Increasing security awareness is a popular defense strategy adopted by companies against cyber attacks. Testbeds that support the so called cybersecurity exercises, strongly rely on virtualization technologies to faithfully reproduce real world scenarios. OS virtualization has proved to be a good solution to improve scalability, but it draws the line on the categories of reproducible vulnerabilities. In this paper, we tackle the challenges arising from the introduction of OS virtualization. We propose a solution that allows to rely as much as possible on the use of containers, as well as integrate them with legacy virtualization approaches when the vulnerabilities to be emulated do not lend themselves to a container-based implementation. We use the Infrastructure-as-Code (IaC) paradigm to enable automation of both provisioning and configuration of the emulated scenarios, as well as integrate heterogeneous virtualization technologies. After showing the design and implementation of the proposed solution, we discuss how our approach leverages a cyber range instantiation platform, that can be designed and tested on a single laptop, before being deployed on an enterprise system infrastructure.
Capturing flags in a dynamically deployed microservices-based heterogeneous environment / Caturano, F.; Perrone, G.; Romano, S. P.. - (2020), pp. 1-7. (Intervento presentato al convegno 2020 Principles, Systems and Applications of IP Telecommunications, IPTComm 2020 tenutosi a usa nel 2020) [10.1109/IPTComm50535.2020.9261519].
Capturing flags in a dynamically deployed microservices-based heterogeneous environment
Caturano F.;Perrone G.;Romano S. P.
2020
Abstract
Increasing security awareness is a popular defense strategy adopted by companies against cyber attacks. Testbeds that support the so called cybersecurity exercises, strongly rely on virtualization technologies to faithfully reproduce real world scenarios. OS virtualization has proved to be a good solution to improve scalability, but it draws the line on the categories of reproducible vulnerabilities. In this paper, we tackle the challenges arising from the introduction of OS virtualization. We propose a solution that allows to rely as much as possible on the use of containers, as well as integrate them with legacy virtualization approaches when the vulnerabilities to be emulated do not lend themselves to a container-based implementation. We use the Infrastructure-as-Code (IaC) paradigm to enable automation of both provisioning and configuration of the emulated scenarios, as well as integrate heterogeneous virtualization technologies. After showing the design and implementation of the proposed solution, we discuss how our approach leverages a cyber range instantiation platform, that can be designed and tested on a single laptop, before being deployed on an enterprise system infrastructure.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
