Saturday, August 29, 2020

Virtual Scenario Definition Language (VSDL)

 I have been thinking more on how all the different teams can be rolled up into automated Capture the Flag (CTF) events.  A scenario language that defines infrastructure and platform, such as deployments in Openstack (OSP) and Openshift (OCP), in addition to specific scenarios to be run.  

I found this paper from Cornell to be a great starting point.    Automating the Generation of Cyber Range Virtual Scenarios with VSDL by Gabriele Costa, Enrico Russo, Alessandro Armando

A cyber range is an environment used for training security experts and testing attack and defence tools and procedures. Usually, a cyber range simulates one or more critical infrastructures that attacking (red) and defending (blue) teams must compromise and protect, respectively. The infrastructure can be physically assembled, but much more convenient is to rely on the Infrastructure as a Service (IaaS) paradigm. Although some modern technologies support the IaaS, the design and deployment of scenarios of interest is mostly a manual operation. As a consequence, it is a common practice to have a cyber range hosting few (sometimes only one), consolidated scenarios. However, reusing the same scenario may significantly reduce the effectiveness of the training and testing sessions. In this paper, we propose a framework for automating the definition and deployment of arbitrarily complex cyber range scenarios. The framework relies on the virtual scenario description language (VSDL), i.e., a domain-specific language for defining high-level features of the desired infrastructure while hiding low-level details. The semantics of VSDL is given in terms of constraints that must be satisfied by the virtual infrastructure. These constraints are then submitted to an SMT solver for checking the satisfiability of the specification. If satisfiable, the specification gives rise to a model that is automatically converted to a set of deployment scripts to be submitted to the IaaS provider.