Hasso-Plattner-Institut
 
    • de
 

Introduction

Practical hands-on security lab has been an important part for security related education. However, to design, build, configure, and maintain such labs is always a challenging task for most of instructors or tutors. On the other hand, there are currently no good methods avail-able to monitor and finally evaluate students' behaviors and performance on the tasks.


In this project, we research on general concepts and approaches in the area of cloud automation andSoftware Defined Network (SDN) and address the above mentioned challenges by proposing an integrated, comprehensive, and easy-to-use platform where instructors can define and manage network security labs in a convenient way. A generic method to formally specify the assigned lab scenarios is presented. Within the specification, such real world IT entities as hosts, switches, and firewalls, etc., as well as their connectivity are modelled. The specification can be created and edited through a graphic user interface and then saved in a repository. Driven by the text based specification, the virtual network corresponding to the scenario can be automatically constructed by assigning, configuring and connecting the required Virtual Machines (VM) on the fly. Students' behaviors and other real time lab information are monitored by the integrated information gatherers and visualized by an integrated Attack Graph (AG) engine. Students’ performance can be evaluated according to the state of AG which they have actually reached.

Deliverable

Team

  • Dr. Feng Cheng
  • Marian Gawron, M.Sc.