The Cybersecurity Virtual Lab is one of the technology resources in the Department of Security Studies & International Affairs. The virtual lab provides students, faculty, and researchers remote access to virtual Windows and Linux computers from anywhere on the Internet. This lab serves multiple functions, such as education, research, and simulation.
The Embry-Riddle Aeronautical University SSIA Cybersecurity Virtualization Project focuses on a demonstration of capability (DOC) with several potential long-‐term goals. The initial DOC activity will support cybersecurity courses within the SSIA Department by providing students access to multiple virtual machines, each with a different operating system, that can be accessed from anywhere on the Internet in support of face-‐to-‐face or online course lab work.
Future activities under consideration for the Project include Training, Academic Coursework and Labs, Research, and Public-Private Partnerships.
One of the next logical steps is the use of virtualization as an enabler for training. Offering a training course or workshop — from a duration of several hours to several days — is easily done by various forms of distance learning, from instructor led to self-paced as well as onsite activities at Embry-Riddle or other venues. Having virtual machines available to students on a 24/7 basis allows them to access hands-‐on exercises without the necessity of downloading and installing software on their own systems (and avoids the unavoidable multi-‐platform problems inherent in such solutions) or requiring an on-‐site lab. A portable virtual lab prototype has already been developed and tested by Embry-Riddle’s faculty using such technology.
Another application for virtualization is for academic courses and programs. Individual courses can be supported as in training courses, above, although in a more structured form. Entire face-to-face programs can now be brought online using virtualization; e.g., a student or teams of students can be tasked with hardening a computer system or network of systems. This system or network can be built using one or more VMs. The VMs, in turn, can be submitted to the instructor for testing. More advanced utilization of the VMs would be their use in Red Team/Blue Team exercises and competitions.
Virtualization can also support product development as well as academic research. Software developers, for example, could create virtual builds of new software versions where a set of testers can troubleshoot the new VM. Alternatively, users could download or access a VM version of a software product for testing or trial purposes (in anticipation of software purchase). Additionally, such systems can be used in a pretestposttest environment to see how effectively non-experts/consumers would use such products and to see the effectiveness of certain types of training.
All aspects above have obvious applications for many forms of product development, rollout, and training, particularly in the Security As A Service (SecAAS) space.
In cooperation with the Central Florida Cyber Support Center — a non-profit center for cyberforensics services and training for law enforcement and the private sector — virtualization provides several opportunities.
First, a new VM can be created for every new case. Thus, if a local police dept. brings in a computer for examination, a VM environment can be created for that exam and posted to a VM server for an investigator to review the results of the exam.
Second, software exists today for a computer image — i.e., a forensically correct copy of the computer's hard drive — to be loaded into a VM, allowing investigators to see the suspect's computer as if it were a running system.
Third, training in use of various computer forensics tools can be provided via VMs.
Glenn Dardick, Ph.D., CCE (ISFCE), CCFP (ISC2)
Security Studies & International Affairs Department
Embry-Riddle Aeronautical University
600 South Clyde Morris Blvd.
Daytona Beach, FL 32114
Phone: 386-226-6100 or 800-862-2416