Cybersecurity Knowledge and Skills Taught in Capture the Flag Challenges

Logo poskytovatele
Autoři

ŠVÁBENSKÝ Valdemar ČELEDA Pavel VYKOPAL Jan BRIŠÁKOVÁ Silvia

Rok publikování 2021
Druh Článek v odborném periodiku
Časopis / Zdroj Computers & Security
Fakulta / Pracoviště MU

Ústav výpočetní techniky

Citace
www
Doi http://dx.doi.org/10.1016/j.cose.2020.102154
Klíčová slova cybersecurity education; security training; capture the flag; curricular guidelines
Přiložené soubory
Popis Capture the Flag challenges are a popular form of cybersecurity education, where students solve hands-on tasks in an informal, game-like setting. The tasks feature diverse assignments, such as exploiting websites, cracking passwords, and breaching unsecured networks. However, it is unclear how the skills practiced by these challenges match formal cybersecurity curricula defined by security experts. We explain the significance of Capture the Flag challenges in cybersecurity training and analyze their 15,963 textual solutions collected since 2012. Based on keywords in the solutions, we map them to well-established ACM/IEEE curricular guidelines to understand which skills the challenges teach. We study the distribution of cybersecurity topics, their variance in different challenge formats, and their development over the past years. The analysis showed the prominence of technical knowledge about cryptography and network security, but human aspects, such as social engineering and cybersecurity awareness, are neglected. We discuss the implications of these results and relate them to contemporary literature. Our results indicate that future Capture the Flag challenges should include non-technical aspects to address the current advanced cyber threats and attract a broader audience to cybersecurity.
Související projekty:

Používáte starou verzi internetového prohlížeče. Doporučujeme aktualizovat Váš prohlížeč na nejnovější verzi.

Další info