Skip To Main Content
Two members of Texas A&M University's embedded capture the flag team working on their laptops during a practice session.
The Texas A&M University team competed with high school and university teams from across the United States, Singapore, England and India in the MITRE Corporation’s 2022 Embedded Capture the Flag competition, a two-phase competition where participants are challenged to create a secure system for an embedded device and learn from their mistakes. | Image: Courtesy of Martin Carlisle

A team of students from Texas A&M University placed third in the MITRE Corporation’s 2022 Embedded Capture the Flag (eCTF) competition.

This year, 32 high school and university teams from across the United States, Singapore, England and India competed.

"I am really pleased to see Texas A&M students consistently excelling in this competition, keeping pace with competitors from top schools like MIT and Carnegie Mellon,” said Dr. Martin Carlisle, professor of practice in the Department of Computer Science and Engineering and the team’s faculty advisor. “This is our third year competing, and each year we have been one of the top teams."

The eCTF is a semester-long, two-phase competition where participants are challenged to create a secure system for an embedded device and learn from their mistakes. Its focus on securing embedded systems, like mobile devices and GPS systems, and inclusion of a design-and-build phase set it apart from traditional capture the flag competitions.

This year, the teams were challenged to design a secure bootloader for an avionic device system, which refers to electronic systems used on aircraft, satellites and spacecraft. The system had to be able to protect aircraft mission secrets and intellectual property while in untrusted environments. As an additional challenge, it also had to have the ability to counter supply chain threats such as hardware Trojans.

A bootloader is a small program that verifies and loads all relevant operating system data when a computer/device is turned on. It’s responsible for ensuring that malicious operating systems do not run and providing a secure mechanism through which the operating system can be updated.

Using the programming language Rust, the team verified that a trusted machine had signed the operating system in their bootloader. They also used encryption to make sure that attackers with the ability to see when an update is delivered to the device could not gain access to proprietary secrets. Their use of Rust and secure design principles led them to earn a Fortress Award, which is given to the team whose defenses last the longest.

"MITRE eCTF is something I never thought I’d be a part of, but I’m so glad to have been,” said computer science student Emily Murphy. “I learned a ton about what embedded systems are, how to design a secure one and how we can attack others. It was a real application of how the security of these systems can have a huge impact."

The teams were recognized in a virtual awards ceremony on April 27.

The members of this year’s team included: Abhishek Bhattacharyya (general engineering), Justin Block (electronic systems engineering technology), Ryan Brasseaux (computer engineering), Cormac Cupples (computer engineering), Liam Haber (computer science), Danny Hernandez (technology management), Luke Loera (computer science), Nathan Nguyen (computer science and applied mathematical sciences), Mark Poveda (general engineering), Bode Raymond (computing), Lane Simmons (general engineering), Anna Slater (computer engineering), Derek Viet (computer engineering) and Rohan Viswanathan (computer science).