TY - CONF
T1 - AutoCTF
T2 - 11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017
AU - Hulin, Patrick
AU - Davis, Andy
AU - Sridhar, Rahul
AU - Fasano, Andrew
AU - Gallagher, Cody
AU - Sedlacek, Aaron
AU - Leek, Tim
AU - Dolan-Gavitt, Brendan
N1 - Funding Information:
This material is based upon work supported under Air Force Contract No. FA8721-05-C-0002 and/or FA8702-15-D-0001. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the U.S. Air Force. Many thanks to all the players in our CTF, with special thanks to Nick Gregory, Josh Hofing, Will Blair, Nick Burnett, and Toshi Piazza, who agreed to be interviewed for this work.
Funding Information:
∗This material is based upon work supported under Air Force Contract No. FA8721-05-C-0002 and/or FA8702-15-D-0001. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the U.S. Air Force.
Publisher Copyright:
© 2017 USENIX Association. All rights reserved.
PY - 2017
Y1 - 2017
N2 - Capture the Flag (CTF) is a popular computer security exercise in which teams competitively attack and/or defend programs in real time. CTFs are currently expensive to build and run; each is a bespoke affair, with challenges and vulnerabilities crafted by experts. This not only limits the educational value for players but also restricts what researchers can learn about human activities during the competition. In this work, we take steps towards making CTFs cheap and reusable by extending our LAVA bug injection system to add exploitable vulnerabilities, enabling rapid generation of new CTF challenges. New LAVA bug types, including memory corruption and address disclosure, form a sufficient set of primitives for program exploitation. We used these techniques to create AutoCTF, a week-long event involving teams from four universities. In order to assess how AutoCTF differed from a handmade CTF we conducted surveys and semi-structured interviews after the event. We evaluated both challenge realism and relative effort expended on bug finding and exploit development. Our preliminary results indicate that AutoCTF can form the basis for cost-effective and reusable CTFs, allowing them to be run often and easily. These CTFs can be used to train new generations of security researchers and provide empirical data on human vulnerability discovery and exploit development.
AB - Capture the Flag (CTF) is a popular computer security exercise in which teams competitively attack and/or defend programs in real time. CTFs are currently expensive to build and run; each is a bespoke affair, with challenges and vulnerabilities crafted by experts. This not only limits the educational value for players but also restricts what researchers can learn about human activities during the competition. In this work, we take steps towards making CTFs cheap and reusable by extending our LAVA bug injection system to add exploitable vulnerabilities, enabling rapid generation of new CTF challenges. New LAVA bug types, including memory corruption and address disclosure, form a sufficient set of primitives for program exploitation. We used these techniques to create AutoCTF, a week-long event involving teams from four universities. In order to assess how AutoCTF differed from a handmade CTF we conducted surveys and semi-structured interviews after the event. We evaluated both challenge realism and relative effort expended on bug finding and exploit development. Our preliminary results indicate that AutoCTF can form the basis for cost-effective and reusable CTFs, allowing them to be run often and easily. These CTFs can be used to train new generations of security researchers and provide empirical data on human vulnerability discovery and exploit development.
UR - http://www.scopus.com/inward/record.url?scp=85084161625&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85084161625&partnerID=8YFLogxK
M3 - Paper
AN - SCOPUS:85084161625
Y2 - 14 August 2017 through 15 August 2017
ER -