View
215
Download
0
Category
Tags:
Preview:
Citation preview
picoCTF: Teaching 10,000 High School Students to Hack
Peter Chapmanpeter@cmu.edu
1/15/2014Carnegie Mellon University
This material is based upon work supported by the National Science Foundation Graduate Research Fellowship under Grant No. 0946825.
2
Technology has the potential to truly revolutionize education by simultaneously reducing cost and increasing quality.
Founded Fall 2011
3
Udacity
2,500 Students over 400 Teams
Collegiate High Schools
4
Carnegie Mellon University2012
5
High School Computer Science Education
Eighty-two percent of surveyed U.S. millennials say no high school teacher or guidance counselor ever mentioned to them the idea of a career in cybersecurity.
Roughly 30,000 high students from 2,000 schools took the AP CS exam in 2013.
There is a nationwide shortage of computer security and computer science experts.
“It will take a national strategy, similar to the effort to upgrade science and mathematics education in the 1950’s, to meet this challenge.”
7
picoCTFA competition-based computer security educational experience targeting high school students.
Introduce real-world offensive and defensive skills to all backgrounds.
Build the event around an interactive game to motivate students and teachers.
8
Capture the Flag CompetitionsCTFs
[1]
DIGITAL
Open-Ended and Difficult
9
Traditional CTF Competitions
Cryptography
Digital Forensics
Reverse Engineering
Binary Exploitation
Web Security
10
picoCTF Goals
1. An authentic, fun, and interactive hacking experience.
2. Encourage students to pursue degrees of computer science, regardless of incoming background.
3. Nationally recognize and inspire top competitors to become industry leaders.
11
What is a hacker?
12
HACKER: someone who seeks and exploits weaknesses in a computer system or computer network.
13
Provides a service!
We make vending machines!
I made the case.
I designed the keypad.
14
Let’s meet Kelly.
15
Let’s meet Collin.
?
16
An Idea!
?
17
Checks denomination of coin by size.
Checks inserted object by size.
RealityExpectation
18
How to fix it?
Let‘s check the weight too.
19
Another Idea!
?Computer security is a back-and-forth between attackers
and defenders.
We refer to our assumptions about the attacker as our
'threat model’.
20
Why teach hacking?
HACKER: Someone that exploits the gap between what is expected and what is possible.
Understanding how to break systems is necessary in order to defend them well.
21
The Team
22
Entertainment Technology Center
Experts in game development and design.
23
April 26 7:00 AM EDT - May 6 11:59 PM EDT
A polished presentation to welcome students and add legitimacy.
24
25
26
Sponsors
27
Success!
1,938 Participating Teams
8-10,000 Students
The largest computer security competition ever held.
955 Participating Schools
57 Computer Security Challenges
28
955 different schools.
29
Unsolicited Message from Pennsylvania Teacher
Wow! I haven't seen something like this light the fire of such a wide range of students in my 22 years of teaching computer science… Neither robotics, ACSL, face-face or online traditional programming contests, Logo, Alice, block based languages a la Scratch or AppInventor, early HTML development, or any other single CS phenomenon has ever inspired so many students to fight to get access in the computer lab after school and ask me cerebral questions such as bit-wise arithmetic or syntax questions on languages they haven't learned in school!
THERE IS NO DOUBT IN MY MIND THAT THIS CONTEST WILL SINGLE-HANDEDLY ATTRACT MANY STUDENTS TO CAREERS IN CYBERSECURITY AND COMPUTER SCIENCE IN GENERAL!
30
picoCTF 2014
• Fall Competition Date• Focused Computer Security Curriculum and
Educational Content• Emerging Partnerships to Expand Scope• Team and Instructor Management• Robust Communication System
31
picoCTF
Largest computer security competition ever held.
• Polish and presentation matter at scale.• Leverage existing organizations
for support and growth.
32
Recommended