Tecnología de contenedores y su aplicación en el aprendizaje de ciberseguridad: una revisión sistemática de literatura

Autores/as

  • Roger Andres Chingo Esquivel PUCESA
  • Omar Salvador Goméz Goméz GrIISoft Research Group, Escuela Superior Politécnica de Chimborazo

DOI:

https://doi.org/10.32870/recibe.v9i2.186

Palabras clave:

Ciberseguridad, Seguridad Informática, Aprendizaje, Educación, Contenedores, Virtualización Ligera, Software Educativo, Revisión Sistemática de Literatura

Resumen

El aprendizaje de Ciberseguridad por su naturaleza cambiante exige de procesos cognitivos tanto teóricos como prácticos, particularmente, los prácticos requieren de entornos hiperrealistas que no pongan en riesgo infraestructura real o acarreen situaciones de índole legal, estas plataformas que contienen dichos entornos, son conocidos como ciber-rangos, debido a su complejidad pueden ser costosos y difíciles de implementar por lo que gran parte de los esfuerzos para su aprendizaje y enseñanza han estado enfocados en la utilización de distintas tecnologías que mejoren estos aspectos, así se ha empezado a utilizar la virtualización por contenedores que presenta ligereza y flexibilidad en su aplicación. En este artículo se presentan los resultados de una Revisión Sistemática de la Literatura realizada para identificar y caracterizar estudios primarios vinculados con la tecnología de contenedores aplicados a la enseñanza de la ciberseguridad. Los resultados obtenidos muestran que existen diversos estudios primarios que investigan la utilización de la tecnología de contenedores en el aprendizaje de Ciberseguridad; siendo la gran mayoría propuestas de plataformas, ciber-rangos (Cyber Ranges), laboratorios virtuales y CTFs (Capture The Flag) debido a la escasez de software especializado para el aprendizaje de Ciberseguridad.

Citas

Ageyev, D., Bondarenko, O., Radivilova, T., & Alfroukh, W. (2018). Classification of existing virtualization methods used in telecommunication networks. 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT), 83–86. https://doi.org/10.1109/DESSERT.2018.8409104

AlSalamah, A. K., Cámara, J. M. S., & Kelly, S. (2018). Applying virtualization and containerization techniques in cybersecurity education. Proceedings of the 34th Information Systems Education Conference, ISECON 2018, 1–14.

Anand, A., Chaudhary, A., & Arvindhan, M. (2021). The Need for Virtualization: When and Why Virtualization Took Over Physical Servers. Advances in Communication and Computational Technology, 668, 1351–1359. https://doi.org/10.1007/978-981-15-5341-7_102

AppGoat. (2020). https://www.ipa.go.jp/security/vuln/appgoat/

Arcos, G., Aguirre, G. L., Hidalgo, B., Rosero, R. H., & Gómez, O. S. (2018). Current Trends of Teaching Computer Programming in Undergraduate CS Programs: A Survey from Ecuadorian Universities. KnE Engineering, 1(2), 253. https://doi.org/10.18502/keg.v1i2.1499

Aroraa, G. (2017). Building Microservices with .NET Core 2.0 (Second edi). Packt Publishing.

Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., & Warfield, A. (2003). Xen and the art of virtualization. Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP ’03), 37(5), 164–177. https://doi.org/10.1145/1165389.945462

Burley, D., Bishop, M., Kaza, S., Gibson, D. S., Hawthorne, E., & Buck, S. (2013). ACM Joint Task Force on Cybersecurity Education. In Computer Science Curricula 2013: Curriculum Guidelines for Undergraduate Degree Programs in Computer Science (pp. 683–684). Association for Computing Machinery. https://doi.org/10.1145/12345.67890

Buttyán, L., Félegyházi, M., & Pék, G. (2016). Mentoring talent in IT security – A case study. 2016 USENIX Workshop on Advances in Security Education, ASE 2016, Co-Located with the 25th USENIX Security Symposium, 1–8.

Caliskan, E., & Vaarandi, R. (2020). Career development in cyber security: Bootcamp training programs. Proceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS 2020, 503–511. https://doi.org/10.34190/ICCWS.20.080

Caturano, F., Perrone, G., & Romano, S. Pietro. (2020). Capturing flags in a dynamically deployed microservices-based heterogeneous environment. 2020 Principles, Systems and Applications of IP Telecommunications (IPTComm), 1–7. https://doi.org/10.1109/IPTComm50535.2020.9261519

Čeleda, P., Vykopal, J., Švábenský, V., & Slavíček, K. (2020). KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems. Proceedings of the 51st ACM Technical Symposium on Computer Science Education (SIGCSE ’20), 1026–1032. https://doi.org/10.1145/3328778.3366908

Crumpler, W., & Lewis, J. A. (2019). The Cybersecurity Workforce Gap. Center for Strategic and International Studies (CSIS), JANUARY, 1–10.

DVWA - Damn Vulnerable Web Application. (2020). http://www.dvwa.co.uk/

Genero, M., Cruz-Lemus, J., & Piattini, M. (2014). Métodos de investigación en ingeniería del software (1st ed.). Ra-Ma.

Irvine, C. E., Michael, F., & Khosalim, J. (2017). Labtainers: A Docker-based framework for cybersecurity labs. ASE 2017 - 2017 USENIX Workshop on Advances in Security, 1–6.

Kalyanam, R., & Yang, B. (2017). Try-CybSI: An Extensible Cybersecurity Learning and Demonstration Platform. Proceedings of the 18th Annual Conference on Information Technology Education (SIGITE ’17), 41–46. https://doi.org/10.1145/3125659.3125683

Kalyanam, R., Yang, B., Willis, C., Lambert, M., & Kirkpatrick, C. (2020). CHEESE: Cyber Human Ecosystem of Engaged Security Education. 2020 IEEE Frontiers in Education Conference (FIE), 1–7. https://doi.org/10.1109/FIE44824.2020.9273931

Kitchenham, B. (2004). Procedures for Performing Systematic Reviews. Keele University, 33, 1–16.

Liu, W., Niyaz, Q., Sun, W., & Javaid, A. Y. (2018). A Web-Based Lightweight Testbed for Supporting Network Security Hands-on Labs. 2018 IEEE International Conference on Electro/Information Technology (EIT), 0498–0503. https://doi.org/10.1109/EIT.2018.8500270

Maki, N., Nakata, R., Toyoda, S., Kasai, Y., Shin, S., & Seto, Y. (2020). An effective cybersecurity exercises platform CyExec and its training contents. International Journal of Information and Education Technology, 10(3), 215–221. https://doi.org/10.18178/ijiet.2020.10.3.1366

Metasploitable. (2019). https://sourceforge.net/projects/metasploitable/files/Metasploitable2/

Morabito, R. (2017). Virtualization on internet of things edge devices with container technologies: A performance evaluation. IEEE Access, 5, 8835–8850. https://doi.org/10.1109/ACCESS.2017.2704444

Mouat, A. (2016). Using Docker: Developing and Deploying Software with Containers. In B. Anderson (Ed.), O’Reilly (First Edit). O’Reilly Media.

Oh, S. K., Stickney, N., Hawthorne, D., & Matthews, S. J. (2020). Teaching Web-Attacks on a Raspberry Pi Cyber Range. Proceedings of the 21st Annual Conference on Information Technology Education (SIGITE ’20), 324–329. https://doi.org/10.1145/3368308.3415364

OWASP/IoTGoat. (2020). https://github.com/OWASP/IoTGoat

OWASP WebGoat - Learn the hack - Stop the attack. (2020). https://owasp.org/www-project-webgoat/

Perrone, G., & Romano, S. P. (2017). The Docker Security Playground: A hands-on approach to the study of network security. 2017 Principles, Systems and Applications of IP Telecommunications (IPTComm), 1–8. https://doi.org/10.1109/IPTCOMM.2017.8169747

Priyadarshini, I. (2018). FEATURES AND ARCHITECTURE OF THE MODERN CYBER RANGE: A QUALITATIVE ANALYSIS AND SURVEY [University of Delaware]. In University of Delaware. https://doi.org/1052564268

Raj, A. S., Alangot, B., Prabhu, S., & Achuthan, K. (2016). Scalable and lightweight CTF infrastructures using application containers. 2016 USENIX Workshop on Advances in Security Education, ASE 2016, Co-Located with the 25th USENIX Security Symposium, 1–8.

Raj, R. K., Ekstrom, J. J., Impagliazzo, J., Lingafelt, S., Parrish, A., Reif, H., & Sobiesk, E. (2017). Perspectives on the future of cybersecurity education. 2017 IEEE Frontiers in Education Conference (FIE), 1–2. https://doi.org/10.1109/FIE.2017.8190498

Robles-Gómez, A., Tobarra, L., Pastor, R., Hernández, R., Duque, A., & Cano, J. (2019). Analyzing the Students’ Learning within a Container-based Virtual Laboratory for Cybersecurity. Proceedings of the Seventh International Conference on Technological Ecosystems for Enhancing Multiculturality, 275–283. https://doi.org/10.1145/3362789.3362840

Shin, S., & Seto, Y. (2020). Development of IoT Security Exercise Contents for Cyber Security Exercise System. 2020 13th International Conference on Human System Interaction (HSI), 1–6. https://doi.org/10.1109/HSI49210.2020.9142678

Shin, S., Seto, Y., Kasai, Y., Ka, R., Kuroki, D., Toyoda, S., Hasegawa, K., & Midorikawa, K. (2019). Development of Training System and Practice Contents for Cybersecurity Education. 2019 8th International Congress on Advanced Applied Informatics (IIAI-AAI), 172–177. https://doi.org/10.1109/IIAI-AAI.2019.00043

Shirinbab, S., Lundberg, L., & Casalicchio, E. (2017). Performance evaluation of container and virtual machine running cassandra workload. 2017 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech), 1–8. https://doi.org/10.1109/CloudTech.2017.8284700

Sianipar, J., Willems, C., & Meinel, C. (2017). Team placement in crowd-Resourcing Virtual Laboratory for IT Security e-Learning. Proceedings of the 2017 International Conference on Cloud and Big Data Computing (ICCBDC 2017), 60–66. https://doi.org/10.1145/3141128.3141146

Singh, S., & Singh, N. (2016). Containers & Docker: Emerging roles & future of Cloud technology. 2016 2nd International Conference on Applied and Theoretical Computing and Communication Technology (ICATccT), 804–807. https://doi.org/10.1109/ICATCCT.2016.7912109

Thompson, M. F., & Irvine, C. E. (2018). Individualizing Cybersecurity Lab Exercises with Labtainers. IEEE Security and Privacy, 16(2), 91–95. https://doi.org/10.1109/MSP.2018.1870862

Tobarra, L., Robles-Gómez, A., Pastor, R., Hernández, R., Duque, A., & Cano, J. (2020). Students’ acceptance and tracking of a new container-based virtual laboratory. Applied Sciences (Switzerland), 10(3). https://doi.org/10.3390/app10031091

Vykopal, J., Ošlejšek, R., Čeleda, P., Vizváry, M., & Tovarňák, D. (2017). KYPO cyber range: Design and use cases. Proceedings of the 12th International Conference on Software Technologies, ICSOFT, 310–321. https://doi.org/10.5220/0006428203100321

Wang, J.-C., Cheng, W.-F., Chen, H.-C., & Chien, H.-L. (2015). Benefit of construct information security environment based on lightweight virtualization technology. 2015 International Carnahan Conference on Security Technology (ICCST). https://doi.org/10.1109/CCST.2015.7389695

Yadav, A. K., Garg, M. L., & Ritika. (2019). Docker containers versus virtual machine-based virtualization. Advances in Intelligent Systems and Computing, 814, 141–150. https://doi.org/10.1007/978-981-13-1501-5_12

Descargas

Publicado

2021-04-27

Cómo citar

Chingo Esquivel, R. A., & Goméz Goméz, O. S. (2021). Tecnología de contenedores y su aplicación en el aprendizaje de ciberseguridad: una revisión sistemática de literatura. ReCIBE, Revista electrónica De Computación, Informática, Biomédica Y Electrónica, 9(2), C4–20. https://doi.org/10.32870/recibe.v9i2.186

Número

Sección

Computación e Informática