Abstract
Computer security students benefit from hands-on experience applying security tools and techniques to attack and defend vulnerable systems. Virtual machines (VMs) provide an effective way of sharing targets for hacking. However, developing these hacking challenges is time consuming, and once created, essentially static. That is, once the challenge has been "solved" there is no remaining challenge for the student, and if the challenge is created for a competition or assessment, the challenge cannot be reused without risking plagiarism, and collusion. Security Scenario Generator (SecGen) can build complex VMs based on randomised scenarios, with a number of diverse use-cases, including: building networks of VMs with randomised services and in-thewild vulnerabilities and with themed content, which can form the basis of penetration testing activities; VMs for educational lab use; and VMs with randomised CTF challenges. SecGen has a modular architecture which can dynamically generate challenges by nesting modules, and a hints generation system, which is designed to provide scaffolding for novice security students to make progress on complex challenges. SecGen has been used for teaching at universities, and hosting a recent UK-wide CTF event.
Official URL
More Information
Status: | Published |
---|---|
Refereed: | Yes |
Publisher: | USENIX Association |
Depositing User (symplectic) | Deposited by Schreuders, Cliffe |
Date Deposited: | 29 Sep 2017 09:52 |
Last Modified: | 12 Jul 2024 21:38 |
Event Title: | 2017 USENIX Workshop on Advances in Security Education (ASE'17) |
Event Dates: | 15 August 2017 |
Item Type: | Article |
Download
Export Citation
Explore Further
Read more research from the author(s):