Abstract
In the untacted era of the recent COVID-19 virus outbreak, the pedagogic value of Capture the Flag (CTF) has grown even more as an effective means for students to learn knowledge about the overall computer system and information security through active participation without facing the teacher. However, in the process of successfully introducing CTF into the classroom, educators may suffer a high burden due to factors such as time and economy in the process of crafting problems and operating CTFs. Accordingly, various studies have been conducted to reduce this burden. On the other hand, in introducing CTF to the classroom, the burden of educators also exists in the aspect of an in-depth evaluation of students’ academic achievement. This means that educators need to evaluate students’ academic abilities in-depth so that educators can provide clear feedback on the factors that caused students to fail. Through this, educators can effectively increase student learning efficiency by helping students correct their own weaknesses. The need for such detailed evaluation can be said to be quite high in the pwnable field, one of the representative fields of CTF. This is because pwnable requires participants to have a comprehensive understanding of overall program analysis, vulnerability, mitigation bypassing techniques, systems, and so on. However, the evaluation manner of the existing CTF is not suitable for an in-depth evaluation of students’ academic ability because they simply measure whether or not they solve problems in a pass and/or non-pass manner. Therefore, we designed a fine-grained evaluation CTF platform that aims to help educators provide precise evaluation and feedback on learners’ failure factors in an attempt by educators to introduce CTF into the classroom to educate pwnable to reduce the burden on educators in properly evaluating student’s Academic achievement.
Supported by the Institute for Information Communications Technology Promotion (IITP) of the Korea government (MSIT) [Grant No. 2018-0-00420, 2019-0-00273].
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Burket, J., Chapman, P., Becker, T., Ganas, C., Brumley, D.: Automatic problem generation for capture-the-flag competitions. In: 2015 \(\{\)USENIX\(\}\) Summit on Gaming, Games, and Gamification in Security Education (3GSE 15) (2015)
Chapman, P., Burket, J., Brumley, D.: Picoctf: A game-based computer security competition for high school students. In: 2014 \(\{\)USENIX\(\}\) Summit on Gaming, Games, and Gamification in Security Education (3GSE 14) (2014)
Chothia, T., Novakovic, C.: An offline capture the flag-style virtual machine and an assessment of its value for cybersecurity education. In: 2015 \(\{\)USENIX\(\}\) Summit on Gaming, Games, and Gamification in Security Education (3GSE 15) (2015)
ctfd: Ctfd. https://ctfd.io. Accessed 29 May 2020
daehee: pwnable.kr. http://pwnable.kr/. Accessed 29 May 2020
gdb: gdb. https://www.gnu.org/software/gdb/
hackthebox: hack the box. https://www.hackthebox.eu/. Accessed 29 May 2020
Hulin, P., et al.: Autoctf: creating diverse pwnables via automated bug injection. In: 11th \(\{\)USENIX\(\}\) Workshop on Offensive Technologies (\(\{\)WOOT\(\}\) 17) (2017)
ida: ida. https://www.hex-rays.com/products/ida/. Accessed 29 May 2020
llvm: Llvm project. https://llvm.org/docs/index.html. Accessed 29 May 2020
microsoft: debugging tools for windows. https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/. Accessed 29 May 2020
pwndbg: pwndbg. https://github.com/pwndbg/pwndbg. Accessed 29 May 2020
pwntools: pwntools. http://docs.pwntools.com/en/stable/. Accessed 29 May 2020
Rege, A.: Multidisciplinary experiential learning for holistic cybersecurity education, research and evaluation. In: 2015 \(\{\)USENIX\(\}\) Summit on Gaming, Games, and Gamification in Security Education (3GSE 15) (2015)
rootme: root me. https://www.root-me.org/. Accessed 29 May 2020
Vykopal, J., Barták, M.: On the design of security games: From frustrating to engaging learning. In: 2016 \(\{\)USENIX\(\}\) Workshop on Advances in Security Education (\(\{\)ASE\(\}\) 16) (2016)
Wi, S., Choi, J., Cha, S.K.: Git-based \(\{\)CTF\(\}\): A simple and effective approach to organizing in-course attack-and-defense security competition. In: 2018 \(\{\)USENIX\(\}\) Workshop on Advances in Security Education (\(\{\)ASE\(\}\) 18) (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Kim, SK., Jang, ET., Park, KW. (2020). Toward a Fine-Grained Evaluation of the Pwnable CTF. In: You, I. (eds) Information Security Applications. WISA 2020. Lecture Notes in Computer Science(), vol 12583. Springer, Cham. https://doi.org/10.1007/978-3-030-65299-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-65299-9_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65298-2
Online ISBN: 978-3-030-65299-9
eBook Packages: Computer ScienceComputer Science (R0)