EDU: Collaborative: Using Virtual Machine Introspection for Deep Cyber Security Education

EDU：协作：使用虚拟机自省进行深度网络安全教育

• 批准号: 1844136
• 负责人: Irfan Ahmed
• 金额: $ 13.98万
• 依托单位: Virginia Commonwealth University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-06-15 至 2020-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1844136&HistoricalAwards=false
• 关键词: EDU; Collaborative; Using; Virtual; Machine

Cybersecurity is one of the most strategically important areas in computer science, and also one of the most difficult disciplines to teach effectively. Historically, hands-on cyber security exercises helped students reinforce basic concepts, but most of them focused on user level attacks and defenses. Since OS kernels provide the foundations to the applications, any compromise to OS kernels will lead to an entirely untrusted computing. Therefore, it is imperative to teach students the practice of kernel level attacks and defenses.Over the past decade, there has been great interest in using virtualization to profile, characterize, and observe kernel events including the security incidents. Inspired by the great success from virtual machine introspection (VMI), this project aims to provide an advancement by directly building practical VMI tools and libraries (or toolkit) on top of virtualization, and applying them for deep cybersecurity education. The deepness comes from the study of the lower level system internals such as OS kernels. The project will further provide a number of seed contents to teach both instructors and students on utilizing the toolkit to be used for studying not only traditional user level attacks such as buffer overflow, but also defenses inside the OS kernels. The outcome of this project (i.e., the toolkit and the cybersecurity exercises) will contribute to the health, safety, and economic well-being of our society by helping to improve the state-of-the-art in cybersecurity education, especially for effectively performing hands-on cybersecurity exercises.

网络安全是计算机科学上最重要的领域之一，也是有效教授的最困难学科之一。从历史上看，动手的网络安全练习有助于学生加强基本概念，但大多数专注于用户级别的攻击和防御。由于OS内核为应用程序提供了基础，因此对OS内核的任何妥协都将导致完全不受信任的计算。因此，必须向学生传授内核级攻击和防御的实践。在过去的十年中，人们对使用虚拟化来概述，表征和观察包括安全事件在内的内核事件一直引起人们的兴趣。受虚拟机内省（VMI）的巨大成功的启发，该项目旨在通过直接在虚拟化上直接构建实用的VMI工具和库（或工具包）来提供进步，并将其应用于深层网络安全教育。深度来自对较低级别系统内部组件（例如OS内核）的研究。该项目将进一步提供许多种子内容，以教导讲师和学生利用该工具包，不仅用于研究传统的用户级攻击，例如缓冲区溢出，而且还可以在OS内核中进行防御。该项目的结果（即工具包和网络安全练习）将通过帮助改善网络安全教育的最新技术，尤其是有效地进行网络安全练习，从而为我们社会的健康，安全和经济福祉做出贡献。