Just reading the news is enough to understand how critical cybersecurity and cybersecurity-education have become. Many job positions remain unfilled due to a shortage of a skilled workforce, and universities have opened courses on cybersecurity-related topics to keep up with market demands. In turn, educators are reshaping their educational material and activities to cover both the standard theory of the field and the practice. However, organizing hands-on cybersecurity training is laborious and time consuming. We present Chad, a tool we developed to support instructors in the development and deployment of practical cybersecurity exercises. Chad, an open-source project written in Python, allows teachers to generate multiple different instances of an exercise, guaranteeing that they all share the same difficulty and require the same knowledge to be solved. Our tool also supports the testing of generated exercises, and their deployment, by leveraging technologies like Docker, Wireguard and iptables. Chad has been integrated with Github classroom and field-tested, during a.y. 2021/2022, in the context of a university course on binary analysis. However, its adoption is not limited to such topics or formal education. Indeed, the Github repository contains examples of reversingengineering challenges for Linux and Windows, and a simple web challenge.

Automatic Challenge Generation for Hands-on Cybersecurity Training

Lagorio, Giovanni;Ribaudo, Marina
2022-01-01

Abstract

Just reading the news is enough to understand how critical cybersecurity and cybersecurity-education have become. Many job positions remain unfilled due to a shortage of a skilled workforce, and universities have opened courses on cybersecurity-related topics to keep up with market demands. In turn, educators are reshaping their educational material and activities to cover both the standard theory of the field and the practice. However, organizing hands-on cybersecurity training is laborious and time consuming. We present Chad, a tool we developed to support instructors in the development and deployment of practical cybersecurity exercises. Chad, an open-source project written in Python, allows teachers to generate multiple different instances of an exercise, guaranteeing that they all share the same difficulty and require the same knowledge to be solved. Our tool also supports the testing of generated exercises, and their deployment, by leveraging technologies like Docker, Wireguard and iptables. Chad has been integrated with Github classroom and field-tested, during a.y. 2021/2022, in the context of a university course on binary analysis. However, its adoption is not limited to such topics or formal education. Indeed, the Github repository contains examples of reversingengineering challenges for Linux and Windows, and a simple web challenge.
File in questo prodotto:
File Dimensione Formato  
Automatic_Challenge_Generation_for_Hands-on_Cybersecurity_Training.pdf

accesso chiuso

Descrizione: Contributo in atti di convegno
Tipologia: Documento in Post-print
Dimensione 170.1 kB
Formato Adobe PDF
170.1 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11567/1093339
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact