Coltrane Technology
EDU Range (Cyber Range) Concept
An Educational Range (EDU-Range) aims to provide a flexible, customizable and scalable infrastructure in order to conduct educational activities (e.g., cyber exercises, cyber trainings). The objective of such events is to offer realistic scenarios in a secure infrastructure in order to teach the participants technical skills and a general awareness of cyber threats. Therefore, an EDU-Range should be highly flexible in order to adapt to different events, participants (e.g., students of different ages, prior knowledge) and scenarios.
Core motivation reasons for implementing a classical cyber range include:
- developing individual threat scenarios that can be hosted and executed in a planned way,
- enabling a flexible simulation infrastructure that could be customized for different occasions and customers, and
- enabling scalability from small to large scenarios and infrastructures.
From a technical perspective, these motivational reasons also apply to an EDU-Range. However, the type of events conducted on it differ from a conceptual perspective. While classical cyber ranges aim to conduct events appropriate for organisations to test and train their employees’ technical skills, cyber situational awareness and processes (incident response, emergency recovery, etc.), an EDU-Range has its main objective in education. It aims to be used in schools and universities in order to conduct events allowing to educate pupils and students. Therefore, it should serve as a platform to conduct realistic educational events in order to convey challenging teaching contents in a practical way. Langner et al. represent a teaching method using a cyber range as a central teaching tool, pursuing the objective of making cyber security education more realistic. A cyber range used in this context, is what we call an EDU-Range. It should adapt architecturally to different teaching contents, teaching concepts, courses, teachers, students and more in order to cater to most diverse needs individually and thus enable the best possible education. In order to satisfy this kind of usage, special technical and non-technical requirements must be considered. This includes, for example, the inclusion of trainers / teachers with an appropriate education on a non-technical side, or that the EDU-Range infrastructure should be clearly separated from other IT-systems on a technical side.
To understand underlying attack mechanisms, some basics are assumed to be known, like basics of HTML, PHP or SQL.
In order to understand the different attack vectors also in practice examples as virtual hackers are needed. For this purpose, there are many scenarios for training purposes, which deliberately offer security gaps in order to safely (in the technical as well as in the legal sense) test the theoretical knowledge. Google Gruyère can be seen as a pioneer, since it can be used directly via the browser without any further effort.
The first point of contact for assessing the frequency and danger of attack vectors is gathering independent information and, above all, best-practice instructions for averting danger. Looking at the top ten list of 2017, SQL Injection, for example, has been holding its own in the top three for more than 10 years, which begs the question of whether professionals have learned nothing in the last 10 years. It is therefore always important to carry out a risk assessment and to evaluate possible threats based on their potential impact.
The advantage of a virtual environment is the clear separation from the real operating system and the possibility to create snapshots of specific situations.
Technical requirements for EDU-Range
The EDU-Range consists of multiple modules that shall be loosely coupled to ensure every layer can be replaced with minimal impact on the rest of the stack. For example, software provisioning could be handled via a configuration management tool like Puppet or Chef as a drop-in replacement for Ansible.
Best practices like IaC (Infrastructure as Code) and a well-defined collaboration approach on a modern Version control systems (VCS) are the basis on which all technology decisions should be founded. IaC is increases reusability and development speed, through increased testability and easy collaboration features and practices that are well known and proofed from the world of software engineering.
The following example technology stack is completely Opensource technology and shows the AIT Cyber Range technology stack.
| Building Blocks | Example Technology | Description |
| Participant Access | noVNC | Technology to give low-threshold access to the EDU-Range for participants |
| Scenario Engine | – | Manages the scenario during its execution, participant management |
| Software Provisioning | Ansible, Packer | Provision scenarios and challenges for the participants |
| Infrastructure Provisioning | Terraform, Terragrunt, Ansible | Infrastructure provisioning via IaC providing IaaS and PaaS (Platform as a Service) functionality |
| Computing Platform | OpenStack, KVM | Hypervisor technology to host compute load of the infrastructure |
Collaborative Learning Space
SPOD stands for Social Platform for Open Data [1], it is a virtual place where citizens can meet, form on-line communities of interest and discuss topics using Open Data together with Public Administrations (PAs). SPOD is part of the project ROUTE-TO-PA (http://www.routetopa.eu), a three-years HORIZON 2020 European Funded project [2]. The SPOD platform makes available the main components, depicted in Figure 1: 1) SPOD Data Co-Creation: They are virtual rooms where small groups of participants can meet and collaboratively create datasets, contributing to the open data world. Each room has a shared spreadsheet that allows users to build new datasets from scratch or change existing datasets. It has a feature to upload an existing dataset in CSV format, and collaboratively change it to make improvements (i.e., improve the quality of data). Data Co-creation rooms have communication tools (i.e., an instant chat and a threaded chat tool) to enable coordination among users and users can create visualisations (i.e., charts) over the dataset. 2) Agora for the social discussions that enables discussions among small, medium and large groups of users that meet in rooms to publicly interpret data, create visualisations of Open Data, and collectively extract information. 3) SPOD introduces the Datalet concept as a component to visualise Open Data; 4) The Controllet allows the creation of open data visualisations guided by a user-friendly step-by-step wizard with the following three steps: a) select the dataset from the open data portal; b) select the fields, filter and group; c) choose the chart and configure it; 5) SPOD has a private space, named “My Space”, where the user can privately create visualisations, annotate texts and links. The idea is that the user can digest and analyse datasets by creating visualisations that will be used during discussions in the public room to support argumentation. Diffusion on SPOD platform is principally made possible by What’news, which appears on every user’s homepage surface recent friend activity such as profiles changes, share links, comment with datalets and posted notes.
User Guide
A User Manual of SPOD is step-by-step guide providing information on using the platform. It has an introduction to its primary functions, features, and troubleshooting in plain language to help non-technical people properly use SPOD.