CONTAINER TECHNOLOGY AND ITS APPLICATION IN CYBERSECURITY LEARNING: A SYSTEMATIC REVIEW OF LITERATURE
DOI:
https://doi.org/10.32870/recibe.v9i2.186Keywords:
Cybersecurity, Information Security, Learning, Education, Containers, Lightweight Virtualization, Educational Software, Systematic Literature ReviewAbstract
Due to constating changing, Cybersecurity learning requires a theoretical and practical cognitive processes, particularly, practical approach requires to use hyper-realistic environments that do not put real infrastructure at risk or lead to situations of a legal nature, these platforms that contains these environments are known as Cyber Ranges, because of their Complexity it can be expensive and difficult to implement, for this reason, a large part of the efforts for learning and teaching have been focused on the use of different technologies that improve these aspects, therefore container virtualization has begun to be used, which is a lightweight and flexible in its application. This article presents the results of a Systematic Literature Review carried out to identify and characterize primary studies on the use of containers for learning Cybersecurity. The results show that there are several primary studies that investigate the use of container technology in learning Cybersecurity; Being the great majority proposals of platforms, Cyber Ranges, virtual laboratories and CTFs (Capture The Flag) due to the shortage of specialized software for learning Cybersecurity.References
Ageyev, D., Bondarenko, O., Radivilova, T., & Alfroukh, W. (2018). Classification of existing virtualization methods used in telecommunication networks. 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT), 83–86. https://doi.org/10.1109/DESSERT.2018.8409104
AlSalamah, A. K., Cámara, J. M. S., & Kelly, S. (2018). Applying virtualization and containerization techniques in cybersecurity education. Proceedings of the 34th Information Systems Education Conference, ISECON 2018, 1–14.
Anand, A., Chaudhary, A., & Arvindhan, M. (2021). The Need for Virtualization: When and Why Virtualization Took Over Physical Servers. Advances in Communication and Computational Technology, 668, 1351–1359. https://doi.org/10.1007/978-981-15-5341-7_102
AppGoat. (2020). https://www.ipa.go.jp/security/vuln/appgoat/
Arcos, G., Aguirre, G. L., Hidalgo, B., Rosero, R. H., & Gómez, O. S. (2018). Current Trends of Teaching Computer Programming in Undergraduate CS Programs: A Survey from Ecuadorian Universities. KnE Engineering, 1(2), 253. https://doi.org/10.18502/keg.v1i2.1499
Aroraa, G. (2017). Building Microservices with .NET Core 2.0 (Second edi). Packt Publishing.
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., & Warfield, A. (2003). Xen and the art of virtualization. Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP ’03), 37(5), 164–177. https://doi.org/10.1145/1165389.945462
Burley, D., Bishop, M., Kaza, S., Gibson, D. S., Hawthorne, E., & Buck, S. (2013). ACM Joint Task Force on Cybersecurity Education. In Computer Science Curricula 2013: Curriculum Guidelines for Undergraduate Degree Programs in Computer Science (pp. 683–684). Association for Computing Machinery. https://doi.org/10.1145/12345.67890
Buttyán, L., Félegyházi, M., & Pék, G. (2016). Mentoring talent in IT security – A case study. 2016 USENIX Workshop on Advances in Security Education, ASE 2016, Co-Located with the 25th USENIX Security Symposium, 1–8.
Caliskan, E., & Vaarandi, R. (2020). Career development in cyber security: Bootcamp training programs. Proceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS 2020, 503–511. https://doi.org/10.34190/ICCWS.20.080
Caturano, F., Perrone, G., & Romano, S. Pietro. (2020). Capturing flags in a dynamically deployed microservices-based heterogeneous environment. 2020 Principles, Systems and Applications of IP Telecommunications (IPTComm), 1–7. https://doi.org/10.1109/IPTComm50535.2020.9261519
Čeleda, P., Vykopal, J., Švábenský, V., & Slavíček, K. (2020). KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems. Proceedings of the 51st ACM Technical Symposium on Computer Science Education (SIGCSE ’20), 1026–1032. https://doi.org/10.1145/3328778.3366908
Crumpler, W., & Lewis, J. A. (2019). The Cybersecurity Workforce Gap. Center for Strategic and International Studies (CSIS), JANUARY, 1–10.
DVWA - Damn Vulnerable Web Application. (2020). http://www.dvwa.co.uk/
Genero, M., Cruz-Lemus, J., & Piattini, M. (2014). Métodos de investigación en ingeniería del software (1st ed.). Ra-Ma.
Irvine, C. E., Michael, F., & Khosalim, J. (2017). Labtainers: A Docker-based framework for cybersecurity labs. ASE 2017 - 2017 USENIX Workshop on Advances in Security, 1–6.
Kalyanam, R., & Yang, B. (2017). Try-CybSI: An Extensible Cybersecurity Learning and Demonstration Platform. Proceedings of the 18th Annual Conference on Information Technology Education (SIGITE ’17), 41–46. https://doi.org/10.1145/3125659.3125683
Kalyanam, R., Yang, B., Willis, C., Lambert, M., & Kirkpatrick, C. (2020). CHEESE: Cyber Human Ecosystem of Engaged Security Education. 2020 IEEE Frontiers in Education Conference (FIE), 1–7. https://doi.org/10.1109/FIE44824.2020.9273931
Kitchenham, B. (2004). Procedures for Performing Systematic Reviews. Keele University, 33, 1–16.
Liu, W., Niyaz, Q., Sun, W., & Javaid, A. Y. (2018). A Web-Based Lightweight Testbed for Supporting Network Security Hands-on Labs. 2018 IEEE International Conference on Electro/Information Technology (EIT), 0498–0503. https://doi.org/10.1109/EIT.2018.8500270
Maki, N., Nakata, R., Toyoda, S., Kasai, Y., Shin, S., & Seto, Y. (2020). An effective cybersecurity exercises platform CyExec and its training contents. International Journal of Information and Education Technology, 10(3), 215–221. https://doi.org/10.18178/ijiet.2020.10.3.1366
Metasploitable. (2019). https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
Morabito, R. (2017). Virtualization on internet of things edge devices with container technologies: A performance evaluation. IEEE Access, 5, 8835–8850. https://doi.org/10.1109/ACCESS.2017.2704444
Mouat, A. (2016). Using Docker: Developing and Deploying Software with Containers. In B. Anderson (Ed.), O’Reilly (First Edit). O’Reilly Media.
Oh, S. K., Stickney, N., Hawthorne, D., & Matthews, S. J. (2020). Teaching Web-Attacks on a Raspberry Pi Cyber Range. Proceedings of the 21st Annual Conference on Information Technology Education (SIGITE ’20), 324–329. https://doi.org/10.1145/3368308.3415364
OWASP/IoTGoat. (2020). https://github.com/OWASP/IoTGoat
OWASP WebGoat - Learn the hack - Stop the attack. (2020). https://owasp.org/www-project-webgoat/
Perrone, G., & Romano, S. P. (2017). The Docker Security Playground: A hands-on approach to the study of network security. 2017 Principles, Systems and Applications of IP Telecommunications (IPTComm), 1–8. https://doi.org/10.1109/IPTCOMM.2017.8169747
Priyadarshini, I. (2018). FEATURES AND ARCHITECTURE OF THE MODERN CYBER RANGE: A QUALITATIVE ANALYSIS AND SURVEY [University of Delaware]. In University of Delaware. https://doi.org/1052564268
Raj, A. S., Alangot, B., Prabhu, S., & Achuthan, K. (2016). Scalable and lightweight CTF infrastructures using application containers. 2016 USENIX Workshop on Advances in Security Education, ASE 2016, Co-Located with the 25th USENIX Security Symposium, 1–8.
Raj, R. K., Ekstrom, J. J., Impagliazzo, J., Lingafelt, S., Parrish, A., Reif, H., & Sobiesk, E. (2017). Perspectives on the future of cybersecurity education. 2017 IEEE Frontiers in Education Conference (FIE), 1–2. https://doi.org/10.1109/FIE.2017.8190498
Robles-Gómez, A., Tobarra, L., Pastor, R., Hernández, R., Duque, A., & Cano, J. (2019). Analyzing the Students’ Learning within a Container-based Virtual Laboratory for Cybersecurity. Proceedings of the Seventh International Conference on Technological Ecosystems for Enhancing Multiculturality, 275–283. https://doi.org/10.1145/3362789.3362840
Shin, S., & Seto, Y. (2020). Development of IoT Security Exercise Contents for Cyber Security Exercise System. 2020 13th International Conference on Human System Interaction (HSI), 1–6. https://doi.org/10.1109/HSI49210.2020.9142678
Shin, S., Seto, Y., Kasai, Y., Ka, R., Kuroki, D., Toyoda, S., Hasegawa, K., & Midorikawa, K. (2019). Development of Training System and Practice Contents for Cybersecurity Education. 2019 8th International Congress on Advanced Applied Informatics (IIAI-AAI), 172–177. https://doi.org/10.1109/IIAI-AAI.2019.00043
Shirinbab, S., Lundberg, L., & Casalicchio, E. (2017). Performance evaluation of container and virtual machine running cassandra workload. 2017 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech), 1–8. https://doi.org/10.1109/CloudTech.2017.8284700
Sianipar, J., Willems, C., & Meinel, C. (2017). Team placement in crowd-Resourcing Virtual Laboratory for IT Security e-Learning. Proceedings of the 2017 International Conference on Cloud and Big Data Computing (ICCBDC 2017), 60–66. https://doi.org/10.1145/3141128.3141146
Singh, S., & Singh, N. (2016). Containers & Docker: Emerging roles & future of Cloud technology. 2016 2nd International Conference on Applied and Theoretical Computing and Communication Technology (ICATccT), 804–807. https://doi.org/10.1109/ICATCCT.2016.7912109
Thompson, M. F., & Irvine, C. E. (2018). Individualizing Cybersecurity Lab Exercises with Labtainers. IEEE Security and Privacy, 16(2), 91–95. https://doi.org/10.1109/MSP.2018.1870862
Tobarra, L., Robles-Gómez, A., Pastor, R., Hernández, R., Duque, A., & Cano, J. (2020). Students’ acceptance and tracking of a new container-based virtual laboratory. Applied Sciences (Switzerland), 10(3). https://doi.org/10.3390/app10031091
Vykopal, J., Ošlejšek, R., Čeleda, P., Vizváry, M., & Tovarňák, D. (2017). KYPO cyber range: Design and use cases. Proceedings of the 12th International Conference on Software Technologies, ICSOFT, 310–321. https://doi.org/10.5220/0006428203100321
Wang, J.-C., Cheng, W.-F., Chen, H.-C., & Chien, H.-L. (2015). Benefit of construct information security environment based on lightweight virtualization technology. 2015 International Carnahan Conference on Security Technology (ICCST). https://doi.org/10.1109/CCST.2015.7389695
Yadav, A. K., Garg, M. L., & Ritika. (2019). Docker containers versus virtual machine-based virtualization. Advances in Intelligent Systems and Computing, 814, 141–150. https://doi.org/10.1007/978-981-13-1501-5_12
