Monitoring of Cyber Security Exercise Environments in Cyber Ranges : with an implementation for CRATE / Övervakning av spelmiljöer i cyberanläggningar : med en implementation för CRATE

Sjöstedt, Matildha

January 2021

In a world where much of society is dependent on digital infrastructure, various cyber threats can pose a great risk to businesses, critical infrastructure and potentially entire nations. For this reason, research and education as well as the preparation of strategies,  training of personnel etc., is imperative. Cyber ranges can provide ''safe environments'' in which for example cyber security exercises and experiments can be conducted. While easier to deploy and configure than ''real'' infrastructures, monitoring of such environments during ongoing exercises/experiments poses a number of challenges. During this thesis work, the question of what types of data and information could be relevant to provide in a monitoring system for this context was investigated, with regard to aspects such as providing technical support or gaining situational awareness during exercises. Results gained from a survey with participants from relevant organizations, contributed greatly to this question. The survey and literature study also provided insights into challenges and potential problems of developing and running such monitoring. CRATE is a cyber range developed and maintained by the Swedish Defence Research Agency (FOI). In this thesis work, some of the challenges and potential problems found are tackled with a suggested design and an implemented monitoring system prototype for CRATE. Apart from providing functionality to retrieve information about accounts and privileges as well as status of services, the design of the prototype also lays the foundation for a flexible and extensible monitoring system -- fully adapted for use within a cyber range. With cyber exercises becoming both more prevalent and extensive, the need for capable monitoring of exercise environments will naturally arise. While the developed prototype may facilitate future cyber exercises/experiments in CRATE, the results of this thesis work are also ready to be used as a source of inspiration for other cyber range operators.

cyber range

monitoring

CRATE

cyber security

cyber security exercises

virtual machine

cyberanläggning

övervakning

CRATE

cybersäkerhet

cybersäkerhetsövningar

virtuell maskin

Information Systems

Software Engineering

Programvaruteknik

Automating software installation for cyber security research and testing public exploits in CRATE / Att automatisera mjukvaruinstallationer för cybersäkerhetsforskning och testandet av publika angreppskoder i CRATE

Kahlström, Joakim, Hedlin, Johan

January 2021

As cyber attacks are an ever-increasing threat to many organizations, the need for controlled environments where cyber security defenses can be tested against real-world attacks is increasing. These environments, called cyber ranges, exist across the world for both military and academic purposes of various scales. As the function of a cyber range involves having a set of computers, virtual or physical, that can be configured to replicate a corporate network or an industrial control system, having an automated method of configuring these can streamline the process of performing different exercises. This thesis aims to provide a proof of concept of how the installation of software with known vulnerabilities can be performed and examines if the software is vulnerable directly after installation. The Cyber Range And Training Environment (CRATE) developed by the Swedish Defence Research Agency (FOI) is used as a testbed for the installations and FOI-provided tools are used for launching automated attacks against the installed software. The results show that installations can be performed without Internet access and with minimal network traffic being generated and that our solution can rewrite existing software packages from the package manager Chocolatey to work with an on-premises repository with an 85% success rate. It is also shown that very few publicly available exploits succeed without any manual configuration of either the exploit or the targeted software. Our work contributes to making it easier to set up environments where cyber security research and training can be conducted by simplifying the process of installing vulnerable applications.

cyber range

software installation

cyber security

CRATE

exploit testing

automation

cyberanläggning

mjukvaruinstallation

cybersäkerhet

CRATE

angreppstestning

automatisering

Software Engineering

Programvaruteknik

Computer Sciences

Datavetenskap (datalogi)