publication . Article . 2017

Security Scenario Generator (SecGen): A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events

Schreuders, ZC; Shaw, T; Shan-A-Khuda, M; Ravichandran, G; Keighley, J; Ordean, M;
Open Access English
  • Published: 14 Aug 2017
  • Publisher: USENIX Association
  • Country: United Kingdom
Abstract
Computer security students benefit from hands-on experience applying security tools and techniques to attack and defend vulnerable systems. Virtual machines (VMs) provide an effective way of sharing targets for hacking. However, developing these hacking challenges is time consuming, and once created, essentially static. That is, once the challenge has been "solved" there is no remaining challenge for the student, and if the challenge is created for a competition or assessment, the challenge cannot be reused without risking plagiarism, and collusion. Security Scenario Generator (SecGen) can build complex VMs based on randomised scenarios, with a number of diverse...
Related Organizations
Download from
35 references, page 1 of 3

[1] A. Mansurov, “A CTF-Based Approach in Information Security Education: An Extracurricular Activity in Teaching Students at Altai State University, Russia,” Modern Applied Science, vol. 10, no. 11, p. 159, Aug. 2016. [OpenAIRE]

[2] T. Chothia and C. Novakovic, “An Offline Capture The Flag-Style Virtual Machine and an Assessment of Its Value for Cybersecurity Education,” in 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15), Washington, D.C., 2015.

[3] C. Eagle and J. L. Clark, “Capture-the-Flag: Learning Computer Security Under Fire,” Jul. 2004.

[4] “Vulnerable By Design ~ VulnHub.” [Online]. Available: https://www.vulnhub.com/. [Accessed: 05-May-2017].

[5] N. Childers et al., “Organizing Large Scale Hacking Competitions,” in Proceedings of the 7th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Berlin, Heidelberg, 2010, pp. 132- 152.

[6] W. Feng, “A Scaffolded, Metamorphic CTF for Reverse Engineering,” in 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15), Washington, D.C., 2015.

[7] J. Burket, P. Chapman, T. Becker, C. Ganas, and D. Brumley, “Automatic Problem Generation for Capture-the-Flag Competitions,” in 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15), Washington, D.C., 2015.

[8] DEF CON Communications, Inc., “DEF CON Hacking Conference - Capture the Flag Archive,” https://www.defcon.org/html/links/dc-ctf.html, 2013. [Online]. Available: https://www.defcon.org/html/links/dc-ctf.html. [Accessed: 17-Dec-2013].

[9] K. Chung and J. Cohen, “Learning Obstacles in the Capture The Flag Model,” in 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14), San Diego, CA, 2014.

[10] E. Gavas, N. Memon, and D. Britton, “Winning Cybersecurity One Challenge at a Time,” IEEE Security Privacy, vol. 10, no. 4, pp. 75-79, Jul. 2012.

[11] “RuCTF.” [Online]. Available: https://ructf.org/index.en.html. [Accessed: 05- May-2017].

[12] P. Chapman, J. Burket, and D. Brumley, “PicoCTF: A Game-Based Computer Security Competition for High School Students,” in 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14), San Diego, CA, 2014.

[13] “Ghost in the Shellcode.” [Online]. Available: http://ghostintheshellcode.com/. [Accessed: 05- May-2017].

[14] “Codegate CTF.” [Online]. Available: http://ctf.codegate.org. [Accessed: 05-May-2017].

[15] G. Vigna et al., “Ten Years of iCTF: The Good, The Bad, and The Ugly,” in 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14), San Diego, CA, 2014.

35 references, page 1 of 3
Abstract
Computer security students benefit from hands-on experience applying security tools and techniques to attack and defend vulnerable systems. Virtual machines (VMs) provide an effective way of sharing targets for hacking. However, developing these hacking challenges is time consuming, and once created, essentially static. That is, once the challenge has been "solved" there is no remaining challenge for the student, and if the challenge is created for a competition or assessment, the challenge cannot be reused without risking plagiarism, and collusion. Security Scenario Generator (SecGen) can build complex VMs based on randomised scenarios, with a number of diverse...
Related Organizations
Download from
35 references, page 1 of 3

[1] A. Mansurov, “A CTF-Based Approach in Information Security Education: An Extracurricular Activity in Teaching Students at Altai State University, Russia,” Modern Applied Science, vol. 10, no. 11, p. 159, Aug. 2016. [OpenAIRE]

[2] T. Chothia and C. Novakovic, “An Offline Capture The Flag-Style Virtual Machine and an Assessment of Its Value for Cybersecurity Education,” in 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15), Washington, D.C., 2015.

[3] C. Eagle and J. L. Clark, “Capture-the-Flag: Learning Computer Security Under Fire,” Jul. 2004.

[4] “Vulnerable By Design ~ VulnHub.” [Online]. Available: https://www.vulnhub.com/. [Accessed: 05-May-2017].

[5] N. Childers et al., “Organizing Large Scale Hacking Competitions,” in Proceedings of the 7th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Berlin, Heidelberg, 2010, pp. 132- 152.

[6] W. Feng, “A Scaffolded, Metamorphic CTF for Reverse Engineering,” in 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15), Washington, D.C., 2015.

[7] J. Burket, P. Chapman, T. Becker, C. Ganas, and D. Brumley, “Automatic Problem Generation for Capture-the-Flag Competitions,” in 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15), Washington, D.C., 2015.

[8] DEF CON Communications, Inc., “DEF CON Hacking Conference - Capture the Flag Archive,” https://www.defcon.org/html/links/dc-ctf.html, 2013. [Online]. Available: https://www.defcon.org/html/links/dc-ctf.html. [Accessed: 17-Dec-2013].

[9] K. Chung and J. Cohen, “Learning Obstacles in the Capture The Flag Model,” in 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14), San Diego, CA, 2014.

[10] E. Gavas, N. Memon, and D. Britton, “Winning Cybersecurity One Challenge at a Time,” IEEE Security Privacy, vol. 10, no. 4, pp. 75-79, Jul. 2012.

[11] “RuCTF.” [Online]. Available: https://ructf.org/index.en.html. [Accessed: 05- May-2017].

[12] P. Chapman, J. Burket, and D. Brumley, “PicoCTF: A Game-Based Computer Security Competition for High School Students,” in 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14), San Diego, CA, 2014.

[13] “Ghost in the Shellcode.” [Online]. Available: http://ghostintheshellcode.com/. [Accessed: 05- May-2017].

[14] “Codegate CTF.” [Online]. Available: http://ctf.codegate.org. [Accessed: 05-May-2017].

[15] G. Vigna et al., “Ten Years of iCTF: The Good, The Bad, and The Ugly,” in 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14), San Diego, CA, 2014.

35 references, page 1 of 3
Powered by OpenAIRE Research Graph
Any information missing or wrong?Report an Issue