Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Overview
  • Attend
    • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
    • Students and Grants
    • Co-located Workshops
  • Program
  • Participate
    • Instructions for Participants
    • Call for Papers
  • Sponsorship
  • About
    • Summit Organizers
    • Services
    • Questions
    • Help Promote!
    • Past Summits
  • Overview
  • Attend
    • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
    • Students and Grants
    • Co-located Workshops
  • Program
  • Participate
    • Instructions for Participants
    • Call for Papers
  • Sponsorship
  • About
    • Summit Organizers
    • Services
    • Questions
    • Help Promote!
    • Past Summits

sponsors

Platinum Sponsor

help promote

CSET '15 button

Get more
Help Promote graphics!

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Automatic Problem Generation for Capture-the-Flag Competitions
Tweet

connect with us

Automatic Problem Generation for Capture-the-Flag Competitions

Authors: 

Jonathan Burket, Peter Chapman, Tim Becker, Christopher Ganas, and David Brumley, Carnegie Mellon University

Abstract: 

Computer security games, especially capture-the-flag (CTF) competitions, are growing in popularity. A typical CTF contest presents users with a set of hacking challenges, where correct solutions reveal a text “flag” that can be submitted to a scoring server. In traditional CTF architectures, the problem and the flag are the same across the competition.

In this paper we discuss automatic problem generation (APG), where a given challenge is not fixed, but rather can have many different automatically generated problem instances. APG offers players a unique competition experience and can facilitate deliberate practice where problems vary just enough to make sure a user can replicate the solution idea. APG also allows competition administrators the ability to detect when users submit a copied flag from another user to the scoring server. In 2014 we ran a large-scale CTF competition called PicoCTF, where we measured the prevalence of flag sharing. Our results indicate that about 0.8% of flags submitted to AGP problems were copied, with 14% of teams submitting at least one shared flag. In 68% of flag sharing cases, teams went on to eventually solve the problem on their own.

Jonathan Burket, Carnegie Mellon University

Peter Chapman, Carnegie Mellon University

Tim Becker, Carnegie Mellon University

Christopher Ganas, Carnegie Mellon University

David Brumley, Carnegie Mellon University

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {191765,
author = {Jonathan Burket and Peter Chapman and Tim Becker and Christopher Ganas and David Brumley},
title = {Automatic Problem Generation for {Capture-the-Flag} Competitions},
booktitle = {2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15)},
year = {2015},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/3gse15/summit-program/presentation/burket},
publisher = {USENIX Association},
month = aug,
}
Download
Burket PDF
View the slides
  • Log in or    Register to post comments

Platinum Sponsors

© USENIX

  • Privacy Policy
  • Contact Us