1 / 14

SEED: Hands-on Lab Exercises for SE curity ED ucation

SEED: Hands-on Lab Exercises for SE curity ED ucation. Wenliang (Kevin) Du Professor Dept. of Electrical Engineering & Computer Science Syracuse University. The SEED Project (2002 – Present).

doria
Download Presentation

SEED: Hands-on Lab Exercises for SE curity ED ucation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SEED: Hands-on Lab Exercises for SEcurityEDucation Wenliang (Kevin) Du Professor Dept. of Electrical Engineering & Computer Science Syracuse University

  2. The SEED Project (2002 – Present) • Objective:Developing effective, low-cost, and easy-to-adopthands-on lab exercises. • Outcome • 30 labs developed and tested (free to use) • 11 years’ testing in classrooms • Adopted by over 200 universities worldwide • Sponsorship • 2002-2005: NSF CCLI Type I ($75,000) • 2007-2012: NSF TUES/CCLI Type II ($450,000)

  3. SEED Lab Environment Labs Minix 3 Linux (Ubuntu) Virtual Machine (e.g. vmware, VirtualBox) Host OS (Windows, Linux, Mac)

  4. Vulnerability/Attack Labs Vulnerability/Attack Labs Linux Virtual Machine Objectives: to learn from mistakes, to see how a flaw leads to security breaches, to carry out real attacks in the lab environment, and to apply security principles in defense.

  5. List of Vuln./Attack Labs Software in general • Buffer-overflow Lab • Return-to-libc Attack Lab • Race-condition Lab • Format-string Lab • Set-UID vulnerability Lab • Sandbox(chroot)Lab Networking • TCP/IP Attack Lab • DNS Pharming Attack Lab Web • Cross-Site Scripting Lab • Cross-Site Request Forgery Lab • SQL Injection Lab • Clickjacking Attack Lab

  6. Design/Implementation Labs Design/Implementation Labs Linux/Minix Virtual Machine Objectives: to build and integrate security mechanisms in systems, apply security principles in system development, and cultivate security thinking in practice.

  7. List of Design/Implet. Labs System (Minix) • Role-Based Access Control Lab • Capability Lab • Set-RandomUID Lab • Encrypted File System Lab • Address Space Layout Randomization Lab Networking • Linux Firewall Lab • Linux VPN Lab • Minix Firewall Lab • Minix IPSec Lab

  8. Exploration Labs “tour” Linux OS Other Components Security Component • Guided Tour: • Small experiments • Guided activities • Interact with security components • Observe and Explain Objectives: to explore how security mechanisms work, and to apply security principles in evaluating those mechanisms.

  9. List of Exploration Labs System • Web Access Control Lab • Linux Capability Exploration Lab • Pluggable Authentication Module Lab Networking • Linux Firewall Exploration Lab • Packet Sniffing & Spoofing Lab • SYN Cookie Lab Cryptography • Secret-Key Encryption Lab • One-Way Hash Function Lab • Public-Key Encryption and PKI Lab

  10. SEED LabsAdoption in the World • More than 200 universities used SEED Labs • Australia • Belgium • Brazil • China • France • Germany • Greece • India • Ireland • Lebanon • Malaysia • Portugal • Saudi Arabia • Singapore • Slovak Republic • Spain • United Arab Emirates • U.K. • USA • etc.

  11. SEED Labs Adoption in US • Arizona State University • Central Michigan University • City University of New York • Indiana University • Johns Hopkins University • Naval Postgraduate School • Northwestern University • North Carolina State Univ. • Northern Kentucky University • Texas A&M University • Towson University • Purdue University • UC San Diego • Virginia Tech • West Point • West Virginia University • etc. • Air Force Training Program • Industry Training

  12. Screen clipping taken: 7/6/2013 1:47 PM Our Dissemination Efforts • Instructor manuals • Campus visits • Mapping to Popular Textbook • Talked to most of the authors

  13. Mapping to Popular Textbooks

  14. Future Plan • Large-scale dissemination • Organize workshops • Teach MOOC courses • Mobi-SEED: Extended to mobile systems • OS: Android • Hardware: BeagleBone Black ($45) • Develop security labs • Can cover: apps, OS, and hardware

More Related