exit.
Update 1.7a
Features
  • List authentication servers in computer summary.
  • Popup user thoughts when cursor hovers over user.
  • Add function to dump network view.
  • Extend keytype scenario to include phase on cracking passwords based on hashes sniffed from the network.
Discrepancies
  • Initialize the goal "use assigned" attribute to false so users won’t use other user’s computers to achive goals if directed in the sdf.
  • When checking user’s local access to software for a goal, consider whether the user can reasonably use that workstation.
  • Introduction movie narration slips out of synch.
  • Read sdf version field in SDT scenario loader for future use.
  • Add game index information to Campaign Analyzer to distinguish between multiple game logs for the same player.
  • Zone screen password length buttons cause game crash.
  • If component has an authentication server, don’t add local accounts.
  • SDT policy list missing "EnforcePasswordPolicy"
  • When users appear or are assigned to workspaces, update the local computer settings to change the computer name if needed.
  • Reset lighted workspace when player presses <esc>
Update 1.7
Features
  • Convert movies to flash.
  • Add Software to SDT to override defaults.
  • Introduce compatible software type.  All users in shared goal must use same application if the goal includes a software type that has the compatible attribute. 
  • Introduce crypto attribute for applications.  Access that causes flow over wire does not yield wiretap if asset motive less than application assurance.  Intended only for low-motive environments.
  • Add "GoalSW" condition that is true if the named goal is being met using a specific application.  Only meaningful for shared goals requiring compatible applications.
  • Add software type that reflects an intended use of exchanging messages such as instant messaging software (and possibly email).  When this software type is required for a shared asset goal, remote users need not have access to the component that contains the asset.  They only need some form of connectivity.  Note that a separate goal must be defined to assess whether the "originating" user has access to the asset in the first place.  The shared goal cannot be used because it does not measure initial access.
  • Extend triggers to include an optional list of slave triggers that are executed following the execution of the master trigger.  Conditions on slaves are ignored.
  • Add user attribute to not display user if it has no current goals.
  • Introduce an "exclusive" software type attribute.  Installation of application of this type automatically removes existing application of same type. 
  • When withdrawing tickers, don’t erase displayed ticker based on new ticker trigger field.
  • Internet wiretaps don’t account for modification motives.
  • Extend AssetToNetworkByFilterType to include a Boolean reflecting whether the assessment is to measure a user’s goal, or an attack.  The latter can use computers as gateways.
  • AssetGetMotive function did not properly account for read/write access, thereby sometimes missing high read motives.
Discrepancies
  • Filter scenario did not clear objectives upon win.
  • Triggers that "run while paused" sometimes have delay in execution, i.e., do not follow other non-pause triggers that have identical conditions.
  • Use of software type in asset goal caused crash if no network devices on path.
  • Software types are either local or server.  If local, then goals require that the user have local access to a workstation (or future thin client connected to server) that has that software.
  • Add software requirements to the user asset summary.
  • Wiretap attacks did not include insiders.
  • Use hover-help to display entire software description (had been truncated).
  • Cost list entries were generating motives even when user had intended access.  "Public" worked ok, but other groups and users did not.  There should be no motive if user has access.
  • If software is free, lack of player cash should not matter.
  • Add SDF version to each file to control engine processing for compatibility.
  • Trigger frequency for runs-while-paused triggers adjusted so frequency of "999" means "only once".
  • If error due to fonts or sound card, pop up a message to the player.
  • End failed experiment with active x in encyclopedia; remove hyperlinks from lab manuals
  • due to difficulty in managing relative links from different execution environments.
  • Log entry for zone events don’t include zone name.
  • debounce left click so more than one user speaks is not cleared.
  • Play with logic that compares camera to user location when deciding whether to move camera for a user speaks.  Still misses somtimes.
  • Don’t display user emotion bubble unless player clicks on the user.  Camera selection resulting from speaks and "u" should not display this bubble.
  • Logic to keep users from wandering into forbidden zones had exception for m3a office  -- remove.
  • pressing "p" should clear tool tips.
  • Revise condition test logic to always check player-directed state changes such as AWAIT_CLICK; otherwise time windows result in inconsistent messages to the player.
  • Add malware attack to filters scenario to handle topologies for which direct attacks are not yet tuned.
  • Viewpoint height and zoom not saved, so reloaded scenarios had jumpy panning from tabbed viewpoints.

Update 1.6j
Features
Added encryption campaign including link encrytor and vpn scenarios. Added movies on encryption and multilevel components

Discrepancies
Extend AssetToNetworkByFilterType to include a Boolean reflecting whether the assessment is to measure a user’s goal, or an attack. The latter can use computers as gateways. AssetGetMotive function did not properly account for read/write access, thereby sometimes missing high read motives. Filter scenario did not clear objectives upon win.

Update 1.6i
Descrepancies
Modification in 1.6h caused computer display in info panel to periodically disappear. Internet wiretaps don’t account for modification motives. Remove randomness from "AttackPathDefeat" routine. Further implementation of global switch to suppress tickers resulting from attacks.

Update 1.6h
Descrepancies
Wildcards in UserHappiness and UserProductivity conditions don’t validate and don’t work. Introduce ".wild" extension to condition.ini combo type syntax to allow wildcards for selected validated combo boxes. Iris scanners and basic alarms had too small effect on physical security. Ambiguous exception messages when saving selected SDT file types. More wiretap, fixes to consider whether the asset would/could actually flow over the link. Asset ACL display does not properly include users other than that selected in list. Network device costs not per SDT, rather are hardcoded by hardware type. Validate objective names in setObjectiveStatus trigger

Features
Switch to control whether workstations inherit user names. Add Network File Services as a software type, and add a product. Add "NoLoans" switch to prevent user from spending more than cash on hand. Extend basic desktops to run Lunitos O/S.

Update 1.6g
Descrepancy
SDT did not display pulldown list of elements within a scenario element set.

Update 1.6f
Features
Trigger to control whether a component shows up in the catalogue

Descrepancies
Many link encryptor and wiretap logic fixes. Link encryptor with software subject to subversion. When assessing wiretaps, consider whether the asset would/could actually flow over the link. Base on successful user goals. SDT did not reset scenario extra syntax text area when changing scenarios. SDT did not properly retain last open project for users whose datapath.ini file are in their home directory. Store open descriptors in lastscenario.ini (instead of scenario source file) so changes don’t cause change to scenario source files. Only build or validate a scenario if one of its sets has changed. Fixed allocation of space for computers, up to 50 for now. Dynamic allocation logic broke existing computer handles. So creating a computer within the attack engine caused many crashes.

Update 1.6c
Features
Track duration of link encryptor key usage to detect stale keys. Alter AssetInZone condition to treat blank zone as "any" zone.

Update 1.6b
Features
Add link encryptor popup help and 'CompanyHasLinkEncrypt' condition to count link encryptors and 'NetworkHasLinkEncrypt'

Descrepancies
Network device operating system management was a hack. These device may or may not have operating systems per SDT. And O/S strength must affect at least vpns. Game time does not track conditional time. Don’t recreate native JVM on restart, otherwise game crashes. Changed question dialogs to use java for flexibile presentations. Cursor disappears in title bar, making it hard to close the window. Refresh screen periodically after losing focus so cursor appears. Avoid crash sometimes resulting from dragging nothing. Eliminate crashes due to trying to move support staff. Triggers that may effect user happiness or productivity should be followed by gamecore processing and an info panel update to reflect changes without waiting for the next periodic cycle. Process gamecore after closing filters or link encryptor popups. Engine had odd logic to not assess penalties during first game hour. This resulted in inconsistent behavior, e.g., changes were not reflected until hours ticked away. Catch rare instance in filters scenario where phase transitions because steel goal achieved before asset is created. Smooth ticker scrolling a bit.

Update 1.6a

Features
Withdraw queued tickers (from triggers) if the conditions that set the ticker become false. Add 'leased' attribute to network to reflect it can be in main office and offsite. Added educator's section to encyclopedia. Minor revisions to introduction, filters and GenesRus.

Discrepancies
The 'l' key function to toggle between main site and offsite failed when going back to main site.

Update 1.6

Features
Revised encyclopedia to use standard windows html help with table of contents and index.

Discrepancies
Corrected a few crash bugs.

Update 1.5i

Discrepancies
Some movie links were broken. SDT crashed if current project directory is deleted.

Update 1.5h

Discrepancies
The quicktime movie player reported errors on some platforms.

Update 1.5g

Discrepancies
Introduced bug prevented saved games from loading.

Update 1.5f

Discrepancies
Missing file kept Identity Theft scenario from running.

Update 1.5e

Features
Add tutorial movie on using network filters

Discrepancies
Don't update screen if game loses focus -- was interfering with some movie displays.

Update 1.5d

Features
Drag and drop users to new workspaces. New physical security scenario to introduce zones and related basic concepts to help new players. Assess conditions after each trigger. Adjust money on each clock tick, reflect bonus/penalty in $/hour. Don't display support staff costs and budget if there is none; and remove these from scenarios that don't really use them.

Discrepancies
Delete old tickers at game restart. Bug caused guards at doors to periodically start walking, then stop, caused doors to open in large military site. Remove insider advantage to accessing internal zones.

Update 1.5c

Features
Player can now get immediate refunds on physical security purchases, allowing player to test effects of different security settings without incurring costs. Double-click on user or computer in USER or COMPONENT screen transfers to OFFICE screen with the item selected entity. When placing computers, highlight invalid workspaces in red. Add zoom and height information to selectable camera positions so relative movement from those positions is smooth. See ViewPoints section in SDT User manual.

Update 1.5b

Features
Add Navy IA training/awareness scenario. Drag and drop components instead of scrap and repurchase.

Discrepancies

Update 1.5a
Unable to view log or see saved games for some user ids, e.g., "Administrator" vice "administrator" in w2000. Fix joint strike force component list ordering so components are not ignored.

Features
Simplified filters interface

Update 1.5

Features
Clicking on zone maps in the ZONE screen now selects the corresponding zone. In the NETWORK screen, when a component is selected, the network buttons of attached networks are depressed. More button help popups. Removed the confusing plug icon from the NETWORK screen.

Discrepancies
Clarified quiz answering mechanism in "Life with Macros". Fixed SDT bug that caused antivirus settings to appear when they were not selected. Revised campaign player layout to expand view of the scenario briefing. Reduced likelihood of "weak CM" resulting viruses.

Update 1.4u

Features
Add help tips for buttons and window panes, activated by hovering or right click. Add summary of current cash to the COMPONENT and ZONE screens. Make training purchase per selected user rather than for each user and restore pop up summary of what you just purchased.

Discrepancies
Fix SDT failure when login name include a space. Correct SDT User Guide tutorial information.

Update 1.4t

Discrepancies
Fixed quicktime crash. Put updated sdt project directories in CyberCIEGE subdirectory. Fix delay in display of saved games in campaign player

Update 1.4s

Discrepancies
Incorrect workspace and zone files for StartOffice scenario (SDT Tutorial). Zone physical security costs did not display proper values. When creating user assets, give preference to user's assigned workstation. Insufficient array size for zone logging variable. Misc. spelling corrections. Use default browser for "getting started". Use alt browser for in-game encyclopedia to get anchors.

Update 1.4r

Discrepancies
Back again to default browser because the "alt" browser required that it be closed prior to the game terminating. This froze the player screen. Limitation is that it does not accept anchors, e.g., to go to a spot within a web page. Missing workspace file caused id theft scenario to fail. Problem with campaign manager stream I/O. Crashed on some platforms. Problem with multiple instances of gameshell starting in some networked environments. Added named semaphore to reduce occurence.

Update 1.4q

Discrepancies
Revert to ie-type browser; default browser logic creates multiple browser instances when ie is used. Fix GenesRus scenario, was missing a security label and player did not receive enough of a bonus at the end to buy the necessary workstation. Define a workspace directory switch, and have the SDT copy workspace files there. When moving intended rights of asset into actual rights, only copy dac rights -- was breaking user goals in multilevel environments.

Update 1.4p

Discrepancies
Encylopedia fails on Windows 2000; Add "order" field to sdt zone screen. STD now sorts element lists alphabetically. So zone order (at least the main zone) must be explicit rather than Order dependent. Joint Strike Force scenario revision. Scenario still requires a lot of work.

Update 1.4o

Features:
Use default browser rather than just IE. Add software descriptions to encyclopedia for logistics software type.

Discrepancies:
Selecting different campaigns from the player failed. Existing game by closing the window corrupts log.

Update 1.4n

Features:
Add a complete "Getting Started" section to the encyclopedia; Add Lab and instructor manuals for "Introduction" scenario; Fixed introduction scenario to play more easily and have more consistent help tips; Add an Identity Theft scenario; When a computer is scrapped or stolen, associate its procedural settings with the assigned user (if any) so they can be applied to the new computer. Also move settings when user is re-assigned.

Update 1.4m

Discrepancies:
Value reflecting hard disk elements not initialized. Clarify filters scenario objective for protecting steel formula.

Update 1.4l

Discrepancies:
Unitialized labels in filters scenario. Save phases in filters scenario. Msc encyclopedia updates.

Update 1.4k

Discrepancies:
Missing updated SDT ini files.

Update 1.4j

Features:
Remove "administrator software control" and replace it with "user runs privileged"; Account for attacker with physical access to machine causing boot of kit, or linking machine to network. For now, if motive > 500 && machine lacks MAC, enable this attack even if OS strength exceeds motive; Add user goal attribute "PromiscDocs" reflecting need to handle many external files, e.g., .doc or .xls that may contain macro viruses. If set there should be some antivirus between the user and the Internet. Initially just check users computer; Add ClearMalware trigger to remove all malware from all components; Modify register condition to assess single characters such as "y", "n" or, "a" to support multiple choice questions; Default workstation names to the user name followed by _ws; Add "StaticSelectable" switch to zones to reflect the zone is static but has the protections per the SDF selections rather than a default of 1000 for plain static zones.

Discrepancies:
Correct network transveral logic for attacks when link encryptors are used, had only worked if target asset was adjacent to link encryptor; When regenerating filters, first check to confirm device supports them to avoid crash; ZoneHasSecurityValue condition should be run while paused; User or public accounts on components were not permitting attackers to "hack to computer"; Fix logic to distinguish local and remote accounts; MAC components not properly blocking flow when used as gateways; Combination of network connections on multilevel systems and support staff causes a crash.

Update 1.4i

Discrepancies:
Back up to JDK 1.4 SDK to prevent failures on 1.4 jre.

Update 1.4h

Features:
Add an "Easy ACLs" option to control whether player selection of "Protect with ACLs" will cause existing ACLs to be corrected to match intended access. Default value is "false", i.e., the player must manually modify the ACLs; Add a "Reset Encylopedia Override" trigger; Remove automatic reduction in costs resulting from attacks. Each attack should result in a cost per the SDT; Add "AssetToNetworkFilterCount" condition that is true if the number of Open filters in the specified direction exceeds a given value; Extend trigger condition parameter logic to allow some conditions to be assessed as "greater than" rather than just equal to. First candidate is AssetToNetworkFilterCount; List computer availability and software in the COMPUTER screen; Remove levels of randomness from DAC attacks Remove 1-in-4 randomness from "asset copied" floater -- relic of build having frequent attacks; Disable effects of executing and/or stripping email attachments unless there is some form of connectivity to the Internet; Change the effect of users on zone security to measure users assigned to the zone vice where the user currently is walking. Was too non-deterministic.

Discrepancies:
Offsite users were assumed to have access to the main enterprise office; Offsite racked computers not selectable with cursor; Combination of network connections on multilevel systems and support staff causes a crash.

Update 1.4g

Discrepancies:
Adding extra network connections to gateways broke logic of AssetToNetwork condition. Addition of random Trojan horse software sometimes resulted in crashes, e.g., if O/S had not supported malware. Disconnecting networks caused crash if AssetToNetwork condition was active. Crash in network screen after game load.

Update 1.4f

Features:
Support paragraph delimiters in user descriptions, objectives, etc.; Base hardware types phased out such that only icons are inherited from them. All else defined in catalogs.

Discrepancies:
Scrap computer caused game crash when returning from Component screen. Filters scenaio missing SSH software on server -- player should not have to buy this.

Update 1.4e

Features:
Add GIN O/S to the Blato Server base.

Discrepancies:
Missing workspace file caused Stop Worms scenario to crash on new installations.

Update 1.4c

Features:
Change filer "in / out" labels and descriptions to "to / from". Add a "Internal IP Addresses" entry to the filter list for ip address spoofing scenarios. Add Word processor, browser, email client and antivirus to GIN operating system. Suspend time while filter screen and buy screens are displayed. Support paragraph delimiters for user descriptions, objectives and the quit screen.

Update 1.4b

Features:
Add software type to software buy screen so player knows what kind of software is being described. Add "GIN" (Government Issued Nix) operating system for simple software integrity scenarios. And add a "Logistics Management" software type with instances of "Agile 2005", "Sure Right Pro", and "Log On". Use catalogue item names in buy screen and computer displays.

Discrepancies: Save and load acls that are actually on assets (not just intended access).

Update 1.4a

Discrepancies: Correct SDT catelogue handling of O/S and SW dependencies. Caused corruption and crashes.

Update 1.4

Features: Play splash before starting player. New shortcuts and batch file structure.

Discrepancies: Double clicking zone floor went to component screen.

Update 1.3p

Features: Play short movies from quicktime. Introduce the "stop worms" training scenario.

Update 1.3o

Features: Add boolean to ChangeEncyloTrigger to launch the encyclopedia right away. Allow camera positions for offsite (e.g., home office). Add PlayMovie trigger.

Discrepancies: Initialization differences between selecting component w/ double click and selecting Components tab. The former results in list corruption.

Update 1.3n
Features: Added trigger for users to speak with caroon-type baloons. Added user thoughts trigger. Add question trigger for quizzing player. Cleaned up objectives display. Simplified component information panel so player need not close it to continue. Improve game-over display. Keep a user selected while clicking to close help tips and user speak baloons. Change "u" key to only itereate through users. "s" key itereates through support staff. Don't process "runs while paused" triggers while a dialog is pending.

Update 1.3m

Discrepancies: Bad log entries crash game player and assetssment tool. Automatically rename bad log files and eliminate most bad log entries. Fix errors in hardware to O/S mapping file for SDT.

Update 1.3l

Discrepancies: Remove stale user thoughts about failed goals; Constrain SDT O/S list based on the selected hardware and software list based on the selected O/S.

Update 1.3k

Discrepancies: Fix SDT log viewing for users with multiwork login ids.

Update 1.3j

Discrepancies: Correct vanishing user problem in home office; Consistent opening and closing of the objectives screen in the game.

Update 1.3i

Discrepancies: Correct SDT physical component form management error exposed by java 1.5.

Update 1.3h

Features: Improve management of user thoughts so they better reflect what is happening in the scenario. Reduce availability of computers containing virus. Improve availabily effects on user goals. Link virus propogation to motives and computer settings.

Discrepancies:Corrected trigger and condition form refresh problem in SDT for java 1.5. Add user thought trigger. Clean up screen remnants caused by going from Office with computer or user selected to asset or user screen. Remove redundant clone project menu item from sdt. Fix classpath in sdt.bat. Correct log entries for software removal and additions.

Update 1.3g

Discrepancies: Correct SDT forms layout to work with lower resolution screens.

Update 1.3f

Features: Allow SDT to run from server, storing user's information in the home directory.

Discrepancies: Correct problem in launching SDT from start menu; remove blanks from initial blank SDT scenarios and prevent blanks in scenario names.

Update 1.3e

Features: Selecting a security label from USER or ASSET screen displays "clearances" window that describes the selected label; Added "Clone Project" to SDT. If user cannot modify directory with datapath.ini, creates the file in user home directory.

Update 1.3d

Discrepancy: Game was crashing on some W2000 systems.

Features: Add version strings to SDFs.

Update 1.3c

Discrepancy: Another bug kept program from running with java 1.5

Update 1.3b

Features: Improved filters scenario gameplay. Added SDF switch for creating assets while the game is paused.
Discrepancies: Fixed xml bug that kept game from running with java 1.5.

Update 1.3a

Features: Enable campaign analyzer tool.

Update 1.2n

Features: Additional logging changes in support of student assessment tools. Introduce initial student assessment tools and viewing of formatted logs in the SDT.

Update 1.2m

Features:Reformat of log for eventual use in student assessment tool; Also added a "-V" command line argument to define default save/load directory for the player.

Discrepancies:Corrected error in creation of user results directory when user has more than one word in the login name; Fixed crash when pressing background check button in scenarios with no labels.

Update 1.2l

Features:Added trouble shooting section to readme file, and copy readme file into CyberCIEGE directory.
Discrepancies:Fix error that put logs in the exec directory instead of individual user directories in the game/results directory. This broke server based installations.

Update 1.2k

Discrepancies:Revised "Introduction" scenario to remove default "no media leaves zone" procedural setting from zone.

Update 1.2j

Features: Add physical security and penalties for over-the top policies to Introduction scenario; Remove randomness from tutorial mode attacks.
Discrepancies:Include non-targeted hardware in triggered media attacks; If trigger conditions become invalid during delay, restart the counter. Triggers must remain valid throughout the fixed/random delays

Update 1.2i

Features: Allow player to restart or load new game after win or loss. After win/loss game enters Game Over state which can only be left by quitting game, loading new game, or restarting old game. Allow [Esc] to exit debrief screen from quit so player can continue or save the game;
Improve Introduction scenario descriptions and gameplay.
Discrepancies: Elapsed time not reset when new game is loaded; ACLs on assets not properly handled. Intended access should never change. ACL in component screen should reflect ACL setting on component. ; User training cost calculations broken. Tutorial mode makes it worse.

Update 1.2h

Features: Allow SDF defined filters to be additive.
Discrepancies: Remove "social attacks" that result in incorrect asset corruption.

Update 1.2g

Features:Tune gateway device filters for moderate motives; Make filters active between internal networks; Permit assetAttacked condition with -1 as attack type, meaning any attack type.
Discrepancies:Asset Cost list motive change does not work. Add trigger to change motive instead; Increase frequency of malware attack from computer to computer.

Update 1.2f

Features:Support no password length selection to indicate passwords are not needed. Improve handling of poor password policies.

Discrepancies:Handle quoted strings in command arguments for use with windows directory names. Resulted in problem with users whose login name is more than one word; Authentication servers do not work for workstations. User should have local access if workstation names authentication server that lists user as having local access; User should not achieve goal if MAC network connection has no label, and indicate missing label in component screen; Categories not properly saved (side effect of earlier fix to allow any character in category); Random media thief steals assets having no disclosure motive and incurs the modify cost.

Update 1.2e

Discrepancies:Movies in wrong directory in 1.2d complete; Revised trap door attack messages; Fixed GenesRus zone overlap.

Update 1.2d

Discrepancy: The algorithm for selecting unique computer names fails when games are saved and loaded, resulting in duplicate names which break the game.

Discrepancy: Improved GenesRUS attack differentiation.

Discrepancy: Removed extraneous workspace from Filters scenario that caused bought components to disappear.

Update 1.2c

Feature: Permit use of any single character as a label category.

Discrepancies: Game freeze when saving game to default name.

Update 1.2b

Feature: Improved ability to find desks to place computers and move users by use of the "=" key.

Discrepancies: Fix bug leading to crash after scrap of computer. Correct scroll bar handling.

Update 1.2a

Discrepancy: Correct invalid win condition in GenesRUS scenario. Govern time compression and remove "q" key function.

Update 1.2

Features: Expanded network support and improved support for user sharing of workstations. Ability to bail on buy decision just before item is placed. SDF specified cost for introducing a network into a zone.

Update 1.1c

Discrepancy: Broken encyclopedia links and bad paragraph token

Update 1.1b

Discrepancy: The Scenario Development Tool does not properly handle procedural security library names.


Update 1.1a

Discrepancy:  When installed on a PC that is part of a networked domain, the tool may not launch from the “Start / Programs” buttons.