TY - GEN
T1 - PWN The Learning Curve
T2 - 55th ACM Technical Symposium on Computer Science Education, SIGCSE 2024
AU - Nelson, Connor
AU - Shoshitaishvili, Yan
N1 - Publisher Copyright:
© 2024 ACM.
PY - 2024/3/7
Y1 - 2024/3/7
N2 - We address the pressing need for effective and scalable cybersecurity education methodologies for undergraduate students. While Capture The Flag (CTF) challenges have been instrumental for some learners, for many novices CTF challenges are simply too difficult and too intimidating to be pedagogically effective. By dissecting and individually presenting these concepts through modularized challenges, we introduce a progressive learning curve that allows students to master complex vulnerabilities, even culminating in crafting advanced end-to-end exploits through both userspace and the kernel. Recognizing the learning barriers imposed by debugging and introspection tools, our method uniquely offers self-guiding challenge variants, effectively decoupling problem-solving from tool mastery. Drawing from five years of curating around 400 systems security challenges, this paper details our insights and experiences, emphasizing the pivotal role of an education-first approach over traditional CTFs. Our methodology's success is underscored by our survey results, with an overwhelming majority of participants acknowledging its pivotal role in deepening their cybersecurity understanding. Furthermore, we have successfully leveraged this material as the foundational content for a follow-on vulnerability research course, where freshly-trained students successfully identified 0-day vulnerabilities in real-world software. As a commitment to global education, we make all challenges and accompanying lecture materials discussed herein freely, and easily, accessible to the world.
AB - We address the pressing need for effective and scalable cybersecurity education methodologies for undergraduate students. While Capture The Flag (CTF) challenges have been instrumental for some learners, for many novices CTF challenges are simply too difficult and too intimidating to be pedagogically effective. By dissecting and individually presenting these concepts through modularized challenges, we introduce a progressive learning curve that allows students to master complex vulnerabilities, even culminating in crafting advanced end-to-end exploits through both userspace and the kernel. Recognizing the learning barriers imposed by debugging and introspection tools, our method uniquely offers self-guiding challenge variants, effectively decoupling problem-solving from tool mastery. Drawing from five years of curating around 400 systems security challenges, this paper details our insights and experiences, emphasizing the pivotal role of an education-first approach over traditional CTFs. Our methodology's success is underscored by our survey results, with an overwhelming majority of participants acknowledging its pivotal role in deepening their cybersecurity understanding. Furthermore, we have successfully leveraged this material as the foundational content for a follow-on vulnerability research course, where freshly-trained students successfully identified 0-day vulnerabilities in real-world software. As a commitment to global education, we make all challenges and accompanying lecture materials discussed herein freely, and easily, accessible to the world.
KW - binary exploitation
KW - capture the flag
KW - challenge design
KW - cybersecurity education
KW - dynamic challenge generation
UR - http://www.scopus.com/inward/record.url?scp=85189348332&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85189348332&partnerID=8YFLogxK
U2 - 10.1145/3626252.3630912
DO - 10.1145/3626252.3630912
M3 - Conference contribution
AN - SCOPUS:85189348332
T3 - SIGCSE 2024 - Proceedings of the 55th ACM Technical Symposium on Computer Science Education
SP - 937
EP - 943
BT - SIGCSE 2024 - Proceedings of the 55th ACM Technical Symposium on Computer Science Education
PB - Association for Computing Machinery, Inc
Y2 - 20 March 2024 through 23 March 2024
ER -