ACES student and alumnus have paper accepted at conference

news story image

Kevin Bock ‘17 and George Hughey ‘19, along with their professor Dave Levin in the Computer Science department, are presenting their paper, “King of the Hill: A Novel Cybersecurity Competition for Teaching Penetration Testing,” at the USENIX Advances in Security Education (ASE) on August 13.

Their paper presents a novel type of cybersecurity competition, called King of the Hill, that they originally created and used for the ACES Competition Team. Kevin said, “There are many existing types of cybersecurity competitions (Attack/Defense, BuildItBreakIt, Jeopardy CTF, etc), but none are particularly well suited for training or teaching many aspects of penetration testing. We developed King of the Hill as a new kind of cybersecurity competition that would help students learn more skills specific to penetration testing.”

While the earlier versions of King of the Hill were a fun exercise for the ACES Competition Team, they realized it could be much more broadly applicable. Kevin taught HACS408T Penetration Testing for ACES this past spring, and George was a teaching assistant for the class. While preparing for the class, they realized how useful this tool could be.

Kevin said, “We built it up and added more to the competition specifically for the class, and expanded on the competition.”

And the class had a very positive reaction to King of the Hill.

“The class overall really got into the competition and the project,” Kevin said, “and I was impressed and proud of the class! Students put an amazing amount of work and developed some incredibly powerful (and scary) tools for it - from custom compiled shells to covert backdoors to deeply embedded rootkits. They put in a tremendous amount of work and effort, and the class engagement made the competition fun and exciting!”

George added, “I'd like to stress that some of the tools we saw ACES students create were really awesome and imaginative, and they helped to make the exercise exciting!”

It wasn’t until they saw the call for papers for the conference that they considered writing a paper so others could run the same competition. Kevin said, “We thought [ASE] would be a good home for the work and a good way to share the approach with other cybersecurity educators.”

To follow along with the conference, follow @USENIXSecurity on Twitter or the hashtags #usesec18 and #ase18.

To learn more about the conference, visit

Published July 26, 2018