November 11, 2010
Online capture the flag (CTF) competitions may not be a sport in the traditional sense, but they're just as competitive, just as arduous. The computer security war game requires each team or individual in the competition to find a key source of information by solving a host of challenging problems, with each competition lasting as long as 48 hours. And Carnegie Mellon's Plaid Parliament of Pwning (PPP) team, lead by Assistant Professor of ECE and Computer Science David Brumley, has pulled off a huge feat this semester, winning not just one or two of these grueling competitions, but three - and all since September.
The team of 15 electrical and computer engineering and computer science students began their CTF romp in September at RootedCon, an international competition that, like all CTF events, requires teams to solve a series of computer security programming challenges. Teams earn points based on the difficulty of the problem and the time it takes to solve it. RootedCon opened on a Friday and involved eight different websites that the teams needed to hack. While the competition can last up to a month, PPP took top honors by beating 180 other teams to the punch - solving all problems by Sunday afternoon.
After such a victory, a team might think about taking some time off or slowing down, but not so for PPP. On Oct. 13, the team entered HUST, an international CTF competition sponsored by the Korean Hongik University Security Team. While most other competitions - even the international ones - are generally in English, this one was in Korean. PPP's diversity proved instrumental in overcoming this barrier, and after 51 hours the team out-hacked 270 other teams from academia and industry to secure first place. It's the second year in a row PPP has taken top honors.
The team wrapped up its CTF sweep late last month, this time at a competition sponsored by Polytechnic Institute of New York University during cybersecurity awareness week (CSAW). CSAW teams comprise four students and, unlike in other competitions, they must be undergraduates. Brumley's group entered two teams into the prequalification round, and took first and second place. Those results earned the teams spots in the final round in New York City. The two teams won both first and second place in the final competition, as well as taking first and second place in an additional security quiz tournament. This is the second consecutive year that Carnegie Mellon teams have won the CSAW competition.
"The energy, tenacity and success of this team amazes me. Each member brings a wealth of computer science knowledge, which they pool together in a real team effort to solve difficult challenges very quickly. More importantly, they have lots of fun," said Brumley, who serves as the team's faculty sponsor.
Students and staff members involved in PPP's successes this semester include ECErs JongHyup Lee (postdoc), Sang Kil Cha (Ph.D.), Thanassis Averginos (Ph.D.), Ed Schwartz (Ph.D.), Jiyong Jang (Ph.D.), Matt Maurer (Ph.D.) and Matt Dickoff (junior); Computer Science Department students Brian Pak (senior), Tyler Nighswander (sophomore), Andrew Wesie (senior), David Kohlbrenner (senior), Chun Yu (senior), Ricky Zhou (junior) and Brent Lim (sophomore); and information systems student Tony Lee.
For more on the Plaid Parliament of Pwning, see the team's blog at http://ppp.cylab.cmu.edu.
Members of CMU's Plaid Parliament of Pwning capture the flag team.