Mémoire
| Résumé : | The increasing reliance on digital technologies has significantly expanded the threat landscape, underscoring the necessity of robust cybersecurity education to equip specialists with the required knowledge and skills to defend against cyber threats. Cyber-ranges provide a controlled and simulated training environment where students and professionals can thoroughly test and enhance their skills through practical applications and real-world scenarios.However, the literature highlights several limitations, such as the short lifespan of scenarios designed for brief sessions, which leads to the frequent reuse of a limited set of scenarios.Additionally, scenarios are often only truly beneficial for a single use, as the detailed write-ups available afterward make subsequent uses less effective. Another significant challenge is adapting scenarios to match the diverse skill levels of students, as existing setups do not optimally cater to individual needs. This master thesis introduces Janus, an adaptive cyber-range tailored to user skill requirements, using an infrastructure built with Infrastructure as Code (IaC) and Configuration as Code (CaC) tools, and composed entirely of Free and Open Source Software (FOSS) web services.This cyber-range is developed based on the ideas and concepts derived from four state of the art cyber-ranges, with the addition of an adaptability feature.This adaptability is achieved through dynamic scenario generation, leveraging a set of predefined scenarios and automatically customizing them by selecting the most appropriate vulnerabilities based on user requirements. The design of the cyber-range follows a structured flow, which includes a preliminary setup stage and four essential steps: (1) generation of databases, (2) creation of a tailored scenario, (3) modifications to the infrastructure for scenario integration and (4) post-exercise reversion.Additionally, this thesis proposes a paradigm shift in scenario creation by prioritizing the development of a vulnerability database prior to scenario generation.Its modular design ensures flexibility, facilitating the integration of new vulnerabilities to remain current with emerging threats.Furthermore, Janus incorporates multiple-step exploit scenarios, aiming to maximize realism and the effectiveness of the training exercises.Finally, qualitative and quantitative comparisons with the cyber-ranges that inspired our design are provided, as well as an analysis of our position within the state of the art, based on several relevant attributes of Janus. |
