research-article

Nautilus: A Tool For Automated Deployment And Sharing Of Cyber Range Scenarios

Authors:

Giorgio Bernardinetti,

Stefano Iafrate,

Giuseppe BianchiAuthors Info & Claims

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

Article No.: 146, Pages 1 - 7

https://doi.org/10.1145/3465481.3469182

Published: 17 August 2021 Publication History

Get Access

Abstract

In any cybersecurity training program, a non-marginal fraction of the activities are usually devoted to ”hands-on” practice, typically in the form of vulnerable scenarios that the trainee must evaluate/penetrate. The manual setup and implementation of such training scenarios is a significant burden on trainers, and takes away valuable time. In order to automate this step and enable reuse of components or even entire scenarios, this paper proposes Nautilus, a Cyber Range with extended capabilities that at the same time provides a training environment and a ”marketplace” platform to share scenarios, pre-implemented vulnerabilities/CVEs, scripts, etc. Nautilus leverages advanced cloud technologies to semi-automate deployment of vulnerable configurations of virtualized networks and systems, provides a graphical interface and a scenario description language, and integrates easy-to-use data/knowledge sharing facilities. In this respect, we believe that Nautilus can foster collaboration among different training teams and programs, and stimulate less skilled trainers, which alone would have perhaps prepared only basic scenarios, to access and reuse more advanced exercises prepared by others. Finally, we preliminary show the effectiveness and ease of use of the Nautilus Cyber Range via the results of a (so far) small-scale usability test conducted among different prospective trainers.

References

[1]

2014. CVE-2014-6271. Retrieved April 2021 from https://www.cvedetails.com/cve/CVE-2014-6271/

Google Scholar

[2]

Shabeer Ahmad, Nicolò Maunero, and Paolo Prinetto. 2020. EVA: A Hybrid Cyber Range. In Proceedings of the Fourth Italian Conference on Cyber Security, Ancona, Italy, February 4th to 7th, 2020. http://ceur-ws.org/Vol-2597/paper-02.pdf

Google Scholar

[3]

Clark Evans and Brian Ingerson. 2021. YAML Ain’t Markup Language. Retrieved April 2021 from https://yaml.org/

Google Scholar

[4]

The Apache Software Foundation. [n.d.]. Apache. Retrieved April 2021 from https://httpd.apache.org/

Google Scholar

[5]

Hashicorp. 2021. Vagrant. Retrieved April 2021 from https://www.vagrantup.com/

Google Scholar

[6]

Alessandro P. Luise, Gaetano Perrone, Claudio Perrotta, and Simon P. Romano. 2021. On-demand deployment and orchestration of Cyber Ranges in the Cloud.

Google Scholar

[7]

NIST. 2021. Cyber Ranges. Retrieved April 2021 from https://www.nist.gov/system/files/documents/2018/02/13/cyber_ranges.pdf

Google Scholar

[8]

Apache ARIA TOSCA orchestration engine. 2021. ARIA TOSCA. Retrieved April 2021 from http://ariatosca.incubator.apache.org/

Google Scholar

[9]

OWASP. [n.d.]. Shellshock Vulnerability. Retrieved April 2021 from https://owasp.org/www-pdf-archive/Shellshock_-_Tudor_Enache.pdf

Google Scholar

[10]

PayloadsAllTheThings. [n.d.]. Reverse Shell Cheatsheet. Retrieved April 2021 from https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md

Google Scholar

[11]

RedHat. 2021. Ansible. Retrieved April 2021 from https://www.ansible.com/

Google Scholar

[12]

Enrico Russo, Gabriele Costa, and Alessandro Armando. 2020. Building next generation Cyber Ranges with CRACK. Computers & Security Volume 95 (04 2020). https://doi.org/10.1016/j.cose.2020.101837

Crossref

Google Scholar

[13]

V. E. Urias, W. M. S. Stout, B. Van Leeuwen, and H. Lin. 2018. Cyber Range Infrastructure Limitations and Needs of Tomorrow: A Position Paper. 2018 International Carnahan Conference on Security Technology (ICCST) (2018). https://doi.org/10.1109/CCST.2018.8585460

Crossref

Google Scholar

Cited By

View all

Zikos ISendros ADrosatos GEfraimidis P(2022)HFabD+M: A Web-based Platform for Automated Hyperledger Fabric Deployment and Management2022 IEEE 1st Global Emerging Technology Blockchain Forum: Blockchain & Beyond (iGETblockchain)10.1109/iGETblockchain56591.2022.10087061(1-6)Online publication date: 7-Nov-2022
https://doi.org/10.1109/iGETblockchain56591.2022.10087061
Caturano Fd'Ambrosio NPerrone GPrevidente LRomano S(2022)ExploitWP2Docker: a Platform for Automating the Generation of Vulnerable WordPress Environments for Cyber Ranges2022 International Conference on Electrical, Computer and Energy Technologies (ICECET)10.1109/ICECET55527.2022.9872859(1-7)Online publication date: 20-Jul-2022
https://doi.org/10.1109/ICECET55527.2022.9872859
Lee DKim DLee CAhn MLee W(2022)ICSTASY: An Integrated Cybersecurity Training System for Military PersonnelIEEE Access10.1109/ACCESS.2022.318238310(62232-62246)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3182383

Recommendations

Alpaca: Building Dynamic Cyber Ranges with Procedurally-Generated Vulnerability Lattices
ACMSE '19: Proceedings of the 2019 ACM Southeast Conference

Developing cyber ranges for cybersecurity penetration testing and capture-the-flag challenges is normally a time-consuming process. A good cyber range challenges practitioners to find obscure paths to break into a system. The cyber range should encourage ...
AIT Cyber Range: Flexible Cyber Security Environment for Exercises, Training and Research
EICC '20: Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference

With the evolution of threats and attacks and the speed of automation, new modern training and learning environments are needed to support the challenges of digital organizations and societies. In recent years, cyber ranges, i.e., virtual environments ...
Leaf: An open-source cybersecurity training platform for realistic edge-IoT scenarios
Abstract
The complexity of current cyber infrastructures requires specialized security-oriented skills to be acquired by a variety of different actors, in order to defend critical systems and sensitive data against emerging security threats and ...

Comments

Information & Contributors

Information

Published In

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

August 2021

1447 pages

ISBN:9781450390514

DOI:10.1145/3465481

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES 2021

ARES 2021: The 16th International Conference on Availability, Reliability and Security

August 17 - 20, 2021

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
244
Total Downloads

Downloads (Last 12 months)51
Downloads (Last 6 weeks)2

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Zikos ISendros ADrosatos GEfraimidis P(2022)HFabD+M: A Web-based Platform for Automated Hyperledger Fabric Deployment and Management2022 IEEE 1st Global Emerging Technology Blockchain Forum: Blockchain & Beyond (iGETblockchain)10.1109/iGETblockchain56591.2022.10087061(1-6)Online publication date: 7-Nov-2022
https://doi.org/10.1109/iGETblockchain56591.2022.10087061
Caturano Fd'Ambrosio NPerrone GPrevidente LRomano S(2022)ExploitWP2Docker: a Platform for Automating the Generation of Vulnerable WordPress Environments for Cyber Ranges2022 International Conference on Electrical, Computer and Energy Technologies (ICECET)10.1109/ICECET55527.2022.9872859(1-7)Online publication date: 20-Jul-2022
https://doi.org/10.1109/ICECET55527.2022.9872859
Lee DKim DLee CAhn MLee W(2022)ICSTASY: An Integrated Cybersecurity Training System for Military PersonnelIEEE Access10.1109/ACCESS.2022.318238310(62232-62246)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3182383

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Abstract

References

Cited By

Recommendations

Alpaca: Building Dynamic Cyber Ranges with Procedurally-Generated Vulnerability Lattices

AIT Cyber Range: Flexible Cyber Security Environment for Exercises, Training and Research

Leaf: An open-source cybersecurity training platform for realistic edge-IoT scenarios

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

HTML Format

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations