Defcon Capture the Flag: Defending Vulnerable Code from Intense Attack

نویسندگان

Crispin Cowan

Seth Arnold

Steve Beattie

Chris Wright

John Viega

چکیده

Defcon’s Capture the Flag (CtF) game is the largest open computer security hacking game. This year’s CtF hat rules that made it particularly difficult to be a successful defender. We entered an Immunix server, comprised of five years of IA&S, OASIS, FTN, and CHATS technologies, to see whether this system could survive sustained attack from determined experts. We describe our experience surviving Defcon CtF.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Scalable and Lightweight CTF Infrastructures Using Application Containers

Attack-defence Capture The Flag (CTF) competitions are effective pedagogic platforms to teach secure coding practices due to the interactive and real-world experiences they provide to the contest participants. Two of the key challenges that prevent widespread adoption of such contests are: 1) The game infrastructure is highly resource intensive requiring dedication of significant hardware resou...

متن کامل

Watch What You Write: Preventing Cross-Site Scripting by Observing Program Output

We introduce a dynamic technique for defending web applications that would otherwise be vulnerable to cross-site scripting attacks. Our method is comprised of two phases: an attack-free training period where we capture the normal behavior of the application in the form of a set of likely program invariants, and an indefinite period of time spent in a potentially hostile environment where we che...

متن کامل

Partitioners Track: Generating Security Vulnerabilities in Source Code

This paper describes a framework, which modifies existing source code to generate security issues. An example plugin for generating SQL injection in Java source code is described. The generation process is based on static code analysis techniques like dataflow analysis and abstract syntax trees. The framework is evaluated with the help of Java projects from GitHub. One modified project was succ...

متن کامل

Mitigating Node Capture Attack in Random Key Distribution Schemes through Key Deletion

Random Key Distribution (RKD) schemes have been widely accepted to enable low-cost secure communications in Wireless Sensor Networks (WSNs). However, efficiency of secure link establishment comes with the risk of compromised communications between benign nodes by adversaries who physically capture sensor nodes. The challenge is to enhance resilience of WSN against node capture, while maintainin...

متن کامل

Forcement Learning Agents

We introduce two novel tactics for adversarial attack on deep reinforcement learning (RL) agents: strategically-timed and enchanting attack. For strategicallytimed attack, our method selectively forces the deep RL agent to take the least likely action. For enchanting attack, our method lures the agent to a target state by staging a sequence of adversarial attacks. We show that DQN and A3C agent...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2003

Defcon Capture the Flag: Defending Vulnerable Code from Intense Attack

نویسندگان

چکیده

منابع مشابه

Scalable and Lightweight CTF Infrastructures Using Application Containers

Watch What You Write: Preventing Cross-Site Scripting by Observing Program Output

Partitioners Track: Generating Security Vulnerabilities in Source Code

Mitigating Node Capture Attack in Random Key Distribution Schemes through Key Deletion

Forcement Learning Agents

عنوان ژورنال:

اشتراک گذاری