Education DCL: EAGER: Building a Capture-The-Flag Platform for 5G Network Security

教育 DCL：EAGER：构建 5G 网络安全的夺旗平台

• 批准号: 2335369
• 负责人: Guanhua Yan
• 金额: $ 30万
• 依托单位: SUNY at Binghamton
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2335369&HistoricalAwards=false
• 关键词: Education; DCL; EAGER; Building; Capture

Capture The Flag (CTF) events are one of the most popular venues to train next-generation cybersecurity workforce. By participating in CTF competitions, participants can gain valuable hands-on cyber-attack and/or defense experiences, which are hard to obtain from in-class courses. Previous CTF events have covered many themes, such as automobiles and voting machines, and were quite successful in engaging participants and motivating them to pursue career in cyber security. While 5G networks are gradually rolled out globally, their security has become a great concern, making it also an excellent topic for new CTF contests. The project’s novelties are integration of 5G networks into CTF competitions with the goal to enhance and transform the existing cybersecurity education and workforce development activities. The project's broader significance and importance are that it will offer a new venue to train future cybersecurity workforce with cyber offense and/or defense hands-on skills and help them gain a first experience with 5G networks. The project aims to develop an open cloud-based platform called CTF5G, which can automatically create CTF game instances focusing on 5G network security. It tackles the technical challenges involved in building CTF5G, including how to enable a quick setup of CTF contests (agility), how to control the vulnerabilities implanted within 5G networks for different types of CTF contests (controllability), how to make CTF contests fair to all participants (accountability), and how to scale up the number of users on a public cloud (scalability). The project includes four stages. The first stage leverages containerized 5G network modules to automate workflow for CTF contests. The second stage implants different types of vulnerabilities into vanilla 5G network modules to compose exploitable 5G networks. The third stage explores techniques to track players' activities within the platform and catch foul plays early in CTF contests. The final stage applies techniques such as system debloating and module sharing to scale up the number of users served when CTF5G is deployed on a public cloud. As an open cloud based CTF platform, CTF5G will enhance the diversity of individuals who have access to educational opportunities in cybersecurity and 5G technologies, including those from underrepresented groups.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

捕获国旗（CTF）事件是培训下一代网络安全劳动力的最受欢迎的场所之一。通过参加CTF比赛，参与者可以获得宝贵的动手网络攻击和/或国防经验，这些经验很难从课堂课程中获得。以前的CTF活动涵盖了许多主题，例如汽车和投票机，并且在吸引参与者并激励他们追求网络安全方面非常成功。尽管5G网络逐渐在全球范围内推出，但其安全性已成为一个非常关注的问题，也是新的CTF比赛的一个很好的话题。该项目的新颖性是将5G网络集成到CTF竞赛中，以增强和改变现有的网络安全教育和劳动力发展活动。该项目的重要性和重要性是，它将提供一个新的场所，以网络进攻和/或国防动手技能来培训未来的网络安全劳动力，并帮助他们获得5G网络的首次体验。该项目旨在开发一个名为CTF5G的开放云平台，该平台可以自动创建针对5G网络安全性的CTF游戏实例。它解决了建立CTF5G所涉及的技术挑战，包括如何启用快速设置CTF竞赛（敏捷性），如何控制植入5G网络中的漏洞（用于不同类型的CTF竞赛（可控性）），如何组成CTF竞赛对所有参与者（责任）（责任）（责任）（责任）（责任）以及如何扩大公共用户的范围（scapuly clubsibality）。该项目包括四个阶段。第一阶段利用容器的5G网络模块可以自动化CTF比赛的工作流程。第二阶段将不同类型的漏洞置于香草5G网络模块中，以组成可剥削的5G网络。第三阶段探讨了在平台内跟踪玩家活动的技术，并在CTF比赛初期遇到犯规比赛。最后阶段应用技术，例如系统去覆盖和模块共享，以扩大将CTF5G部署在公共云上时提供的用户数量。作为一个基于开放的云的CTF平台，CTF5G将增强有能力获得网络安全和5G技术教育机会的个人的多样性，包括来自代表性不足的组的个人。这项奖项反映了NSF的法定任务，并通过使用该基金会的知识分子功能和广泛的影响来评估NSF的法定任务，并被认为是诚实的支持。