Development of a Cybersecurity Training System Based on SaaS
DOI:
https://doi.org/10.52731/liir.v005.189Keywords:
Cyber Range, cybersecurity, training system, cloud, SaaSAbstract
This study proposes the development of a cloud-based cyber attack and defense exercise system that enables practical cybersecurity exercises and experiences by using the Cyber Range environment built in a virtual space on the cloud via a local web browser. The platform and exercise programs will be developed on an open-source software platform built on the cloud as an ecosystem. The exercise contents will be developed using Docker, which has excellent portability, and attack and defense exercise scenarios will be produced as containers. By building the system in the cloud, this study proposes a platform that can be configured with various exercise scenarios independent of local PC performance. This study (1) develops a SaaS platform that can be connected to the cloud-based training environment via a web browser. (2) Enable users to interactively respond to attacks and defenses in a virtual space on the cloud in an internet environment. Finally, (3) The curriculums are structured based on microservices to be configured flexibly.
References
White Paper on Science, Technology, and Innovation 2021 (Provisional Translation) Toward Realizing Society 5.0, white paper, MEXT (Ministry of Education, Culture, Sports, Science and Technology, Japan), 2021.
E. Stolterman and A. C. Fors, “Information Technology and the Good Life,” In-formation Systems Research, vol. 143, 2004, pp. 687-692.
M. M. Yamin, B. Katt, and V. Gkioulos, “Cyber ranges and security testbeds: Sce-narios, functions, tools and architecture,” Computers & Security, vol. 88 (2020), art. no. 101636; doi.org/10.1016/j.cose.2019.101636.
D. Fenton, T. Traylor, G. Hokanson, and J. Straub, “Integrating cyber range tech-nologies and certification programs to improve cybersecurity training programs,” The Challenges of the Digital Transformation in Education, Springer, 2019, pp. 632-643.
K. E. Stewart, J. Humphries, and T. Andel, “Developing a virtualization platform for courses in networking, systems administration and cyber security education,” Proc. the 2009 Spring Simulation Multiconference, 2009, pp. 1-7.
R. Beuran, T. Inoue, Y. Tan, and Y. Shinoda, “Realistic cybersecurity training via scenario progression management,” Proc. IEEE Eur. Symp. Secur. Privacy Work-shops, 2019, pp. 67-76.
N. Maki et al., “An Effective Cybersecurity Exercises Platform CyExec and its Training Contents,” International Journal of Information and Education Technology, vol. 10, no. 3, 2020, pp. 215-221.
R. Nakata and A. Otsuka, “CyExec*: A High-Performance Container-Based Cyber Range With Scenario Randomization,” IEEE Access 9, 2021, pp. 109095-109114.
NRI Secure Technologies Ltd., “NRI Secure Insight 2022,” Feb. 2023;
https://www.nri-secure.co.jp/download/insight2022-report.
ISC2, “ISC2 Cybersecurity Workforce Study,” 2023; https://www.isc2.org/research.
Information Security White Paper 2023, white paper, IPA (Information-technology Promotion Agency, Japan), 2023.
IPA (Information-technology Promotion Agency, Japan), “Top 10 Threats to In-formation Security in 2023,” March 2023;
https://www.ipa.go.jp/security/10threats/ps6vr70000009r2f-att/kaisetsu_2023.pdf.
National Police Agency (Japan), “Threats to Cyberspace in 2022,” March 2023;
https://www.npa.go.jp/publications/statistics/cybersecurity/data/R04_cyber_jousei.pdf.
R. Beuran et al., “CyTrONE: An integrated cybersecurity training framework,” Proc. the 3rd Int’l Conf. Information Systems Security and Privacy (ICISSP 2017), 2017, pp. 157-166.
G. Erdogan et al., “Developing cyber-risk centric courses and training material for cyber ranges: A systematic approach,” Proc. of the 7th Int’l Conf. Information Systems Security and Privacy (ICISSP 2021), 2021, pp. 702-713.
IPA (Information-technology Promotion Agency, Japan), “Vulnerability Experi-ence Learning Tool AppGoat,” Aug. 2023;
