2017 Fiscal Year Research-status Report
CyTrONE: Cyber Range Framework for Effective Cybersecurity Training
| Project/Area Number |
17K00478
|
|---|
| Research Institution | Japan Advanced Institute of Science and Technology |
|---|
Principal Investigator |
BEURAN Razvan 北陸先端科学技術大学院大学, 先端科学技術研究科, 特任准教授 (40771788)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
知念 賢一 北陸先端科学技術大学院大学, 先端科学技術研究科, 特任准教授 (20304157)
|
|---|
| Project Period (FY) |
2017-04-01 – 2020-03-31
|
| Keywords | cybersecurity training / integrated framework |
|---|
| Outline of Annual Research Achievements |
According to the initial plan, in FY2017 we had two main research directions:
1. Training framework development, with focus on the prototype implementation of the framework. This task was completed as planned, and we currently have a working prototype and some sample training content that demonstrate the feasibility of our approach. Moreover, the preliminary versions of all the framework components were released on GitHub as open source (see https://github.com/crond-jaist).
2. Investigation of the information sources and formats that will be used in the training database. This task was completed as well, and we concluded that the most promising format for representing incidents is STIX (Structured Threat Information eXpression, see https://stixproject.github.io/), while IODEF (Incident Object Description Exchange Format, see https://www.ietf.org/rfc/rfc5070.txt) is also a good alternative. Regarding vulnerabilities, general information can be obtained from a database such as the one called "CVE Details" (see https://www.cvedetails.com). Moreover, we could confirm that conducting the attacks related to certain vulnerabilities can be done via the tool called Metasploit (https://www.metasploit.com/).
Note that in order to create the working prototype described at 1., we have also began the implementation of the module that integrates our framework with the Moodle LMS, activity that was initially planned for FY2018. We also published one conference paper that presents the use of some of the above techniques for interactive training.
|
| Current Status of Research Progress |
Current Status of Research Progress
1: Research has progressed more than it was originally planned.
Reason
The main challenge in FY2017 was the implementation of the framework, so that the CyRIS cyber range instantiation system it integrated within the overall architecture. Given that CyRIS has also been developed by members of our group, we were able to receive advice very quickly about how to proceed with the implementation. As a consequence, in addition to the above task, we were also able to start the implementation of the the module that integrates our framework with the Moodle LMS, temporarily named "cnt2lms" (training content to LMS converter). Since this activity was initially planned for FY2018, being able to start it earlier made it possible for us to progress more smoothly than initially planned.
Regarding the training database, we had smooth progress regarding the representation formats for incidents and vulnerability databases. We were also able to learn relatively easily how to use Metasploit, and to implement a prototype system that puts together these components in order to achieve an interactive training experience.
|
| Strategy for Future Research Activity |
In FY2018 we plan to continue following the initial plan as described next:
1. We shall continue working on the integration of our framework with the Moodle LMS by implementing the necessary functionality needed in order to provide a satisfactory user experience both for the instructors and the trainees. We expect that this will be done by a combination of Python and other script languages with PHP programs, given that PHP is the language used to implement Moodle.
2. We shall also start concentrating on populating the training database with content from the sources investigated in FY2017, and implement the necessary processing/conversion steps that are required to unify the information in a machine-readable format. We also plan to add more content to the scenario database, mainly focusing on the requirements for the education and training of university students and young IT professionals.
An issue that we shall have to address in FY2018 in the context of item 2. is how to obtain automatically the actual packages associated with various vulnerabilities in the CVE database. Preliminary investigations have shown that old packages with vulnerabilities and their dependencies are difficult to retrieve from current online repositories. Consequently we may not be able to fully automate this process, and some manual downloading/processing steps may be required, followed by a scripted installation/compilation procedure.
|
| Causes of Carryover |
The incurring amount to be used in the next fiscal year was mainly caused by labor costs which were lower than expected because one of the students employed in this project could not fully work the planned time due to personal reasons. This incurring amount will be used as labor expenses in FY2018, and no deviation from project progress is expected.
|
| Remarks |
The website of the Cyber Range Organization and Design Chair on GitHub, where our framework's source code is being made publicly available.
|
