Student Competitions

U.S. Students Rule in Annual Student Cyber Security Challenge

• By Dian Schaffhauser
• 11/18/14

For the sixth year in a row Carnegie Mellon's students dominated the scoreboard for Capture the Flag at last week's 11th annual New York University Polytechnic School of Engineering Cyber Security Awareness Week (CSAW). The event drew hundreds of finalists from colleges and high schools across the country to compete in a number of security activities.

The Capture the Flag competition drew 15 teams of undergraduates, who had bested contestants from 75 countries in preliminary rounds. Carnegie Mellon's first and second place teams included one member, George Hotz, who is acknowledged to be the first person to unlock the iPhone. Rensselaer Polytechnic Institute finished in third place.

Members of the Rensselaer team ruled in first and second place in the Homeland Security Quiz, a game-show-style contest in which participants were queried on network security, cryptography, malware, protocols and programming and other topics. Third place was held by Catbug, a team of students — including one from high school — who had banded together from a NYU Polytechnic School of Engineering weekly hack night.

Students in a high school forensics challenge solved a fictitious data breach in a retail store using digital evidence, including an Android mobile phone, and their knowledge of rootkit detection and analysis and other techniques. A Poolesville High School team from Maryland took first place; Thomas Jefferson High School for Science and Technology in Virginia won second place; and Pocono Mountain East High School in Pennsylvania came in third. In that contest finalists accrued prizes for their school science programs as well as $10,000 scholarships to the New York U School of Engineering. Top winners earned even larger scholarships.

An embedded security challenge that tested the security and trustworthiness of hardware drew 10 student teams as finalists. The University of South Florida took first and third places and the University of Central Florida won second place.

A first-time security policy competition invited participants to develop and present research on the topic of how to protect interconnected electronic devices — including devices that don't yet exist — making up the Internet of Things. Two computer science master's degree students from the University of Illinois at Urbana-Champaign won first place in that event, followed by undergrads from the United States Naval Academy in second and third places.

An "applied research challenge" invited students who have published in a scientific journal or peer-reviewed conference to present their work to a panel of judges. First place went to a Columbia University student who wrote on the topic of "ret2dir: Rethinking Kernel Isolation." A University of Texas at Dallas student won second place for his paper, "From Patches to Honey-Patches: Lightweight Attacker-Misdirection, Deception and Disinformation." Third place went to two students from the University of Illinois at Urbana-Champaign, who researched the topic, "The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations."