Abstract
Computer security competitions and challenges are a way to foster innovation and educate students in a highly-motivating setting. In recent years, a number of different security competitions and challenges were carried out, each with different characteristics, configurations, and goals. From 2003 to 2007, we carried out a number of live security exercises involving dozens of universities from around the world. These exercises were designed as “traditional” Capture The Flag competitions, where teams both attacked and defended a virtualized host, which provided several vulnerable services. In 2008 and 2009, we introduced two completely new types of competition: a security “treasure hunt” and a botnet-inspired competition. These two competitions, to date, represent the largest live security exercises ever attempted and involved hundreds of students across the globe. In this paper, we describe these two new competition designs, the challenges overcome, and the lessons learned, with the goal of providing useful guidelines to other educators who want to pursue the organization of similar events.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Augustine, T., Dodge, R.: Cyber Defense Exercise: Meeting Learning Objectives thru Competition. In: Proceedings of the Colloquium for Information Systems Security Education, CISSE (2006)
ComputerMajors.com: Computer Science Degrees: Starting Salaries (June 2009), http://www.computermajors.com/starting-salaries-for-computer-science-grads
Cowan, C., Arnold, S., Beattie, S., Wright, C., Viega, J.: Defcon Capture the Flag: defending vulnerable code from intense attack. In: Proceedings of the DARPA Information Survivability Conference and Exposition (April 2003)
Group, T.H.: The ructf challenge (2009), http://www.ructf.org
Mullins, B., Lacey, T., Mills, R., Trechter, J., Bass, S.: How the Cyber Defense Exercise Shaped an Information-Assurance Curriculum. IEEE Security & Privacy 5(5) (2007)
Pimenidis, L.: Cipher: capture the flag (2008), http://www.cipher-ctf.org/
Pwn2own 2009 at cansecwest (March 2009), http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009
Schepens, W., Ragsdale, D., Surdu, J.: The Cyber Defense Exercise: An Evaluation of the Effectiveness of Information Assurance Education. Black Hat Federal (2003)
SecurityFocus: Sina DLoader Class ActiveX Control ’DonwloadAndInstall’ Method Arbitrary File Download Vulnerability, http://www.securityfocus.com/bid/30223/info
Vigna, G.: Teaching Hands-On Network Security: Testbeds and Live Exercises. Journal of Information Warfare 3(2), 8–25 (2003)
Vigna, G.: Teaching Network Security Through Live Exercises. In: Irvine, C., Armstrong, H. (eds.) Proceedings of the Third Annual World Conference on Information Security Education (WISE 3), June 2003, pp. 3–18. Kluwer Academic Publishers, Monterey (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Childers, N. et al. (2010). Organizing Large Scale Hacking Competitions. In: Kreibich, C., Jahnke, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2010. Lecture Notes in Computer Science, vol 6201. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14215-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-14215-4_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14214-7
Online ISBN: 978-3-642-14215-4
eBook Packages: Computer ScienceComputer Science (R0)