The field of cybersecurity is adversarial - the real challenge lies in outsmarting motivated and knowledgeable human attackers. Sadly, this aspect is missing from current cybersecurity classes, which are often taught through lectures and occasionally through “get your feet wet” practical exercises. We propose Class Capture-the-Flag exercises (CCTFs) to revitalize cybersecurity education. These are small-scoped competitions that pit teams of students against each other in realistic attack-defense scenarios. We describe how to design these exercises to be easy for teachers to conduct and grade, easy for students to prepare for and a lot of fun for everyone involved. We also provide descriptions of CCTFs we have developed and recount our experiences of using them in class.
|Original language||English (US)|
|State||Published - 2014|
|Event||2014 USENIX Summit on Gaming, Games, and Gamification in Security Education, 3GSE 2014 - San Diego, United States|
Duration: Aug 18 2014 → …
|Conference||2014 USENIX Summit on Gaming, Games, and Gamification in Security Education, 3GSE 2014|
|Period||8/18/14 → …|
Bibliographical noteFunding Information:
The DeterLab testbed  is the deployment platform for our exercises. DeterLab is an open and free-for-use research and education testbed funded by the Department of Homeland Security and the National Science Foundation. Co-hosted by USC/ISI and UC Berkeley, it currently includes approximately 500 physical machines and is used by more than 3,700 users in 30 countries. About 75% of these are educational users.
∗This work is in part supported by the DHS grant N66001-10-C-2018. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Department of Homeland Security.
© 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education, 3GSE 2014. All rights reserved.
Copyright 2021 Elsevier B.V., All rights reserved.