EDURange Cloud: On Demand Cybersecurity Sandboxes Through Kubernetes

EDURange Cloud: On Demand Cybersecurity Sandboxes Through Kubernetes

연구 분야: Software Development

학회: International Conference on Availability, Reliability and Security

This paper describes EDURange Cloud, a cybersecurity education platform and framework powered by Kubernetes. The novelty of this approach is that it modularizes common internal components such as a Web server, FTP server, or database so that one can pick and choose the ones that are needed and scale the resources as desired to support the demand of the classroom exercise. It allows us to solve the problems that everyone faces when they build and run hands-on cybersecurity exercises in a classroom. Most often, we have greater needs for scalability, modularity, and ease of use. This framework allows instructors to efficiently design, modify and host their own cybersecurity exercises and competitions. The benefits of how we use Kubernetes include enhanced modularity through isolated instances, cost-effective scaling that adjusts resources based on demand, and the agility to deploy or update challenges rapidly. This approach addresses several critical problems. For example, it minimizes the instructor’s workload in class and enables independent challenge-pod resets for troubleshooting student problems. Additionally, some of the cybersecurity content may not tolerate resource sharing as it results in conflicts. The modularization and replication of containers mitigates that conflict by allocating independent replicas to each student which enables them to explore possible actions that could negatively impact other students, e.g. modyfying a shared database. Furthermore, Kubernetes offers students a full GUI desktop in EDURange WebOS to interact without having to worry about local virtual machine (VM) deployment. It also offers instructors the ability to design and deploy more complex learning scenarios that may involve diverse components including both the GUI and the terminal interface, as well as flexibility of resource management and load balancing by limiting data bandwidth demands. Lastly, this framework is an infrastructure for reproducible educational research, enabling scalable studies on student behavior, assessment design, and pedagogical interventions in cybersecurity instruction.