Cybersecurity Education: RunLabs Rapidly Create Virtualized Labs Based on a Simple Configuration File

The cornerstone in educating the future workforce in cybersecurity in higher education is experiential learning. Cybersecurity competitions are shown to have the potential to increase the workforce and encourage students to pursue the field of cybersecurity. Virtual laboratories allow emulating real life cyber threats and rapid generation of multiple scenarios and infrastructures. The purpose of RunLabs project was to create a lab infrastructure to allow instructors to generate virtualized environments rapidly. Instructors can create virtual lab for students easily, with a simple configuration file. The methods used for RunLabs creation consist of a javascript object notation (JSON) configuration file that creates virtual machines with specified network configuration. In addition, it creates virtual network computing (VNC) service for each virtual machine with a random password, which allows students to be able to access the virtual machines and work on their exercises. RunLabs has a web-based user interface for administration and an application programming interface (API). The API allows additional tools to be written around RunLabs. The administrator can reboot virtual machines, change VNC passwords. If defined in the configuration file, the administrator can create generic routing encapsulation (GRE) tunnel for the virtual machines across multiple hosts. RunLabs project used Python, Flask, SQLite, Minimega, KVM/QEMU, and OpenVSwitch as its backbone software. The analysis showed that the virtual machine host can capture virtual machines network traffic; and by default, any changes made to the virtual machines are not saved to the virtual disk. Due to the way KVM/QEMU work, one virtual disk can be used to spin up multiple virtual machines. Use case scenarios for this project included malware analysis, virtualized penetration testing network, and capture the flag competitions. Future development includes creating a virtual machine repository, bug fixes, and an option to save changes to the virtual disk. Background and analysis of previous approaches The National Initiative for Cybersecurity Education (NICE) published a National Institute of Standard and Technology (NIST) special publication 800-181 defining a cybersecurity framework (NCWF) for the workforce. This document outlined the knowledge, skills, and abilities (KSAs) employers expect cybersecurity professional to possess for work roles (Newhouse, 2016). The NCWF consisted of seven categories, with 32 specialty areas, and within each specialty area there were associated KSAs and tasks (Newhouse, 2016). The cornerstone in educating the future workforce in cybersecurity in higher education is experiential learning. Cybersecurity competitions were shown to have the potential to increase the workforce and encourage students to pursue the field of cybersecurity (Conti, Weigand, Skoudis, Cook, & Arnold, 2014; Ferguson, Tall, & Olsen, 2014; Gavas, Memon, & Britton, 2012; Justice, 2015; Pearce, Zeadally, & Hunt, 2013; Talabis & Martin, 2012). Hands-on labs were another of the important ways to deliver course content in cybersecurity. Research conducted in 2012 at IUPUI, regarding the Living Lab, shows the benefits of experiential learning (Justice & Do, 2012). Hands-on experience in labs can help with employment and knowledge in work environment (Dinita, Wilson, Winckles, Cirstea, & Jones, 2012; Fanelli & O’connor, 2010; Hoffman, Burley, & Toregas, 2012; Justice & Do, 2012; "The National Initiative for Cybersecurity Education, NICE," 2015; Newhouse,2016). Virtual machines (VM) supported many of the cybersecurity competition and lab operations. Virtual laboratories allowed emulating real cyber threats and rapid generation of multiple scenarios and infrastructures. Creating virtual environments that simulated real world cybersecurity scenarios on the fly can be time consuming and cannot be accomplished in a class period. Different approaches Laboratories were accessed by learners in two ways, on-campus, and remote. Approaches to creating on-campus and remote cybersecurity laboratories are discussed.