Semi-automatic generation of cybersecurity exercises: a preliminary proposal

Abstract

Computer security competitions in which teams competitively attack and defend programs in real time are powerful training vehicles, but they are costly to organize and run. The same problem arises in the case of cybersecurity education since practical exercises are hard to design and, once exploited, they cannot be reused by the same students. In this preliminary work, we propose the use of flow-based programming - and specifically the Node-RED tool - to semi-automatically generate resources for cybersecurity competitions and training. The long term goal is defining a library of modules which can be easily combined to build a pool of fresh exercises, which are injected with different vulnerabilities, but at the same time maintain similar levels of difficulty.