Ten years of iCTF: The good, the bad, and the ugly

Giovanni Vigna, Kevin Borgolte, Jacopo Corbetta, Adam Doupe, Yanick Fratantonio, Luca Invernizzi, Dhilung Kirat, Yan Shoshitaishvili

Research output: Contribution to conferencePaperpeer-review

42 Scopus citations

Abstract

Security competitions have become a popular way to foster security education by creating a competitive environment in which participants go beyond the effort usually required in traditional security courses. Live security competitions (also called “Capture The Flag,” or CTF competitions) are particularly well-suited to support hands-on experience, as they usually have both an attack and a defense component. Unfortunately, because these competitions put several (possibly many) teams against one another, they are difficult to design, implement, and run. This paper presents a framework that is based on the lessons learned in running, for more than 10 years, the largest educational CTF in the world, called iCTF. The framework's goal is to provide educational institutions and other organizations with the ability to run customizable CTF competitions. The framework is open and leverages the security community for the creation of a corpus of educational security challenges.

Original languageEnglish (US)
StatePublished - 2014
Externally publishedYes
Event2014 USENIX Summit on Gaming, Games, and Gamification in Security Education, 3GSE 2014 - San Diego, United States
Duration: Aug 18 2014 → …

Conference

Conference2014 USENIX Summit on Gaming, Games, and Gamification in Security Education, 3GSE 2014
Country/TerritoryUnited States
CitySan Diego
Period8/18/14 → …

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality
  • Education

Fingerprint

Dive into the research topics of 'Ten years of iCTF: The good, the bad, and the ugly'. Together they form a unique fingerprint.

Cite this