virtual cyber exercises with moodle€¦ · virtual cyber exercises with moodle [distribution...

Adam Welle and Kimo BumanglagCarnegie Mellon University

Virtual Cyber Exercises with Moodle

[Distribution Statement A] Approved for public release and unlimited distribution.

Presenter

Presentation Notes

The Software Engineering Institute at Carnegie Mellon University has developed a number of open source software tools that can be combined with Moodle to enable dynamic cyber training in virtual environments. These environments can range in size from a single virtual machine to the largest events consisting of thousands of participants using thousands of virtual machines. The open source software presented enables virtual environments to be accessed from a Moodle instance and further seeks to enhance the training experience by increasing fidelity and realism with live networks. Further, the software presented works alongside Moodle and xAPI to deliver quantifiable learning assessments.

Copyright 2019 Carnegie Mellon University.

This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center.

The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation.References herein to any specific commercial product, process, or service by trade name, trade mark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Carnegie Mellon University or its Software Engineering Institute.

NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.

This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at [email protected].

CERT® is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University.

DM19-1210 [Distribution Statement A] Approved for public release and unlimited distribution.

Agenda● Introduction● Cyber Exercise Overview● Range Technologies● Simulations ● Integrating with Moodle


Introduction● Who we are● What we do


Presenter

Presentation Notes

Software Engineering Institute Federally Funded Research and Development Center (FFRDC) Solving problems while training the Cyber Workforce Innovative ways to increase realism and provide assessment Develop targeted training content for challenging work roles Develop cyber exercise for team training

Cyber Exercise Overview

Event Size

Fide

lity

Basic Individual

Tasks

Advanced Individual

Tasks

Basic Team Tasks

Advanced Team Tasks

Certification&

Validation


Presenter

Presentation Notes

A cyber exercise is a training event that happens along a spectrum of size and fidelity. Exercises which are focused on individuals are the smallest events and require the least fidelity. We use technologies to automate the provisioning and deprovisioning of lab environments for these kinds of exercises. Team tasks are larger. The team size can range from a small group of people who perform the same actions in concert (threat hunting, network validation, etc) to a whole organizational unit which comprises the network defenders, management, and external partners. These events require higher fidelity, both from a technological perspective and from a simulated user perspective. Certification and validation events are the largest. These employ a whole team (or perhaps a team of teams). The highest levels of fidelity are required, with an increased emphasis on simulated command and control (management) layers.

Range Technologies

Deprecating Open Source Lab BuilderFull Scale Environment

BuilderComing soon


Presenter

Presentation Notes

Phasing out STEP TopoMojo is open source Crucible will be open source

SimulationsGHOSTS

• for Non-Player Characters

GreyBox•for backbone routing

TopGen•for Simulated Internet websites and DNS

vTunnel•for out of band command and control

WELLE-D•for Wi-Fi simulation

StormBox•for low fidelity user simulation


Presenter

Presentation Notes

GHOSTS (and OPFOR) - Injects – realism – implements the MSEL StormBox GreyBox TopGen vTunnel – mention command and control as well as scoring WELLE-D

Assessing PerformanceAssessment● LMS – Moodle, of course!● LRS – Learning Locker● xAPI – from Moodle, H5P, and VMs● MELK – Moodle, Elasticsearch,

Logstash, Kibana to visualize performance

● NICE Cyber Security Workforce Framework


Presenter

Presentation Notes

These some of the open source technologies we are to assess performance

Assessment with MoodleActivities● Quiz● Feedback● Files

Features● Competencies

Plugins● H5P● Virtual Programming Lab● Course Format Board● Logstore xAPI● Local Metadata


Presenter

Presentation Notes

Moodle was very appealing to use because of its default support for these useful activities But then we discovered these additional plugins that gave us the opportunity to innovate

Moodle Competencies● Cyber Evaluator Tool Output


Presenter

Presentation Notes

Cyber Evaluator Tool is a Moodle course that gauges the learner’s knowledge of their Work Role as per the NIST NICE Cyber Security Workforce Framework

Custom Integrations with Moodle● Import courses from old STEP LMS● Match organizational branding● Display Moodle content on other systems● Provide access to VM consoles● Categorize training and identify skill gaps


Presenter

Presentation Notes

In order to expand further innovate our training and assessment, we wanted to do these additional things

Moodle Development● Content Sync Plugin● Purpose: Add Moodle content to the Foundry content discovery system● Type: admin tool● Leverages: OAUTH2, scheduled tasks● Communicates with the Foundry API to add content links and images


Moodle Development● Custom Theme Plugin● Purpose: Provide a dark theme to match other sites● Type: theme● Leverages: Boost theme, local metadata plugin● Automatically redirects users to OAUTH2 identity server● Renderer overrides H5P logo with activity logo● Renderer overrides and rearranges course listing display● Renderer uses local metadata plugin to override page layout for activities


Moodle Development● Custom Theme and course format board


Presenter

Presentation Notes

This screenshot shows both the custom theme and the format board layout that we chose in order to reduce whitespace.

Moodle Development● Local Metadata● Used to determine whether to sync content to Foundry● Used to determine whether to display activity as embedded


Presenter

Presentation Notes

These are the options we are using for each activity inside of Moodle. The first option tells the content sync plugin to add/update this content on Foundry.

Moodle Development● Crucible and Local Metadata


Presenter

Presentation Notes

The local metadata plugin allows the theme plugin to display activities in a manner that looks great when embedded inside other sites when the user may not need access to the full Moodle course.

Moodle Development● Crucible Plugin● Purpose: Deploy labs and access VM consoles● Type: activity● Leverages: OAUTH2● Allows course creators to add lab as a Moodle course activity● Communicates with the Crucible API● Pulls name and description of lab from Crucible● Pulls lab history from Crucible● Embeds Crucible VM consoles or links to the full Crucible Player


Moodle Development● Crucible


Presenter

Presentation Notes

The course creator can easily link the lab into Moodle whereas we previously used a generic HTML page to create a button. Here we also see the drop down and the display selection.



Presenter

Presentation Notes

This shows the name and description. The user has control of the lab and can click a button to start the lab and deploy the VMs



Presenter

Presentation Notes

The plugin uses JavaScript to poll the Crucible API and refresh the page when the VMs exist.



Presenter

Presentation Notes

The user may have access to one or more VMs



Presenter

Presentation Notes

Once the user open the VM, it is embedded inside an iframe within the activity. As this point the user has a button that will end the lab and destroy the VMs.

Moodle Layout● Quiz


Moodle Layout● VPL


Future Moodle Development● Further integration with Crucible● Moodle events and xAPI● Grading of lab tasks automatically● Release Crucible and mod_crucible on Github in 2020


Presenter

Presentation Notes

We will eventually update the plugin to communicate with a new Crucible component that will allow for the automated grading of lab tasks. The lab creator will define tasks that will check the state of the VMs to determine the user’s progress and these results will be displayed within the Moodle activity.

http://cmu-sei.github.io


virtual cyber exercises with moodle€¦ · virtual cyber exercises with moodle [distribution...

Documents