World's Biggest Student Cyber Security Competition Comes to Brooklyn

BROOKLYN, New York--On the morning of Friday, November 14, 2014, as most student finalists sit down to begin competing in the annual Cyber Security Awareness Week (CSAW) competition at the New York University Polytechnic School of Engineering, hundreds of hackers will be finishing the night shift of a fast and furious 36-hour battle to win the signature Capture The Flag contest in the world’s biggest computer security event for students.

Now in its 11th year, the NYU CSAW contests bring hundreds of students from around the country—victors from among nearly 20,000 across the globe who participated online—for a four-day hackfest and conference that touches every aspect of the computer security field.

From Capture The Flag, a test of application security skills, to the Embedded Security Challenge, which pits students against malicious hardware attacks, and a public policy competition challenging students to devise new measures to reduce security risks, CSAW is the largest and most comprehensive collection of computer security education challenges on the planet.

Although most of the students won’t gather together until the evening of Thursday, November 13, when they will hear Yahoo Chief Information Security Officer Alex Stamos deliver the opening keynote, more than 18,000 cyber security contestants will have already participated in the central challenge of CSAW—the Capture The Flag (CTF) Competition. CTF consists of a series of application security challenges that test students’ offensive and defensive hacking abilities, earning them “flags” as they overcome each hurdle.

This year’s CTF is the largest event of its kind in CSAW history and the largest CTF anywhere, ever.  Now, 15 finalist teams representing 17 universities—along with a single high school student whose skill landed him on a college team—will converge in Brooklyn for the long fight to win the NYU CSAW CTF.  Members of the most unusual team, named OpenToAll, met on Reddit just days before the preliminaries and surprised judges with their high score because CTF’s typically require extraordinary teamwork. CTF competitions are widely viewed as critical training exercises for students wishing to enter the computer security field.

The CSAW CTF finalist teams are:

• PPP2, Carnegie Mellon University (Pittsburgh)
• PPP1, Carnegie Mellon University (Pittsburgh)       
• Shellphish, University of California, Santa Barbara  and Northeastern University (Boston)        
• CISSP Groupies, École de Technologie Supérieure (Montreal, Canada)
• UIUCTF, University of Illinois at Urbana-Champaign           
• RPISEC, Rensselaer Polytechnic Institute (Troy, New York)
• KnightSec, University of Central Florida (Orlando)
• Ad Victoriam, University of Toronto    
• 1064CBread, University of California, Santa Barbara, Dos Pueblos High School (Goleta, California), California Institute of Technology (Pasadena), University of Illinois at Urbana–Champaign
• Knights of the Lambda Calculus, Massachusetts Institute of Technology (Cambridge)     
• SIGINT, University of California, San Diego (La Jolla)            
• DCI-ETS, École de Technologie Supérieure
• GNU E-ducks, The Evergreen State College (Olympia, Washington)
• OpenToAll, Stony Brook University (Stony Brook, New York), Hagerstown Community College (Hagerstown, Maryland), Palomar College (San Marcos, California) and University of Wisconsin Colleges (Reedsburg, Wisconsin)
• Bits For Everyone, United States Military Academy (West Point, New York) 

NYU CSAW 2014 also marks the largest number of high school participants joining the High School Forensics Competition, a challenge designed specifically for just-hatched hackers. Players are given the electronic “evidence” of a fictitious crime, and must use their knowledge of rootkit detection and analysis, steganography, file carving, and live system forensics to solve the crime. Their prizes? Up to $56,000 in scholarships for each of the first-place team members, and significant scholarship winnings for runners up and finalists, as well as awards for their schools’ science programs. Twelve teams of finalists, including two from Dubai, United Arab Emirates, that competed as part of an international pilot, will come together in Brooklyn to crack the case.

The High School Forensics Competition team finalists are:

• nezorg, Dos Pueblos High School (Goleta, California)
• \x43\x41\x4d\x53, California Academy of Mathematics and Science (Long Beach, California)
• Caerus, Emirates International School (Meadows, Dubai, UAE)
• Sudo Bang! Bang!, Illinois Mathematics and Science Academy (Aurora)
• Windowless White Van, Illinois Mathematics and Science Academy
• CplusPython, Leland High School (San Jose, California)
• Cyber Piledrivers, Montgomery Blair High School (Silver Spring, Maryland)
• PHS 1437, Poolesville High School (Poolesville, Maryland)
• PHS Gtown Squad, Poolesville High School
• X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*, Pocono Mountain East High School (Swiftwater, Pennsylvania)
• Team Name Here, DPS Dubai (Dubai, UAE)
• xD, Thomas Jefferson High School for Science and Technology (Alexandria,Virginia)

Software hacking and defense skills comprise the bulk of the CSAW games, but one of the most crucial—and most difficult—aspects of modern cyber security is hardware cyber security. Secure and trustworthy hardware platforms underlie everything from credit card safety to traffic monitoring systems and even missile control. The Embedded Security Challenge at CSAW sent students to the drawing board with the task of using next generation semiconductor technologies to create new, secure hardware platforms. The ten most promising proposals will be displayed at CSAW. This year, the entrants into what is arguably the most advanced sector of CSAW nearly doubled, a testament to the growing interest and expertise in this much-needed hardware cyber security career field.

Embedded Security Challenge finalists teams are:

• uiuc_embedded, University of Illinois at Urbana-Champaign
• LOGICS, University of South Florida (Tampa)
• UTSA, University of Texas at San Antonio
• SSL@UCF, University of Central Florida (Orlando)
• RIT NanoComputing, Rochester Institute of Technology (New York)
• SECurity Researchers in Emerging Technology (SECRET), University of South Florida
• Vanderbilt, Vanderbilt University (Nashville, Tennessee)
• Wildcats, University of New Hampshire (Durham)
• Kung Pao Chicken, University of Pittsburgh
• Nanoscape_CWRU, Case Western Reserve University (Cleveland, Ohio)

CSAW is known as the gathering place for the top young security researchers because of the Best Applied Research competition: Only those who have published research in top-notch, peer-reviewed journals or scholarly conferences need apply. From these students--typically doctoral candidates--ten finalists were selected, and they will present their research to a panel of noted security experts. The Applied Research finalists for 2014 are:

• Xiaoyong Zhou and Muhammad Naveed, University of Illinois at Urbana-Champaign, “The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations”
• Deian Stefan, Stanford University (California), “Protecting Users by Confining JavaScript with COWL”
• Suman Jana, The University of Texas at Austin, “Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations”
• Frederico Araujo, The University of Texas at Dallas,“From Patches to Honey-Patches: Lightweight Attacker-Misdirection, Deception, and Disinformation”
• Vasileios Kemerlis, Columbia University (New York) “ret2dir: Rethinking Kernel Isolation”
• Yeongjin Jang, Georgia Institute of Technology (Atlanta), “Gyrus: A Framework for User-Intent Monitoring of Text-Based Networked Applications”
• Danny Yuxing Huang, University of California, San Diego, “Botcoin: Monetizing Stolen Cycles”
• Young Sam Park, University of Maryland, College Park, “Targeted Nigerian Scams on Craigslist”
• Venkatanathan Varadarajan, University of Wisconsin, “Scheduler-based Defenses against Cross-VM Side-channels”
• Xiao Wang, University of Maryland, “Oblivious Data Structures”

For the first time this year, the CSAW games will feature a Policy Competition. Students will be judged on their proposals for public policy changes that address the security issues with the Internet of Things. Five finalist teams will pitch their ideas to a panel of industry experts live at CSAW.

Policy Competition finalists are:

• Naveed, University of Illinois at Urbana-Champaign
• [REDACTED], University of Illinois Urbana-Champaign
• FrostByte, United States Naval Academy (Annapolis, Maryland)
• Team USNA, United States Naval Academy
• The White Covers, United States Naval Academy

All CSAW participants are eligible to join what is undoubtedly the most boisterous element of the competition: the DHS Security Quiz, sponsored by the U.S. Department of Homeland Security. Designed as a quiz show-style trivia showdown, the DHS Security Quiz pushes contestants to produce lightning-fast answers to questions ranging from the highly technical to the hilarious, from cryptography and malware to pop culture references and news events in the security field. Preliminary rounds throughout CSAW yield a cadre of finalist teams who face off on the final day of the competition.

CSAW was founded by Professor Memon and students, for students, but it has grown in the past decade to become a valuable venue for security professionals to learn and connect, and for security-oriented companies to recruit talent. Three major elements of CSAW 2014 cater to the professional security community and to companies seeking to boost their security personnel.

Opening on Wednesday night, November 12, will be the inaugural speed-education workshops: 25-minute sessions by top professionals offering insights into today’s biggest information security issues.

The following morning, the CSAW THREADS conference opens. The two-day intensive conference tackles a single hot topic in security each year, exploring it in depth and presenting the newest research in the area. This year’s theme is automation. More than a dozen top researchers will present work designed to integrate security into modern software development and operations with a focus on automation, integration, detection, and response time. Presenters hail from White Ops, Facebook, Twitter, Yelp, Intel, GitHub, Harvard and more, and National Security Agency Chief of Tailored Access Operations Rob Joyce will deliver the keynote address.

Computer security professionals are some of the most sought-after employees, and President Obama has referred to the nation’s shortage of cyber security experts as a national crisis. The CSAW Career Fair introduces security students to hiring managers at top-tier companies, and gives employers the edge in finding new talent.

Sponsor participation in the CSAW games is crucial, and the 2014 competition benefits from the support of a record 33 partners, many of whom participate in the Career Fair. Gold Sponsor is the U.S. Department of Homeland Security; Silver Sponsors are GitHub and Yahoo; Bronze Sponsors are Bank of America, Facebook, Lockheed Martin, National Security Agency, NCC Group North America, Palantir, and Raytheon; and Supporting Sponsors are Accuvant, BlackRock, Cigital, CipherTechs, FireEye, Goldman Sachs, Intel, Microsoft, MIT Lincoln Laboratory, Motorola, NAVAIR, Ntrepid, Phoenix Contact, PwC, Qualcomm, RSA,   Sandia National Laboratories, SilverSky, Stroz Friedberg, Trail of Bits,
Two Sigma, United States Secret Service and Yelp.

CSAW is supported by the NYU School of Engineering’s Information Systems and Internet Security Laboratory, a security research environment where students gain a unique perspective and a foundation that allows them to master any area of cyber security. The lab is run solely by students and advised by hackers-in-residence and industry partners. Support also comes from the school’s Enterprise Learning unit, New York Information Security Meetup, and Peerlyst.

The NYU School of Engineering was one of the first universities to develop a cyber security program, launching its master’s degree in cyber security in 1999. Since then, alumni have advanced to careers as security product developers, security application programmers, security analysts, penetration testers, vulnerability analysts, and security architects. The school also offers numerous cyber security courses and extracurricular opportunities for undergraduates. It has received all three Center of Excellence designations from the National Security Agency and the United States Cyber Command. Its cyber security program was previously singled out by the Sloan Consortium as the outstanding graduate online program.

For more information, visit https://csaw.isis.poly.edu.