A laboratory based capstone course in computer security for undergraduates
Proceedings of the 37th SIGCSE technical symposium on Computer science education
What Hackers Learn that the Rest of Us Don't: Notes on Hacker Curriculum
IEEE Security and Privacy
Helping Students 0wn Their Own Code
IEEE Security and Privacy
Organizing large scale hacking competitions
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Experiences with practice-focused undergraduate security education
CSET'10 Proceedings of the 3rd international conference on Cyber security experimentation and test
The blunderdome: an offensive exercise for building network, systems, and web security awareness
CSET'10 Proceedings of the 3rd international conference on Cyber security experimentation and test
Webseclab security education workbench
CSET'10 Proceedings of the 3rd international conference on Cyber security experimentation and test
Cyber security exercises and competitions as a platform for cyber security experiments
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Applying Puzzle-Based Learning to Cyber-Security Education
Proceedings of the 2013 on InfoSecCD '13: Information Security Curriculum Development Conference
| Hi-index | 0.01 |
Many popular and well-established cyber security Capture the Flag (CTF) exercises are held each year in a variety of settings, including universities and semiprofessional security conferences. CTF formats also vary greatly, ranging from linear puzzle-like challenges to team-based offensive and defensive free-for-all hacking competitions. While these events are exciting and important as contests of skill, they offer limited educational opportunities. In particular, since participation requires considerable a priori domain knowledge and practical computer security expertise, the majority of typical computer science students are excluded from taking part in these events. Our goal in designing and running the MIT/LL CTF was to make the experience accessible to a wider community by providing an environment that would not only test and challenge the computer security skills of the participants, but also educate and prepare those without an extensive prior expertise. This paper describes our experience in designing, organizing, and running an education-focused CTF, and discusses our teaching methods, game design, scoring measures, logged data, and lessons learned.