Poster Session¶
Info
Join the poster session on April 22 from 2-3:30PM ET on Gather.Town at https://app.gather.town/events/nbkSe1h6QC-Xz4udRag0
Each team is invited to submit a poster that highlights the unique design decisions and attack strategies that they used in this year’s eCTF. On Monday, April 22 2024, teams will get the opportunity to discuss their posters during a virtual poster session on Gather.Town (details about the event will be posted in Slack). Additionally, your poster will be reviewed by a panel of judges and awarded points based upon the criteria described below. Posters can score up to 1000 points total. Exemplary posters may be granted additional special awards and may be printed and put on display during the Award Ceremony.
Submission¶
To submit your poster, please upload both the PowerPoint and the PDF of the poster in a message in your private Slack channel and tag the organizers by 11:59 PM Eastern on Thursday, April 18 2024.
Poster Requirements¶
Download the poster template here.
The poster should consist of three main parts: one for providing an overview of your system, one for describing an element of your design, and one for describing an element of your Attack Phase experience or plans. The poster itself should primarily be a visual aid - consisting of diagrams, flow graphs, etc. - with some helpful text to introduce or discuss your graphics.
Part 1: Design Overview¶
This part should give the reader a high-level understanding of your design’s security architecture. Show the main features and functions of your design, and briefly explain how they work together to meet the security requirements. An exemplary design overview would include the following:
A brief protocol description
A high-level summary of software and hardware security features
A brief explanation of how the features work together to meet the security requirements
Part 2: Design-Phase Defensive Highlight¶
This part should highlight security measures that worked well, measures that could have been improved upon, or measures that teams wanted to develop but did not pursue for various reason. Teams should select a single measure to discuss in detail. An exemplary defensive highlight would include the following:
Why you decided to include (or try to include) this security measure in your design
What your defensive feature is (or was) supposed to accomplish
Why it worked (or didn’t)
How you could build upon this feature in the future to create an even more secure design
Part 3: Attack-Phase Offensive Highlight¶
This part should highlight interesting or novel attacks that were developed. Write-ups on attacks that were ultimately unsuccessful in capturing flag points, but still interesting, are welcome. This is your opportunity to highlight work that you did to develop an interesting attack, even if it did not reward you with flag points. Teams that did not make it into the Attack Phase may discuss an attack they prepared for or considered. Teams should choose a single attack and describe it in detail. An exemplary offensive highlight would include the following:
What security vulnerabilities the attack exploited
Why the attack was (or wasn’t) successful. You should explain your work in enough detail for the reader to reproduce the attack (code snippets are allowed) 3. A proposed fix to the code that would prevent your attack from working. The fix should be described in enough detail for the reader to implement themselves
Important
Do not include the names of teams in your poster!
Style Guidance¶
Download the poster template here.
Poster Formatting¶
We have provided the above poster template to use when writing your submission. To keep the posters uniform, please use the formatting in the template. You may rearrange the layout as needed but use the same border spacing as the template (0.5” margins and a 0.5” spacing between sections). Invisible rectangles are included in the template to help keep you aligned. You can make them visible by clicking the margins to select the group and changing the shape fill to a color. For font, please use Arial (20pt for the text boxes, 18pt for the references) and Arial Black (40pt for the headers and 24pt for the reference header). Use the template colors to the extent possible. Your graphics will look better and may earn you more points if you stick with the color scheme, but there are certainly valid exceptions to this rule.
The entire poster should fit on the page size provided in the template. Any text or images past the one- page poster will not be considered during judging. It is up to you how you divide the space to present each of the parts.
While you may include your school or team name, do not include your school logo or any other trademarked or copyrighted logo or image.
Aside from the poster title, do not mention specific teams in your poster (including yourself). For example, if MITRE was a team participating, do not say “We attacked MITRE’s design by doing…”, instead, say “We attacked one design by doing…”. All writeups will be anonymous during judging.
Judging¶
The judging panel will consist of technical experts with significant industry experience in cybersecurity and embedded systems. The judges will review each of the submitted posters during the virtual poster session and evaluate their completeness and quality. The judges will also consider technical creativity, clarity, and approachability.
We ask that you clearly explain how your overall architecture and defensive/offensive highlights relate to the security requirements, and what security properties these highlights provide/bypass. Someone who is not an expert with this year’s challenge should be able to understand why you made the choices you made, and how they contribute to the system. A deeply technical defense mechanism/attack that is not explained well will likely not score as well as a less-technical defense mechanism/attack with a better explanation.
Points will be awarded based on a percentage of the 1000 points available multiplied by the average judge score on a scale of 0 to 1.