Computer security competitions in which teams competitively attack and defend programs in real time are powerful training vehicles, but they are costly to organize and run. The same problem arises in the case of cybersecurity education since practical exercises are hard to design and, once exploited, they cannot be reused by the same students. In this preliminary work, we propose the use of flow-based programming - and specifically the Node-RED tool - to semi-automatically generate resources for cybersecurity competitions and training. The long term goal is defining a library of modules which can be easily combined to build a pool of fresh exercises, which are injected with different vulnerabilities, but at the same time maintain similar levels of difficulty.
Semi-automatic Generation of Cybersecurity Exercises: A Preliminary Proposal
Ribaudo, Marina;Valenza, Andrea
2019-01-01
Abstract
Computer security competitions in which teams competitively attack and defend programs in real time are powerful training vehicles, but they are costly to organize and run. The same problem arises in the case of cybersecurity education since practical exercises are hard to design and, once exploited, they cannot be reused by the same students. In this preliminary work, we propose the use of flow-based programming - and specifically the Node-RED tool - to semi-automatically generate resources for cybersecurity competitions and training. The long term goal is defining a library of modules which can be easily combined to build a pool of fresh exercises, which are injected with different vulnerabilities, but at the same time maintain similar levels of difficulty.
| File | Dimensione | Formato | |
|---|---|---|---|
|
ensembleCR.pdf
accesso chiuso
Tipologia:
Documento in versione editoriale
Dimensione
704.34 kB
Formato
Adobe PDF
|
704.34 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
