Scalable and Lightweight CTF Infrastructures Using Application Containers

Similar documents
Learning Cyber Security Through Gamification

AGENTLESS ARCHITECTURE

AUTOMATION ACROSS THE ENTERPRISE

Infoblox and Ansible Integration

Ansible at Scale. David Melamed Senior Research Engineer, CTO Office, CloudLock

Utilizing Capture-The-Flag (CTF) Competitions In The Classroom

Managing Security of Virtual Machine Images in

CAMEO: Continuous Analytics for Massively Multiplayer Online Games

Ansible Tower Quick Setup Guide

Building the Server Software for Eliminate

BIO Helmet EEL 4914 Senior Design I Group # 3 Frank Alexin Nicholas Dijkhoffz Adam Hollifield Mark Le

Ansible Tower Quick Setup Guide

Managing Microservices using Terraform, Docker, and the Cloud

Zero Touch Provisioning of NIOS on Openstack using Ansible

Case Study. Nikon by Kanban. "Varnish API & Web Acceleration, it s lightning fast, and flexible"

ANSIBLE AUTOMATION AT TJX

Ansible in Depth WHITEPAPER. ansible.com

GeoServer Clustering Revisited

Hands on New Tech Fast and FREE with DevNet Sandbox

Server Operational Cost Optimization for Cloud Computing Service Providers over

Computer Systems Research: Past and Future

An IoT Based Real-Time Environmental Monitoring System Using Arduino and Cloud Service

MARCO MALAVOLTI

Superior Radar Imagery, Target Detection and Tracking SIGMA S6 RADAR PROCESSOR

MSc(CompSc) List of courses offered in

Managing Microservices Using Terraform, Docker, and the Cloud

ARTIFICIAL INTELLIGENCE AND BROADBAND DIVIDE

ANSIBLE TOWER OVERVIEW AND ROADMAP. Bill Nottingham Senior Principal Product Manager

Establishment of a Multiplexed Thredds Installation and a Ramadda Collaboration Environment for Community Access to Climate Change Data

NEW vsphere Replication Enhancements & Best Practices

INTRODUCTION CONTENTS BEGINNER S GUIDE: CONTROL WITH RED HAT ANSIBLE TOWER

Cisco IP Interoperability and Collaboration System: Release 4.5

Trunking Information Control Console

WiMAX Basestation: Software Reuse Using a Resource Pool. Arnon Friedmann SW Product Manager

Webserver deployment on. Amazon Web Services using IAC tool Terraform

Modeling & Simulation Capability for Consequence Management

Cutting-edge image quality

AirMagnet Spectrum XT

Case Study. British Library 19th Century Book Digitisation Project

Ansible - Automation for Everyone!

Overseer: A Multi Robot Monitoring Infrastructure

Make Your Local Government A Lean, Green, Constituent-Centric Machine

Distributed Virtual Environments!

Ansible + Hadoop. Deploying Hortonworks Data Platform with Ansible. Michael Young Solutions Engineer February 23, 2017

J, K, L. Each command, 31. Fully qualified domain name (FQDN), 116

INTERFACING WITH INTERRUPTS AND SYNCHRONIZATION TECHNIQUES

ZODIAC DATA SYSTEMS. Satellite Interference Reduction Group (IRG) November 2012 Dubai UAE.

Applying Modern Reinforcement Learning to Play Video Games. Computer Science & Engineering Leung Man Ho Supervisor: Prof. LYU Rung Tsong Michael

PYBOSSA Technology. What is PYBOSSA?

Rapid Deployment of Bare-Metal and In-Container HPC Clusters Using OpenHPC playbooks

Line 6 GearBox Version 2.0 Release Notes

Cisco IPICS Dispatch Console

Table of Contents HOL ADV

model 802C HF Wideband Direction Finding System 802C

Parallelism Across the Curriculum

NCR Channelizer Server

From Boot-to-Root A Method for Successful Security Training

Microservices: Patterns And Applications: Designing Fine-grained Services By Applying Patterns PDF

TACKLING BIG-IP BLUE-GREEN DEPLOYMENTS IN PRIVATE CLOUD USING F5 & VMWARE ANSIBLE MODULES

OPEN SOURCING ANSIBLE

Technical Notes LAND MAPPING APPLICATIONS. Leading the way with increased reliability.

Distributed Systems Group

Application-Managed Flash Sungjin Lee, Ming Liu, Sangwoo Jun, Shuotao Xu, Jihong Kim and Arvind

Project Example: wissen.de

Bellairs Games Workshop. Massively Multiplayer Games

Challenges in Transition

Beam Control: Timing, Protection, Database and Application Software

Technical Notes FOR MARINE MAPPING APPLICATIONS. Leading the way with increased reliability.

A virtual On Board Control Unit for system tests

AirMax DUO Lite a/b/g Dual Radio Base Station. Hi-Power Dual Band. Dual. Mode. WISP Network. 5GHz IP-65. Radio2

This one-semester elective course is intended as a practical, hands-on guide to help you understand the process of game development.

Hybrid QR Factorization Algorithm for High Performance Computing Architectures. Peter Vouras Naval Research Laboratory Radar Division

Oculus Rift Getting Started Guide

Hardware Implementation of an Explorer Bot Using XBEE & GSM Technology

mastering ansible A622DFD780311BCF8921DE033F8C7977 Mastering Ansible 1 / 6

Deploying large-scale service compositions on the cloud with the CHOReOS Enactment Engine

Ansible Tower on the AWS Cloud

Setting up Craft with Vagrant

Softing TDX ODX- and OTX-Based Diagnostic System Framework

Scalable geospatial 3D client applications in X3D - Interactive, online and in real-time

COMPASS: Future trends and developments

Get Automating with Infoblox DDI IPAM and Ansible

Evolution of Software-Only-Simulation at NASA IV&V

Retina 400 THE SIMPLE AND FLEXIBLE SOLUTION FOR HIGH DEFINITION RETINAL IMAGERY NON-MYDRIATIC RETINAL CAMERA C/D AUTO 60 H X 45 V LED. 2,2 mm.

720 VHF/UHF 80 to 500 MHz Maritime and Coastal Surveillance

Programming and Optimization with Intel Xeon Phi Coprocessors. Colfax Developer Training One-day Labs CDT 102

Getting Started with Ansible - Introduction

An FPGA-Based Back End for Real Time, Multi-Beam Transient Searches Over a Wide Dispersion Measure Range

MULTI CLOUD AS CODE WITH ANSIBLE & TOWER

Globulation 2. Free software RTS game with a new take on micro-management

GSMem. Data Exfiltration from Air-Gapped Computers over GSM Frequencies

Huawei ilab Superior Experience. Research Report on Pokémon Go's Requirements for Mobile Bearer Networks. Released by Huawei ilab

Extending On-Premises Network-Attached Storage to Google Cloud Storage with Komprise

AUTOMATING THE ENTERPRISE WITH ANSIBLE. Dustin Boyd Solutions Architect September 12, 2017

Distributed Gaming using XML. Student: Padmini Paladugu Advisor: Dr. Christopher Pollett Committee: Dr. Agustin Araya Dr.

Haptic Rendering of Large-Scale VEs

Ansible Tower Quick Install

Services Overview. Northeast Blueprint

Enhancing Secrets Management in Ansible with CyberArk Application Identity Manager

Software Requirements Specification

Transcription:

Scalable and Lightweight CTF Infrastructures Using Application Containers Arvind S Raj, Bithin Alangot, Seshagiri Prabhu and Krishnashree Achuthan Amrita Center for Cybersecurity Systems and Networks Amrita Vishwa Vidyapeetham, Kerala, India 2016 USENIX Advances in Security Education Workshop 1/38

Introduction CTFs - an effective means to teach secure coding and computer security. Two popular formats: Jeopardy and Attack-defence. Jeopardy: Self-paced, offence only, non-interactive and more popular. Attack-defence: Real-time, offence and defence, interactive but less popular. 2/38

CTF event counts 3/38

Participation trends 4/38

Format challenges Both organizers and participants face challenges. Organizers: Complex infrastructure engineering and high resource requirements. Participants: Complex gameplay, infrastructure setup and IT policies. 5/38

Problem Can we build less resource intensive and easily scalable contest infrastructures? 6/38

Solution Replace virtual machines with application containers. Significant reduction in resource usage and engineering required. Eliminates several difficult to setup components. Improves gameplay experience for participants. 7/38

Outline of presentation 1 Challenges in existing attack-defence CTF game format and infrastructures 2 Overview of Docker and associated technologies 3 Container-based attack-defence CTF game infrastructure 4 Performance evaluation 5 Future work 6 Conclusion 8/38

Outline 1 Challenges in existing attack-defence CTF game format and infrastructures 2 Overview of Docker and associated technologies 3 Container-based attack-defence CTF game infrastructure 4 Performance evaluation 5 Future work 6 Conclusion 9/38

Challenges 2 sources: gameplay and game infrastructure. Gameplay affects participants: requires doing too many tasks. Distracts them from primary objective. Infrastructure affects organizers and participants. 2 infrastructure types: distributed and centralized. 10/38

Distributed infrastructure 11/38

Challenges Organizers Infrastructure needs lot of resources, engineering and monitoring. eg: rwthctf 2012 s VPN server: 16GB RAM, 8 core i7 processor and 8 OpenVPN daemon processes. Participants Difficult to obtain hardware such as computers and network switches/routers. University IT policies prevent connecting to UDP based VPNs. 12/38

Centralized infrastructure 13/38

Challenges Organizers Exponential increase in computing resources required. Setting up exploit sandboxes, installing libraries and executing exploits. Participants Network latency when accessing services. Recreating services locally for analysis and testing is not straightforward. Locked in to a standard exploit environment. 14/38

Outline 1 Challenges in existing attack-defence CTF game format and infrastructures 2 Overview of Docker and associated technologies 3 Container-based attack-defence CTF game infrastructure 4 Performance evaluation 5 Future work 6 Conclusion 15/38

Docker vs Virtual machines Figure : Virtual Machines Figure : Docker containers Images courtesy www.docker.com 16/38

Why Docker? Built-in container image reuse and extend capabilities. Remote API and programming language bindings aid in automation. Easy to share and distribute container images. Third party tools for container and image management. 17/38

Distribution and PORTUS Docker Inc s Distribution: Tool to manage container images - similar to a Git server. SUSE s PORTUS: Role-based access control of Distribution s images. Allows creating namespaces for teams and assigning different access levels to them. Alternatives: GitLab, Dockerhub, Amazon EC2 container service, Google Container Registry and more. 18/38

Outline 1 Challenges in existing attack-defence CTF game format and infrastructures 2 Overview of Docker and associated technologies 3 Container-based attack-defence CTF game infrastructure 4 Performance evaluation 5 Future work 6 Conclusion 19/38

Components Container registry: Git server like service for container images. Container hosts: Servers which run all the containers. Service related containers: Docker containers which either run a service or an exploit for a service. Flag volume: Docker volumes for persistent storage of flags. Modified versions of components of the ictf centralized framework. 20/38

System design 21/38

Gameplay Organizers Configure a CTF contest as desired. Build the service container images. Configure the container registry and upload service container images to it. Setup the game database and configure all game scripts. Optionally distribute encrypted copies of service container images to all teams. 22/38

Gameplay (cont.) Participants Import the service container images from registry or organizer distributed copies. Analyze services for vulnerabilities, fix them and commit and upload changes to container registry. Create exploit containers for discovered vulnerabilities in accordance with the requirements, test them locally and upload them. 23/38

Game round overview A game consists of several rounds with following phases Synchronize: All updated container images are synchronized with their live containers or images. Store flags: Flags are stored in all services of all teams and services status is updated. Run exploits: All exploit containers are run against all services of all teams except exploit author. Retrieve flags: Flags stored earlier are retrieved, service status is updated and points are deducted if not retrieved successfully. 24/38

Benefits for organizers Lightweight game infrastructure. No need for engineering and monitoring VPN network. No need for configuring exploit environments. Tools like Docker swarm and Docker cloud further ease managing infrastructure. 25/38

Benefits for participants No additional hardware, dealing with IT policies or setting up VPN. No dealing with network latency: setup services locally. Infrastructure maintains service backups, simplifying gameplay. Fully customizable exploit environments. 26/38

Outline 1 Challenges in existing attack-defence CTF game format and infrastructures 2 Overview of Docker and associated technologies 3 Container-based attack-defence CTF game infrastructure 4 Performance evaluation 5 Future work 6 Conclusion 27/38

Experiments performed Two kinds of experiments 3 services, 5 to 40 teams. 30 teams, 1 to 8 services. Measure CPU utilization and memory usage for a 10 minute game round. Worst case: All teams write exploits for all services. Compare with estimated usage in VM based infrastructure. 28/38

Estimating VM resource usage Simulating requires high amounts of resources. Estimate based on requirements for InCTF s attack-defence round. 1GB RAM for 3 services found sufficient in past 5 editions. 200MB RAM per service and rest for the OS. 29/38

Observations Container server: 16GB RAM and 8 core Intel Core i5 2600 processor. Highest memory usage: 3.4GB and 4.4GB. Exploits included. Estimated usage for VMs: 40GB and 60GB. Exploits not included. Highest CPU usage observed 13% and 20%. Can easily handle loads comparable to most attack-defence CTFs today. 30/38

Outline 1 Challenges in existing attack-defence CTF game format and infrastructures 2 Overview of Docker and associated technologies 3 Container-based attack-defence CTF game infrastructure 4 Performance evaluation 5 Future work 6 Conclusion 31/38

Future work Develop techniques and identify tuning parameters to prevent overloading of Docker daemon with several simultaneous requests. Provide teams access to network traffic captures for reverse engineering exploits. Identify parameters to determine utility of CTF game infrastructures. Perform usability study of container-based infrastructure. 32/38

Outline 1 Challenges in existing attack-defence CTF game format and infrastructures 2 Overview of Docker and associated technologies 3 Container-based attack-defence CTF game infrastructure 4 Performance evaluation 5 Future work 6 Conclusion 33/38

Conclusion Existing attack-defence CTF game infrastructures are complex to setup and require several computing resources. Using application containers instead of virtual machines reduces resource requirement and engineering effort needed. Additional tools can improve gameplay experience for participants and further simplify infrastructure management. https://github.com/inctf/inctf-framework. 34/38

Observations Figure : Average memory usage: 3 services, multiple teams 35/38

Observations(cont.) Figure : Average memory usage: 30 teams, multiple services 36/38

Observations Figure : Average CPU usage: 3 services, multiple teams 37/38

Observations(cont.) Figure : Average CPU usage: 30 teams, multiple services 38/38

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback