Yanyan Li, a fifth-year doctoral student at the University of Arkansas at Little Rock, recently co-developed an easy-to-use cybersecurity education tool designed to leverage cloud resources for instructors and provide an exceptional user lab experience for students.
For nearly a year, Li worked alongside Dung Nguyen, a graduate student at UA Little Rock, and under the supervision of his adviser, Dr. Mengjun Xie, to compose “EZSetup: A Novel Tool for Cybersecurity Practices Utilizing Cloud Resources.” After finalizing the piece, Li was granted the opportunity to present the paper during the 18th annual Conference on Information Technology Education in Rochester, New York.
Throughout the piece, which is now among the top 10 most downloaded articles from the conference, Li discussed innovations in the cybersecurity field that he believed could be improved, and in turn, introduced a self-generated solution.
“Currently, cybersecurity education relies heavily on hands-on security practices, as this method has been shown effective in strengthening students’ understanding of security knowledge,” Li said. “To reduce students’ workloads and meanwhile provide a more focused lab experience, many platforms and tools have been developed; however, they either have a complex deployment process, or are not scalable.”
According to Li, the newly popular virtual machine-based approach was among those platforms created to provide a solution. Although these tools and systems reduce the cost of environment setup and scenario creation, they don’t support a large number of students and lack strong, user-friendly support for customization. Throughout his research, Li also noted that these cloud computing systems add another dimension to cybersecurity practices, but most are built using a specific cloud technology and fail to expose an interface to their users for customization.
The birth of EZSetup
To address these issues, Li developed EZSetup, which serves as a system that supports easy, automatic, scalable and customizable deployments of networks and network security labs.
“EZSetup is distinct from other cloud-based solutions because it does not rely on a particular type of cloud platform or technology,” Li wrote. “It is able to interact with multiple clouds while simultaneously representing virtual environments for cybersecurity practice.”
Li’s virtual platform can also support a large number of users and allow them to create customizable lab scenarios. EZSetup provides a drag-and-drop building canvas along with personalized options for configuring virtual machine situations.
To test the performance of EZSetup, Li recruited nine volunteers to use the system to create a security lab as lab managers and complete a lab exercise as lab users.
“The experimental results were quite positive and indicated that EZSetup could be applicable to other computer science and engineering subjects,” Li stated.
Li also utilized EZSetup in a computer forensics course he taught this semester. He instructed his students to complete a Linux Forensics lab using the system, in which they were to launch a real intrusion from an attacker machine to a victim machine, followed by a forensic analysis on the compromised device.
“As I gain more knowledge in the security world, I believe myself and other professionals need to train students and employees and help them practice in this field so they can better prepare for cyber attacks,” Li said.