Building an IT Security Laboratory for Complex Teaching Scenarios Using ‘Infrastructure as Code’
Author: Marcus Soll, Hendrik Helmken, Michel Belde, Sebastian Schimpfhauser, Daniel Versick
Conference: IEEE Global Engineering Education Conference 2023 (EDUCON)
DOI: https://doi.org/10.1109/EDUCON54358.2023.10125250
Conference: IEEE Global Engineering Education Conference 2023 (EDUCON)
DOI: https://doi.org/10.1109/EDUCON54358.2023.10125250
Since the demand for IT security education is increasing, it is useful to provide easy access to laboratories to IT security. These should not only provide simple scenarios, but should also provide more complex scenarios (e.g. including multiple subnets and multiple vulnurable targets).
This paper not only presents a system for providing such laboratories using 'Infrastructure as Code' (Terraform in our case), but also the pedagogical concept which was taken into consideration while developing the system.
bibtex
@inproceedings{2023-Building_an_IT_Security_Laboratory_for_Complex_Teaching_Scenarios_Using_‘Infrastructure_as_Code’,
title = "Building an IT Security Laboratory for Complex Teaching Scenarios Using ‘Infrastructure as Code’",
author = "Soll, Marcus and Helmken, Hendrik and Belde, Michel and Schimpfhauser, Sebastian and Nguyen, Felix and Versick, Daniel",
ISSN = "2165-9567",
abstract = "There are increasing demands for IT security education which could be partly met by easier access to IT security laboratories. This paper proposes the use of ‘Infrastructure as Code’ (IaC) as a central building block for introducing dynami-cally adaptable teaching scenarios to laboratories in the context of IT security. The decision was made based on our didactical concept (which is built on Bloom's Taxonomy). The concept we propose is intended for use in a virtual laboratory, where the whole laboratory set-up is distributed over and contained within virtual machines. This way, we are able to build realistic, complex teaching scenarios. After comparing multiple IaC solutions, we decided to build our implementation on Terraform. The most important building blocks written in Terraform are presented. In addition, a user interface was created to meet demands of students and teachers. We will describe example teaching scenarios including one where students are tasked with gaining access to vulnerable data via a 2-step attack.",
booktitle = "2023 IEEE Global Engineering Education Conference (EDUCON)",
doi = "10.1109/EDUCON54358.2023.10125250",
pages = "1-8",
year = 2023,
}