Cybersecurity attacks are on the rise, and a competent workforce able to face real-life threats is urgently needed. Their training requires practical learning opportunities and, in particular, hands-on exercises. Cyber Defense Exercises (CDX) can meet the demand for realistic, hands-on training. Unfortunately, running a CDX requires dedicated infrastructures, namely Cyber Ranges, to host the training scenarios. Furthermore, building the computing infrastructure is only the first step. Indeed, the design, verification, and deployment of scenarios are costly and error-prone activities. The reason is that a misconfiguration in the scenario can compromise the exercise and the training goals. The result is that CDX of real-world complexity are so expensive that only a limited number of organizations can afford them. In this thesis, we consider the problem of designing an effective and usable Cyber Range capable of hosting training scenarios for the next generation of security experts. We start our investigation by reconsidering common training activities such as Capture the Flag (CTF) competitions. In particular, we present our experience with a non-formal training activity for university students that we organized. The goal was to test the overall effectiveness of acquired skills and analyze the challenge development process. By leveraging this experience, we focus on the implementation of a Cyber Range. We present CRACK, a framework for the (i) design, (ii) model-based verification, (iii) generation, and (iv) automated testing of cyber scenarios. At the core of our approach stands the Scenario Definition Language (SDL) that extends TOSCA, an OASIS standard for the specification and orchestration of virtual cloud infrastructures. Our SDL allows for the defining and formally verifying specification of the scenario elements and their interplay. Verified scenarios are automatically deployed and tested to check if they are ready to be played. Finally, we use our Cyber Range to create a scenario replicating a realistic system involving the use of the emerging Fog computing paradigm. As a side effect of this activity, we introduce DIOXIN, an extension of the considered Fog operating system that mitigates found weaknesses.
On the Design and Implementation of Next Generation Cyber Ranges
RUSSO, ENRICO
2021-01-20
Abstract
Cybersecurity attacks are on the rise, and a competent workforce able to face real-life threats is urgently needed. Their training requires practical learning opportunities and, in particular, hands-on exercises. Cyber Defense Exercises (CDX) can meet the demand for realistic, hands-on training. Unfortunately, running a CDX requires dedicated infrastructures, namely Cyber Ranges, to host the training scenarios. Furthermore, building the computing infrastructure is only the first step. Indeed, the design, verification, and deployment of scenarios are costly and error-prone activities. The reason is that a misconfiguration in the scenario can compromise the exercise and the training goals. The result is that CDX of real-world complexity are so expensive that only a limited number of organizations can afford them. In this thesis, we consider the problem of designing an effective and usable Cyber Range capable of hosting training scenarios for the next generation of security experts. We start our investigation by reconsidering common training activities such as Capture the Flag (CTF) competitions. In particular, we present our experience with a non-formal training activity for university students that we organized. The goal was to test the overall effectiveness of acquired skills and analyze the challenge development process. By leveraging this experience, we focus on the implementation of a Cyber Range. We present CRACK, a framework for the (i) design, (ii) model-based verification, (iii) generation, and (iv) automated testing of cyber scenarios. At the core of our approach stands the Scenario Definition Language (SDL) that extends TOSCA, an OASIS standard for the specification and orchestration of virtual cloud infrastructures. Our SDL allows for the defining and formally verifying specification of the scenario elements and their interplay. Verified scenarios are automatically deployed and tested to check if they are ready to be played. Finally, we use our Cyber Range to create a scenario replicating a realistic system involving the use of the emerging Fog computing paradigm. As a side effect of this activity, we introduce DIOXIN, an extension of the considered Fog operating system that mitigates found weaknesses.
| File | Dimensione | Formato | |
|---|---|---|---|
|
phdunige_2021791.pdf
accesso aperto
Tipologia:
Tesi di dottorato
Dimensione
4.07 MB
Formato
Adobe PDF
|
4.07 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
