Skip to main content
SpringerLink
Log in

Model-Driven Cyber Range Training: A Cyber Security Assurance Perspective

  • Conference paper
  • First Online:
Book cover Computer Security (IOSEC 2019, MSTEC 2019, FINSEC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11981))

Abstract

Security demands are increasing for all types of organisations, due to the ever-closer integration of computing infrastructures and smart devices into all aspects of the organisational operations. Consequently, the need for security-aware employees in every role of an organisation increases in accordance. Cyber Range training emerges as a promising solution, allowing employees to train in both realistic environments and scenarios and gaining hands-on experience in security aspects of varied complexity, depending on their role and level of expertise. To that end, this work introduces a model-driven approach for Cyber Range training that facilitates the generation of tailor-made training scenarios based on a comprehensive model-based description of the organisation and its security posture. Additionally, our approach facilitates the auto- mated deployment of such training environments, tailored to each defined scenario, through simulation and emulation means. To further highlight the usability of the proposed approach, this work also presents scenarios focusing on phishing threats, with increasing level of complexity and difficulty.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. A guide to the Internet of Things (2015). https://www-ssl.intel.com/content/www/us/en/internet-of-things/infographics/guide-to-iot.html

  2. Rantos, K., Fysarakis, K., Manifavas, C.: How effective is your security awareness program? An evaluation methodology. Inf. Secur. J.: Glob. Perspect. 21(6), 328–345 (2012)

    Google Scholar 

  3. Lack of Security Awareness Training Leaves Healthcare Organizations Exposed to Cyberattacks. https://www.hipaajournal.com/lack-of-security-awareness-training-healthcare-cyberattacks/

  4. ENISA Smart Grid Security. https://www.enisa.europa.eu/topics/critical-information-infrastructures-and-services/smart-grids/smart-grids-and-smart-metering/ENISA_Annex%20II%20-%20Security%20Aspects%20of%20Smart%20Grid.pdf

  5. National Vulnerability Database (NVD). NIST. https://www.nist.gov/programs-projects/national-vulnerability-database-nvd

  6. Lagazio, M., Barnard-Wills, D., Rodrigues, R., Wright, D.: Certification Schemes for Cloud Computing. EU Commission Report, Digital Agenta for Europe (2014)

    Google Scholar 

  7. CUMULUS Project. Certification infrastructure for multi-layer cloud services project. D2.2 Certification models (2012). http://cordis.europa.eu/docs/projects/cnect/0/318580/080/deliverables/001-D22Certificationmodelsv1.pdf

  8. Cloud Security Alliance, CSA Security, Trust and Assurance Registry (STAR). https://cloudsecurityalliance.org/star/

  9. EuroCloud Start Audit. https://resilience.enisa.europa.eu/cloud-computing-certification/list-of-cloud-certification-schemes/eurocloud-star-audit

  10. NS-3. https://www.nsnam.org/overview/what-is-ns-3/

  11. GNS3. https://www.gns3.com/

  12. Netkit. http://wiki.netkit.org/

  13. OMNet++ Discrete Event Simulator. http://www.omnetpp.org

  14. OpenStack. https://www.openstack.org/

  15. Docker. https://www.docker.com/

  16. OWASP Attack Categories. OWASP. https://www.owasp.org/index.php/Category:Attack

  17. ENISA. https://www.enisa.europa.eu/

  18. CIPSEC-EU Project. http://www.cipsec.eu/

  19. Kaspersky Interactive Protection Simulation (KIPS). https://www.kaspersky.com/enterprise-security/security-awareness

  20. MediaPro’s Adaptive Awareness Portal. http://www.mediapro.com/adaptive-awareness-framework/adaptive-awareness-portal

  21. Sophos Phish Threat. https://www.sophos.com/en-us/products/phish-threat.aspx

  22. Inspired eLearning’s Security Awareness Training. https://inspiredelearning.com/security-awareness/

  23. Amorim, J.A., et al.: Gamified Training for Cyber Defence: Methods and Automated Tools for Situation and Threat Assessment (2013)

    Google Scholar 

  24. Boopathi, K., et al.: Learning Cyber Security Through Gamification (2015)

    Google Scholar 

  25. PwC’s Game of Threats. https://www.pwc.co.uk/issues/cyber-security-data-privacy/services/game-of-threats.html

  26. Jasima Discrete Event Simulator. https://www.simplan.de/en/software-2/jasima/

Download references

Author information

Authors and Affiliations

  1. Sphynx Technology Solutions AG, Zug, Switzerland

    Iason Somarakis, Michail Smyrlis, Konstantinos Fysarakis & George Spanoudakis

Authors
  1. Iason Somarakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michail Smyrlis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Konstantinos Fysarakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. George Spanoudakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Iason Somarakis .

Editor information

Editors and Affiliations

  1. Industrial Systems Institute/Research Center ATHENA, Patras, Greece

    Apostolos P. Fournaris

  2. Foundation for Research and Technology - Hellas (FORTH), Heraklion, Greece

    Manos Athanatos

  3. University of Patras, Patras, Greece

    Konstantinos Lampropoulos

  4. Foundation for Research and Technology - Hellas (FORTH), Heraklion, Greece

    Sotiris Ioannidis

  5. Foundation for Research and Technology - Hellas (FORTH), Heraklion, Greece

    George Hatzivasilis

  6. University of Milan, Milan, Italy

    Ernesto Damiani

  7. Norwegian Computing Center, Oslo, Norway

    Habtamu Abie

  8. Fondazione Bruno Kessler, Trento, Italy

    Silvio Ranise

  9. University of Genoa, Genoa, Italy

    Luca Verderame

  10. Fondazione Bruno Kessler, Trento, Italy

    Alberto Siena

  11. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Somarakis, I., Smyrlis, M., Fysarakis, K., Spanoudakis, G. (2020). Model-Driven Cyber Range Training: A Cyber Security Assurance Perspective. In: Fournaris, A., et al. Computer Security. IOSEC MSTEC FINSEC 2019 2019 2019. Lecture Notes in Computer Science(), vol 11981. Springer, Cham. https://doi.org/10.1007/978-3-030-42051-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-42051-2_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-42050-5

  • Online ISBN: 978-3-030-42051-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation