CONTAINER TECHNOLOGY AND ITS APPLICATION IN CYBERSECURITY LEARNING: A SYSTEMATIC REVIEW OF LITERATURE

Authors

  • Roger Andres Chingo Esquivel PUCESA
  • Omar Salvador Goméz Goméz GrIISoft Research Group, Escuela Superior Politécnica de Chimborazo

DOI:

https://doi.org/10.32870/recibe.v9i2.186

Keywords:

Cybersecurity, Information Security, Learning, Education, Containers, Lightweight Virtualization, Educational Software, Systematic Literature Review

Abstract

Due to constating changing, Cybersecurity learning requires a theoretical and practical cognitive processes, particularly, practical approach requires to use hyper-realistic environments that do not put real infrastructure at risk or lead to situations of a legal nature, these platforms that contains these environments are known as Cyber ​​Ranges, because of their Complexity it can be expensive and difficult to implement, for this reason, a large part of the efforts for learning and teaching have been focused on the use of different technologies that improve these aspects, therefore container virtualization has begun to be used, which is a lightweight and flexible in its application. This article presents the results of a Systematic Literature Review carried out to identify and characterize primary studies on the use of containers for learning Cybersecurity. The results show that there are several primary studies that investigate the use of container technology in learning Cybersecurity; Being the great majority proposals of platforms, Cyber ​​Ranges, virtual laboratories and CTFs (Capture The Flag) due to the shortage of specialized software for learning Cybersecurity.

References

Ageyev, D., Bondarenko, O., Radivilova, T., & Alfroukh, W. (2018). Classification of existing virtualization methods used in telecommunication networks. 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT), 83–86. https://doi.org/10.1109/DESSERT.2018.8409104

AlSalamah, A. K., Cámara, J. M. S., & Kelly, S. (2018). Applying virtualization and containerization techniques in cybersecurity education. Proceedings of the 34th Information Systems Education Conference, ISECON 2018, 1–14.

Anand, A., Chaudhary, A., & Arvindhan, M. (2021). The Need for Virtualization: When and Why Virtualization Took Over Physical Servers. Advances in Communication and Computational Technology, 668, 1351–1359. https://doi.org/10.1007/978-981-15-5341-7_102

AppGoat. (2020). https://www.ipa.go.jp/security/vuln/appgoat/

Arcos, G., Aguirre, G. L., Hidalgo, B., Rosero, R. H., & Gómez, O. S. (2018). Current Trends of Teaching Computer Programming in Undergraduate CS Programs: A Survey from Ecuadorian Universities. KnE Engineering, 1(2), 253. https://doi.org/10.18502/keg.v1i2.1499

Aroraa, G. (2017). Building Microservices with .NET Core 2.0 (Second edi). Packt Publishing.

Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., & Warfield, A. (2003). Xen and the art of virtualization. Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP ’03), 37(5), 164–177. https://doi.org/10.1145/1165389.945462

Burley, D., Bishop, M., Kaza, S., Gibson, D. S., Hawthorne, E., & Buck, S. (2013). ACM Joint Task Force on Cybersecurity Education. In Computer Science Curricula 2013: Curriculum Guidelines for Undergraduate Degree Programs in Computer Science (pp. 683–684). Association for Computing Machinery. https://doi.org/10.1145/12345.67890

Buttyán, L., Félegyházi, M., & Pék, G. (2016). Mentoring talent in IT security – A case study. 2016 USENIX Workshop on Advances in Security Education, ASE 2016, Co-Located with the 25th USENIX Security Symposium, 1–8.

Caliskan, E., & Vaarandi, R. (2020). Career development in cyber security: Bootcamp training programs. Proceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS 2020, 503–511. https://doi.org/10.34190/ICCWS.20.080

Caturano, F., Perrone, G., & Romano, S. Pietro. (2020). Capturing flags in a dynamically deployed microservices-based heterogeneous environment. 2020 Principles, Systems and Applications of IP Telecommunications (IPTComm), 1–7. https://doi.org/10.1109/IPTComm50535.2020.9261519

Čeleda, P., Vykopal, J., Švábenský, V., & Slavíček, K. (2020). KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems. Proceedings of the 51st ACM Technical Symposium on Computer Science Education (SIGCSE ’20), 1026–1032. https://doi.org/10.1145/3328778.3366908

Crumpler, W., & Lewis, J. A. (2019). The Cybersecurity Workforce Gap. Center for Strategic and International Studies (CSIS), JANUARY, 1–10.

DVWA - Damn Vulnerable Web Application. (2020). http://www.dvwa.co.uk/

Genero, M., Cruz-Lemus, J., & Piattini, M. (2014). Métodos de investigación en ingeniería del software (1st ed.). Ra-Ma.

Irvine, C. E., Michael, F., & Khosalim, J. (2017). Labtainers: A Docker-based framework for cybersecurity labs. ASE 2017 - 2017 USENIX Workshop on Advances in Security, 1–6.

Kalyanam, R., & Yang, B. (2017). Try-CybSI: An Extensible Cybersecurity Learning and Demonstration Platform. Proceedings of the 18th Annual Conference on Information Technology Education (SIGITE ’17), 41–46. https://doi.org/10.1145/3125659.3125683

Kalyanam, R., Yang, B., Willis, C., Lambert, M., & Kirkpatrick, C. (2020). CHEESE: Cyber Human Ecosystem of Engaged Security Education. 2020 IEEE Frontiers in Education Conference (FIE), 1–7. https://doi.org/10.1109/FIE44824.2020.9273931

Kitchenham, B. (2004). Procedures for Performing Systematic Reviews. Keele University, 33, 1–16.

Liu, W., Niyaz, Q., Sun, W., & Javaid, A. Y. (2018). A Web-Based Lightweight Testbed for Supporting Network Security Hands-on Labs. 2018 IEEE International Conference on Electro/Information Technology (EIT), 0498–0503. https://doi.org/10.1109/EIT.2018.8500270

Maki, N., Nakata, R., Toyoda, S., Kasai, Y., Shin, S., & Seto, Y. (2020). An effective cybersecurity exercises platform CyExec and its training contents. International Journal of Information and Education Technology, 10(3), 215–221. https://doi.org/10.18178/ijiet.2020.10.3.1366

Metasploitable. (2019). https://sourceforge.net/projects/metasploitable/files/Metasploitable2/

Morabito, R. (2017). Virtualization on internet of things edge devices with container technologies: A performance evaluation. IEEE Access, 5, 8835–8850. https://doi.org/10.1109/ACCESS.2017.2704444

Mouat, A. (2016). Using Docker: Developing and Deploying Software with Containers. In B. Anderson (Ed.), O’Reilly (First Edit). O’Reilly Media.

Oh, S. K., Stickney, N., Hawthorne, D., & Matthews, S. J. (2020). Teaching Web-Attacks on a Raspberry Pi Cyber Range. Proceedings of the 21st Annual Conference on Information Technology Education (SIGITE ’20), 324–329. https://doi.org/10.1145/3368308.3415364

OWASP/IoTGoat. (2020). https://github.com/OWASP/IoTGoat

OWASP WebGoat - Learn the hack - Stop the attack. (2020). https://owasp.org/www-project-webgoat/

Perrone, G., & Romano, S. P. (2017). The Docker Security Playground: A hands-on approach to the study of network security. 2017 Principles, Systems and Applications of IP Telecommunications (IPTComm), 1–8. https://doi.org/10.1109/IPTCOMM.2017.8169747

Priyadarshini, I. (2018). FEATURES AND ARCHITECTURE OF THE MODERN CYBER RANGE: A QUALITATIVE ANALYSIS AND SURVEY [University of Delaware]. In University of Delaware. https://doi.org/1052564268

Raj, A. S., Alangot, B., Prabhu, S., & Achuthan, K. (2016). Scalable and lightweight CTF infrastructures using application containers. 2016 USENIX Workshop on Advances in Security Education, ASE 2016, Co-Located with the 25th USENIX Security Symposium, 1–8.

Raj, R. K., Ekstrom, J. J., Impagliazzo, J., Lingafelt, S., Parrish, A., Reif, H., & Sobiesk, E. (2017). Perspectives on the future of cybersecurity education. 2017 IEEE Frontiers in Education Conference (FIE), 1–2. https://doi.org/10.1109/FIE.2017.8190498

Robles-Gómez, A., Tobarra, L., Pastor, R., Hernández, R., Duque, A., & Cano, J. (2019). Analyzing the Students’ Learning within a Container-based Virtual Laboratory for Cybersecurity. Proceedings of the Seventh International Conference on Technological Ecosystems for Enhancing Multiculturality, 275–283. https://doi.org/10.1145/3362789.3362840

Shin, S., & Seto, Y. (2020). Development of IoT Security Exercise Contents for Cyber Security Exercise System. 2020 13th International Conference on Human System Interaction (HSI), 1–6. https://doi.org/10.1109/HSI49210.2020.9142678

Shin, S., Seto, Y., Kasai, Y., Ka, R., Kuroki, D., Toyoda, S., Hasegawa, K., & Midorikawa, K. (2019). Development of Training System and Practice Contents for Cybersecurity Education. 2019 8th International Congress on Advanced Applied Informatics (IIAI-AAI), 172–177. https://doi.org/10.1109/IIAI-AAI.2019.00043

Shirinbab, S., Lundberg, L., & Casalicchio, E. (2017). Performance evaluation of container and virtual machine running cassandra workload. 2017 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech), 1–8. https://doi.org/10.1109/CloudTech.2017.8284700

Sianipar, J., Willems, C., & Meinel, C. (2017). Team placement in crowd-Resourcing Virtual Laboratory for IT Security e-Learning. Proceedings of the 2017 International Conference on Cloud and Big Data Computing (ICCBDC 2017), 60–66. https://doi.org/10.1145/3141128.3141146

Singh, S., & Singh, N. (2016). Containers & Docker: Emerging roles & future of Cloud technology. 2016 2nd International Conference on Applied and Theoretical Computing and Communication Technology (ICATccT), 804–807. https://doi.org/10.1109/ICATCCT.2016.7912109

Thompson, M. F., & Irvine, C. E. (2018). Individualizing Cybersecurity Lab Exercises with Labtainers. IEEE Security and Privacy, 16(2), 91–95. https://doi.org/10.1109/MSP.2018.1870862

Tobarra, L., Robles-Gómez, A., Pastor, R., Hernández, R., Duque, A., & Cano, J. (2020). Students’ acceptance and tracking of a new container-based virtual laboratory. Applied Sciences (Switzerland), 10(3). https://doi.org/10.3390/app10031091

Vykopal, J., Ošlejšek, R., Čeleda, P., Vizváry, M., & Tovarňák, D. (2017). KYPO cyber range: Design and use cases. Proceedings of the 12th International Conference on Software Technologies, ICSOFT, 310–321. https://doi.org/10.5220/0006428203100321

Wang, J.-C., Cheng, W.-F., Chen, H.-C., & Chien, H.-L. (2015). Benefit of construct information security environment based on lightweight virtualization technology. 2015 International Carnahan Conference on Security Technology (ICCST). https://doi.org/10.1109/CCST.2015.7389695

Yadav, A. K., Garg, M. L., & Ritika. (2019). Docker containers versus virtual machine-based virtualization. Advances in Intelligent Systems and Computing, 814, 141–150. https://doi.org/10.1007/978-981-13-1501-5_12

Published

2021-04-27

How to Cite

Chingo Esquivel, R. A., & Goméz Goméz, O. S. (2021). CONTAINER TECHNOLOGY AND ITS APPLICATION IN CYBERSECURITY LEARNING: A SYSTEMATIC REVIEW OF LITERATURE. ReCIBE, Electronic Journal of Computing, Informatics, Biomedical and Electronics, 9(2), C4–20. https://doi.org/10.32870/recibe.v9i2.186

Issue

Section

Computer Science & IT