CTF: State-of-the-Art and Building the Next Generation


Clark Taylor, University of Arizona and Lawrence Livermore National Laboratory; Pablo Arias, North Carolina A&T and Lawrence Livermore National Laboratory; Jim Klopchic, Celeste Matarazzo, and Evi Dube, Lawrence Livermore National Laboratory


Capture the flag (CTF) style events have become increasingly popular events for recruitment, training, evaluation, and recreation in the field of computer security. Today, there exists a vast array of CTF software; this software may be divided generally into game engines and challenge components. Game engines, which determine the overall style of the competition, can be categorized into those which support dynamic challenges and those which support static challenges. A small number of game engines are open and available for any party to develop their own challenges on, though most are proprietary solutions.

Over the course of the last 8 years, the Cyber Defenders group at Lawrence Livermore National Laboratory hosted an annual CTF event for its interns, in the process evaluating different CTF types and engines and ultimately developing data on the state-ofthe- art in this field. While these events resulted in a large degree of success with regard to the goals mentioned above, a critical evaluation of the software both used by the Cyber Defenders and generally across the entire field revealed several shortcomings of current CTF practices. In particular, current software may be improved with regard to challenge realism, costs and accessibility, educational applications, and research potential. Proposed herein is a new game engine which addresses these shortcomings. This paper details the architectures for and current progress towards implementing this game engine.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {205231,
author = {Clark Taylor and Pablo Arias and Jim Klopchic and Celeste Matarazzo and Evi Dube},
title = {{CTF}: {State-of-the-Art} and Building the Next Generation},
booktitle = {2017 USENIX Workshop on Advances in Security Education (ASE 17)},
year = {2017},
address = {Vancouver, BC},
url = {https://www.usenix.org/conference/ase17/workshop-program/presentation/taylor},
publisher = {USENIX Association},
month = aug