Design Considerations for Cyber Security Testbeds: A Case Study on a Cyber Security Testbed for Education

摘要

Educational testbeds have been developed for many years. Within the past ten years, the development of cloud-based storage architectures as well as the facilitation of memory and storage technology allowed for the building of small to medium-sized testbeds at low or medium cost. These developments provide the foundation for the development of educational testbeds that can be used for cyber security training and exercise of various target groups (e.g., students, IT professionals, engineers) in many domains (e.g., cyber security, IoT, Industry 4.0). Testbeds have been well established within the information security community (e.g., malware analysis, cyber security experimentation, etc.). However, these testbeds often require a certain level of maintenance or resources and were therefore not often used in non-expert communities. However, it is essential that testbeds gain a wider audience in order to enable many different groups cyber security skills and competencies. In this paper, we analyze how an educational testbed could be designed by (1) examining established testbeds in research and education and (2) analyzing how typical testbeds are designed. Based on this, we propose a design life cycle, i.e. a methodology to facilitate the development of cyber security testbeds. We demonstrate our findings in a case study. In the study, we designed and implemented a cyber security testbed for educational purposes using open source technology. The results and reviewed literature validate the design life cycle and show dependencies between the underlying technology of the testbed and the designed challenges. These findings contribute to the overall development of testbeds and can be used as basis for future work. We plan to further extend this testbed in order to develop an automated and flexible cyber security testbed.