KYPO Cyber Range: Design and Use Cases

The physical and cyber worlds are increasingly intertwined and exposed to cyber attacks. The KYPO cyber range provides complex cyber systems and networks in a virtualized, fully controlled and monitored environment. Time-efficient and cost-effective deployment is feasible using cloud resources instead of a dedicated hardware infrastructure. This paper describes the design decisions made during it’s development. We prepared a set of use cases to evaluate the proposed design decisions and to demonstrate the key features of the KYPO cyber range. It was especially cyber training sessions and exercises with hundreds of participants which provided invaluable feedback for KYPO platform development

The Role of a Microservice Architecture on cybersecurity and operational resilience in critical systems

Critical systems are characterized by their high degree of intolerance to threats, in other words, their high level of resilience, because depending on the context in which the system is inserted, the slightest failure could imply significant damage, whether in economic terms, or loss of reputation, of information, of infrastructure, of the environment, or human life. The security of such systems is traditionally associated with legacy infrastructures and data centers that are monolithic, which translates into increasingly high evolution and protection challenges. In the current context of rapid transformation where the variety of threats to systems has been consistently increasing, this dissertation aims to carry out a compatibility study of the microservice architecture, which is denoted by its characteristics such as resilience, scalability, modifiability and technological heterogeneity, being flexible in structural adaptations, and in rapidly evolving and highly complex settings, making it suited for agile environments. It also explores what response artificial intelligence, more specifically machine learning, can provide in a context of security and monitorability when combined with a simple banking system that adopts the microservice architecture.Os sistemas críticos são caracterizados pelo seu elevado grau de intolerância às ameaças, por outras palavras, o seu alto nível de resiliência, pois dependendo do contexto onde se insere o sistema, a mínima falha poderá implicar danos significativos, seja em termos económicos, de perda de reputação, de informação, de infraestrutura, de ambiente, ou de vida humana. A segurança informática de tais sistemas está tradicionalmente associada a infraestruturas e data centers legacy, ou seja, de natureza monolítica, o que se traduz em desafios de evolução e proteção cada vez mais elevados. No contexto atual de rápida transformação, onde as variedades de ameaças aos sistemas têm vindo consistentemente a aumentar, esta dissertação visa realizar um estudo de compatibilidade da arquitetura de microserviços, que se denota pelas suas caraterísticas tais como a resiliência, escalabilidade, modificabilidade e heterogeneidade tecnológica, sendo flexível em adaptações estruturais, e em cenários de rápida evolução e elevada complexidade, tornando-a adequada a ambientes ágeis. Explora também a resposta que a inteligência artificial, mais concretamente, machine learning, pode dar num contexto de segurança e monitorabilidade quando combinado com um simples sistema bancário que adota uma arquitetura de microserviços

Designing a Modern Software Engineering Training Program with Cloud Computing

The software engineering industry is trending towards cloud computing. For our project, we assessed the various tools and practices used in modern software development. The main goals of this project were to create a reference model for developing cloud-based applications, to program a functional cloud-based prototype, and to develop an accompanying training manual. These materials will be incorporated into the software engineering courses at WPI, namely CS 3733 and CS 509

Gotham Testbed: a Reproducible IoT Testbed for Security Experiments and Dataset Generation

The scarcity of available Internet of Things (IoT) datasets remains a limiting factor in developing machine learning based security systems. Static datasets get outdated due to evolving IoT threat landscape. Meanwhile, the testbeds used to generate them are rarely published. This paper presents the Gotham testbed, a reproducible and flexible network security testbed, implemented as a middleware over the GNS3 emulator, that is extendable to accommodate new emulated devices, services or attackers. The testbed is used to build an IoT scenario composed of 100 emulated devices communicating via MQTT, CoAP and RTSP protocols in a topology composed of 30 switches and 10 routers. The scenario presents three threat actors, including the entire Mirai botnet lifecycle and additional red-teaming tools performing DoS, scanning and various attacks targeting the MQTT and CoAP protocols. The generated network traffic and application logs can be used to capture datasets containing legitimate and attacking traces. We hope that researchers can leverage the testbed and adapt it to include other types of devices and state-of-the-art attacks to generate new datasets that reflect the current threat landscape and IoT protocols. The source code to reproduce the scenario is publicly accessible

Serverless Vehicular Edge Computing for the Internet of Vehicles

Rapid growth in the popularity of smart vehicles and increasing demand for vehicle autonomy brings new opportunities for vehicular edge computing (VEC). VEC aims at offloading the time-sensitive computational load of connected vehicles to edge devices, e.g., roadside units. However, VEC offloading raises complex resource management challenges and, thus, remains largely inaccessible to automotive companies. Recently, serverless computing emerged as a convenient approach to the execution of functions without the hassle of infrastructure management. In this work, we propose the idea of serverless VEC as the execution paradigm for Internet of Vehicles applications. Further, we analyze its benefits and drawbacks as well as identify technology gaps. We also propose emulation as a design, evaluation, and experimentation methodology for serverless VEC solutions. Using our emulation toolkit, we validate the feasibility of serverless VEC for real-world traffic scenarios.We would like to thank Asama Qureshi for his contribution to the traffic visualizer application. We would also like to acknowledge support through the Australian Research Council's funded projects DP230100081 and FT180100140. This work is also partially supported by the Spanish Ministry of Economic Affairs and Digital Transformation, the European Union-NextGenerationEU through the UNICO 5G IþD SORUS project and by the NWO OffSense, EU Horizon Graph-Massivizer and CLOUDSTARS projects

Delivering Computer-Based Training Within State Prisons

Internet-connected devices are ubiquitous, and our built environment allows us to tap into formerly impossible solutions. As our world increasingly depends on technology to operate, one demographic cannot gain exposure to internet-connected devices or web-based educational programs: incarcerated individuals. The Department of Justice reports that 5 out of 6 State Prisoners are arrested and returned to prison within nine years of their initial release. Research shows that education is a pathway to reducing the U.S. prison population. Individuals who participated in any educational program are 43 percent less likely to return to prison.1 Prisons in the United States often partner with local organizations to provide job training and certification to incarcerated individuals, but few offer technical-vocational skills. Many programs rely exclusively on a partnership with a local college or lack the knowledge base to teach computer networking. By utilizing Docker containers to provide secure and isolated computerbased training, currently incarcerated individuals can increase their education beyond teacher-led classroom instruction. Providing computer access in prison presents significant security and accessibility challenges. The NIST Risk Management Framework implements proven cyber security access frameworks that help prevent unauthorized use. This study shows that combining robust cyber security frameworks with isolated Docker containers running the ToyNet learning suite helps break the cycle of recidivism among individuals incarcerated across the United States

Blockchain Security: Double-Spending Attack and Prevention

This thesis shows that distributed consensus systems based on proof of work are vulnerable to hashrate-based double-spending attacks due to abuse of majority rule. Through building a private fork of Litecoin and executing a double-spending attack this thesis examines the mechanics and principles behind the attack. This thesis also conducts a survey of preventative measures used to deter double-spending attacks, concluding that a decentralized peer-to-peer network using proof of work is best protected by the addition of an observer system whether internal or external