Skip to main content
SpringerLink
Log in

Sandboxing the Cyberspace for Cybersecurity Education and Learning

  • Conference paper
  • First Online:
Computer Security (ESORICS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12580))

Included in the following conference series:

Abstract

Deploying the appropriate digital environment for conducting cybersecurity exercises can be challenging and typically requires a lot of effort and system resources. Usually, for deploying vulnerable webservices and setting up labs for hands-on cybersecurity exercises to take place, more configuration is required along with technical expertise. Containerization techniques and solutions provide less overhead and can be used instead of virtualization techniques to revise the existing approaches. Furthermore, it is important to sandbox or replicate existing systems or services for the cybersecurity exercises to be realistic. To address such challenges, we conducted a performance evaluation of some of the existing deployment techniques to analyze their benefits and drawbacks. We tested techniques relevant to containerization or MicroVMs that include less overhead instead of the regular virtualization techniques to provide meaningful and comparable results from the deployment of scalable solutions, demonstrating their benefits and drawbacks. Towards this direction, we present a use case for deploying cybersecurity exercises that requires less effort and moderate system resources. By using the deployed components, we provide a baseline proposal for monitoring the progress of the participants using a host-based intrusion system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://docker.com/.

  2. 2.

    https://github.com/firecracker-microvm/firecracker/.

  3. 3.

    https://github.com/rancher/vm/.

  4. 4.

    https://seedsecuritylabs.org/.

  5. 5.

    https://enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/.

  6. 6.

    https://hackthebox.eu/.

  7. 7.

    https://tryhackme.com/.

  8. 8.

    https://vulnhub.com/.

  9. 9.

    https://kali.org/.

  10. 10.

    https://hub.docker.com/r/vulnerables/web-dvwa/.

  11. 11.

    https://hub.docker.com/r/webgoat/webgoat-8.0/.

  12. 12.

    https://github.com/weaveworks/ignite/.

  13. 13.

    https://github.com/akopytov/sysbench/.

  14. 14.

    https://wiki.ubuntu.com/Kernel/Reference/stress-ng/.

  15. 15.

    https://novabench.com/.

  16. 16.

    https://github.com/docker-archive/communitytools-image2docker-win.

  17. 17.

    https://vmware.com/.

  18. 18.

    https://virtualbox.org/.

  19. 19.

    https://wazuh.com/.

References

  1. Childers, N., et al.: Organizing large scale hacking competitions. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 132–152. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14215-4_8

    Chapter  Google Scholar 

  2. Irvine, C.E., Michael, F., Khosalim, J.: Labtainers: a framework for parameterized cybersecurity labs using containers(2017)

    Google Scholar 

  3. Schreuders, Z.C., Shaw, T., Shan-A-Khuda, M., Ravichandran, G., Keighley, J., Or-dean, M.: Security scenario generator (SecGen): a framework for generating randomly vulnerable rich-scenario VMs for learning computer security and hosting CTF events. In: ASE 2017 (2017)

    Google Scholar 

  4. Hay, B., Dodge, R., Nance, K.: Using virtualization to create and deploy computer security lab exercises. In: Jajodia, S., Samarati, P., Cimato, S. (eds.) SEC 2008. ITIFIP, vol. 278, pp. 621–635. Springer, Boston, MA (2008). https://doi.org/10.1007/978-0-387-09699-5_40

    Chapter  Google Scholar 

  5. Tsiakas, K., Abujelala, M., Rajavenkatanarayanan, A., Makedon, F.: User skill assessment using informative interfaces for personalized robot-assisted training. In: Zaphiris, P., Ioannou, A. (eds.) LCT 2018. LNCS, vol. 10925, pp. 88–98. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91152-6_7

  6. Furnell, S., Fischer, P., Finch, A.: Can’t get the staff? The growing need for cyber-security skills. Comput. Fraud Secur. 2017, 5–10 (2017)

    Google Scholar 

  7. Burley, D.L.: Special section: Cybersecurity education, Part 2. ACM Inroads. 6, 58–59 (2015)

    Article  Google Scholar 

  8. Baldassarre, M.T., Barletta, V.S., Caivano, D., Raguseo, D., Scalera, M.: Teaching cyber security: the hack-space integrated model. In: CEUR Workshop Proceedings, vol. 2315 (2019)

    Google Scholar 

  9. Zimmerman, C.: Cybersecurity Operations Center (2014)

    Google Scholar 

  10. Debatty, T., Mees, W.: Building a cyber range for training CyberDefense situation awareness. In: 2019 International Conference on Military Communications and Information Systems, ICMCIS 2019, pp. 1–6 (2019)

    Google Scholar 

  11. Beltran, M., Calvo, M., Gonzalez, S.: Experiences using capture the flag competitions to introduce gamification in undergraduate computer security labs. In: Proceedings - 2018 International Conference on Computational Science and Computational Intelligence, CSCI 2018, pp. 574–579 (2018)

    Google Scholar 

  12. Thompson, M.F., Irvine, C.E.: Individualizing cybersecurity lab exercises with labtainers. IEEE Secur. Priv. 16, 91–95 (2018)

    Article  Google Scholar 

  13. AlSalamah, A.K., Cámara, J.M.S., Kelly, S.: Applying virtualization and containerization techniques in cybersecurity education. In: Proceedings of the 34th Information Systems Education Conference, ISECON 2018, pp. 1–14 (2018)

    Google Scholar 

  14. Perrone, G., Romano, S.P.: The docker security playground: a hands-on approach to the study of network security. In: 2017 Principles, Systems and Applications of IP Tele-communications, IPTComm 2017, September 2017, pp. 1–8 (2017)

    Google Scholar 

  15. Yin, Y., Shao, Y., Wang, X., Su, Q.: A flexible cyber security experimentation plat-form architecture based on docker. In: Proceedings - Companion of the 19th IEEE Inter-national Conference on Software Quality, Reliability and Security, QRS-C 2019, pp. 413–420 (2019)

    Google Scholar 

  16. Du, W.: SEED: hands-on lab exercises for computer security education. IEEE Secur. Priv. 9, 70–73 (2011)

    Article  Google Scholar 

  17. Baillie, C., Standen, M., Schwartz, J., Docking, M., Bowman, D., Kim, J.: CybORG: an autonomous cyber operations research gym (2020)

    Google Scholar 

  18. Costa, G., Russo, E., Armando, A.: Automating the generation of cyber range virtual scenarios with VSDL (2020)

    Google Scholar 

  19. Chaskos, E.C.: Cyber-security training: a comparative analysis of cyber- ranges and emerging trends, 78 (2019)

    Google Scholar 

  20. Vykopal, J., Vizvary, M., Oslejsek, R., Celeda, P., Tovarnak, D.: Lessons learned from complex hands-on defence exercises in a cyber range. In: Proceedings - Frontiers in Education Conference, FIE, October 2017, pp. 1–8 (2017)

    Google Scholar 

  21. Jamalpur, S., Navya, Y.S., Raja, P., Tagore, G., Rao, G.R.K.: Dynamic malware analysis using cuckoo sandbox. In: Proceedings of the International Conference on Inventive Communication and Computational Technologies, ICICCT 2018, pp. 1056–1060 (2018)

    Google Scholar 

  22. Keahey, K., Doering, K., Foster, I.: From sandbox to playground: dynamic virtual environments in the grid. In: Proceedings - IEEE/ACM International Workshop on Grid Computing, vol. 3, pp. 34–42 (2004)

    Google Scholar 

Download references

Acknowledgments

This work is performed as part of the SPHINX project that has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No. 826183 on Digital Society, Trust & Cyber Security E-Health, Well-being, and Ageing. The funding body have not participated in the elaboration of this research paper.

Author information

Authors and Affiliations

  1. Department of Informatics, Ionian University, Plateia Tsirigoti 7, 49100, Corfu, Greece

    Stylianos Karagiannis, Emmanouil Magkos & Christoforos Ntantogian

  2. PDM&FC, R. Fradesso da Silveira, 4-1B, 1300-609, Lisbon, Portugal

    Luís L. Ribeiro

Authors
  1. Stylianos Karagiannis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanouil Magkos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christoforos Ntantogian
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Luís L. Ribeiro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stylianos Karagiannis .

Editor information

Editors and Affiliations

  1. University of Surrey, Guildford, UK

    Ioana Boureanu

  2. University of Surrey, Guildford, UK

    Constantin Cătălin Drăgan

  3. University of Surrey, Guildford, UK

    Mark Manulis

  4. Technical University of Denmark, Kongens Lyngby, Denmark

    Thanassis Giannetsos

  5. Ionian University, Kerkira, Greece

    Christoforos Dadoyan

  6. UBITECH Ltd., Chalandri, Greece

    Panagiotis Gouvas

  7. Dartmouth College and Naval Information Warfare Center, Hanover, NH, USA

    Roger A. Hallman

  8. University of Kent, Canterbury, Kent, UK

    Shujun Li

  9. Teessside University, Middlesbrough, UK

    Victor Chang

  10. Technical University of Berlin, Berlin, Germany

    Frank Pallas

  11. Alexander von Humboldt Institute for Internet and Society, Berlin, Germany

    Jörg Pohle

  12. Ruhr University Bochum, Bochum, Germany

    Angela Sasse

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Karagiannis, S., Magkos, E., Ntantogian, C., Ribeiro, L.L. (2020). Sandboxing the Cyberspace for Cybersecurity Education and Learning. In: Boureanu, I., et al. Computer Security. ESORICS 2020. Lecture Notes in Computer Science(), vol 12580. Springer, Cham. https://doi.org/10.1007/978-3-030-66504-3_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-66504-3_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-66503-6

  • Online ISBN: 978-3-030-66504-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation