Security CTF Problems For Beginning Developers Of Low-Resource Real-Time Embedded Systems Software

As our society’s reliance on automations increases, so does the importance of the security of the embedded systems that control these automations. Unfortunately, there is currently a scarcity in educational material for embedded systems security due to the area’s relative nascency. In this thesis, we explore how to design Capture The Flag (CTF) problems that showcase common beginner mistakes in embedded systems programming. We started by designing a storyline that involves a protagonist and her companion robot, which runs on a low-resource real-time embedded system. As it happens, the programming of this robot contains multiple subtle mistakes that would allow the antagonists in our story to become saboteurs. The goal of the learners is to role-play as the antagonists and discover how to generate malicious inputs that trigger these mistakes. Our effort to date has generated 5 CTF problems, each featuring a FreeRTOS program that implements the corresponding scenario. Our programs utilize the ocial FreeRTOS POSIX/Linux Simulator so that they can run on any traditional Linux server. This approach eliminates the need to access embedded hardware when playing our CTF problems, thus allowing our effort to scale to a large number of learners and support remote learning.