{"title":"Semi-automatic generation of cybersecurity exercises: a preliminary proposal","authors":"M. Ribaudo, Andrea Valenza","doi":"10.1145/3340436.3342728","DOIUrl":null,"url":null,"abstract":"Computer security competitions in which teams competitively attack and defend programs in real time are powerful training vehicles, but they are costly to organize and run. The same problem arises in the case of cybersecurity education since practical exercises are hard to design and, once exploited, they cannot be reused by the same students. In this preliminary work, we propose the use of flow-based programming - and specifically the Node-RED tool - to semi-automatically generate resources for cybersecurity competitions and training. The long term goal is defining a library of modules which can be easily combined to build a pool of fresh exercises, which are injected with different vulnerabilities, but at the same time maintain similar levels of difficulty.","PeriodicalId":405534,"journal":{"name":"Proceedings of the 2nd ACM SIGSOFT International Workshop on Ensemble-Based Software Engineering for Modern Computing Platforms","volume":"218 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2nd ACM SIGSOFT International Workshop on Ensemble-Based Software Engineering for Modern Computing Platforms","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3340436.3342728","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
Computer security competitions in which teams competitively attack and defend programs in real time are powerful training vehicles, but they are costly to organize and run. The same problem arises in the case of cybersecurity education since practical exercises are hard to design and, once exploited, they cannot be reused by the same students. In this preliminary work, we propose the use of flow-based programming - and specifically the Node-RED tool - to semi-automatically generate resources for cybersecurity competitions and training. The long term goal is defining a library of modules which can be easily combined to build a pool of fresh exercises, which are injected with different vulnerabilities, but at the same time maintain similar levels of difficulty.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
