An Empirical Survey of Functions and Configurations of Open-Source Capture the Flag (CTF) Environments. (1st February 2020)
- Record Type:
- Journal Article
- Title:
- An Empirical Survey of Functions and Configurations of Open-Source Capture the Flag (CTF) Environments. (1st February 2020)
- Main Title:
- An Empirical Survey of Functions and Configurations of Open-Source Capture the Flag (CTF) Environments
- Authors:
- Kucek, Stela
Leitner, Maria - Abstract:
- Abstract: Capture the Flag (CTF) is a computer security competition that is generally used to give participants experience in securing (virtual) machines and responding to cyber attacks. CTF contests have been getting larger and are receiving many participants every year (e.g., DEFCON, NYU-CSAW). CTF competitions are typically hosted in virtual environments, specifically set up to fulfill the goals and scenarios of the CTF. This article investigates the underlying infrastructures and CTF environments, specifically open-source CTF environments. A systematic review is conducted to assess functionality and game configuration in CTF environments where the source code is available on the web (i.e., open-source software). In particular, from out of 28 CTF platforms, we found 12 open-source CTF environments. As four platforms were not installable for several reasons, we finally examined 8 open-source CTF environments ( PicoCTF, FacebookCTF, HackTheArch, WrathCTF, Pedagogic-CTF, RootTheBox, CTFd and Mellivora ) regarding their features and functions for hosting CTFs (e.g., scoring, statistics or supported challenge types) and providing game configurations (e.g., multiple flags, points, hint penalities). Surprisingly, while many platforms provide similar base functionality, game configurations between the platforms varied strongly. For example, hint penalty, time frames for solving challenges, limited number of attempts or dependencies between challenges are game options that mightAbstract: Capture the Flag (CTF) is a computer security competition that is generally used to give participants experience in securing (virtual) machines and responding to cyber attacks. CTF contests have been getting larger and are receiving many participants every year (e.g., DEFCON, NYU-CSAW). CTF competitions are typically hosted in virtual environments, specifically set up to fulfill the goals and scenarios of the CTF. This article investigates the underlying infrastructures and CTF environments, specifically open-source CTF environments. A systematic review is conducted to assess functionality and game configuration in CTF environments where the source code is available on the web (i.e., open-source software). In particular, from out of 28 CTF platforms, we found 12 open-source CTF environments. As four platforms were not installable for several reasons, we finally examined 8 open-source CTF environments ( PicoCTF, FacebookCTF, HackTheArch, WrathCTF, Pedagogic-CTF, RootTheBox, CTFd and Mellivora ) regarding their features and functions for hosting CTFs (e.g., scoring, statistics or supported challenge types) and providing game configurations (e.g., multiple flags, points, hint penalities). Surprisingly, while many platforms provide similar base functionality, game configurations between the platforms varied strongly. For example, hint penalty, time frames for solving challenges, limited number of attempts or dependencies between challenges are game options that might be relevant for potential CTF organizers and for choosing a technology. This article contributes to the general understanding of CTF software configurations and technology design and implementation. Potential CTF organizers and participants may use this as a reference for challenge configurations and technology utilization. Based on our analysis, we would like to further review commercial and other platforms in order to establish a golden standard for CTF environments and further contribute to a better understanding of CTF design and development. Highlights: Empirical Survey of open-source Capture The Flag (CTF) platforms. Out of 28 CTF Platforms, 12 open-source CTF environments were found. The review was conducted with 8 open-source CTF environments. Results showed a similar base functionality between all 8 platforms. Game configurations between 8 platforms varied strongly. … (more)
- Is Part Of:
- Journal of network and computer applications. Volume 151(2020)
- Journal:
- Journal of network and computer applications
- Issue:
- Volume 151(2020)
- Issue Display:
- Volume 151, Issue 2020 (2020)
- Year:
- 2020
- Volume:
- 151
- Issue:
- 2020
- Issue Sort Value:
- 2020-0151-2020-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-02-01
- Subjects:
- CTF -- Capture the Flag -- Cyber range -- Computer network operations -- Cyber security exercises -- Cyber security training
Microcomputers -- Periodicals
Computer networks -- Periodicals
Application software -- Periodicals
Micro-ordinateurs -- Périodiques
Réseaux d'ordinateurs -- Périodiques
Logiciels d'application -- Périodiques
Application software
Computer networks
Microcomputers
Periodicals
004.05
004 - Journal URLs:
- http://www.sciencedirect.com/science/journal/10848045 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.jnca.2019.102470 ↗
- Languages:
- English
- ISSNs:
- 1084-8045
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5021.410600
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 12807.xml