Experiences with Honey-Patching in Active Cyber Security Education
نویسندگان
چکیده
Modern cyber security educational programs that emphasize technical skills often omit or struggle to effectively teach the increasingly important science of cyber deception. A strategy for effectively communicating deceptive technical skills by leveraging the new paradigm of honeypatching is discussed and evaluated. Honey-patches mislead attackers into believing that failed attacks against software systems were successful. This facilitates a new form of penetration testing and capture-the-flag style exercise in which students must uncover and outwit the deception in order to successfully bypass the defense. Experiences creating and running the first educational lab to employ this new technique are discussed, and educational outcomes are examined.
منابع مشابه
Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception
An enhanced dynamic taint-tracking semantics is presented and implemented, facilitating fast and precise runtime secret redaction from legacy processes, such as those compiled from C/C++. The enhanced semantics reduce the annotation burden imposed upon developers seeking to add secret-redaction capabilities to legacy code, while curtailing over-tainting and label creep. An implementation for LL...
متن کاملExperiences with Practice-Focused Undergraduate Security Education
The combination of competitive security exercises and hands-on learning represents a powerful approach for teaching information system security. Although creating and maintaining such a course can be difficult, the benefits to learning are worthwhile. Our undergraduate Information Assurance course is practice-focused and makes substantial use of competitive exercises, such as the National Secur...
متن کاملCyber Security Education, Qualifications and Training
The rise in significance of cyber security has led to an increase in the range of interesting career paths that can be followed in this area. Inevitably there has also been an explosion in the diversity of available cyber security education, qualifications and training, most of which is targeted at those seeking to engage with this promising job market. In this article, some guidelines are prov...
متن کاملFour-Week Summer Program in Cyber Security for High School Students: Practice and Experience Report
Cyber security education and outreach is a national priority. It is critical to encourage high school students to pursue studies in cyber security and related fields. High school outreach is a fundamental component of a cohesive cyber security education program. Most high school outreach programs in cyber security focus on short-term events such as a capture the flag contest or the CyberPatriot...
متن کاملBringing Security Proactively Into the Enterprise
Prevailing network architectures are designed for openness, collaboration, and sharing. The majority of viruses and worms use the network to spread rapidly through the enterprise network, enabling these cyber threats to reach their targets effortlessly. The most common solution available today for cyber security is hardening of systems via “patching” or keeping the operating systems, applicatio...
متن کامل