Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dynamic Cyber Training with Moodle

Published byHenry Mosley Modified over 6 years ago

Similar presentations

Presentation on theme: "Dynamic Cyber Training with Moodle"— Presentation transcript:

1 Dynamic Cyber Training with Moodle
Adam Welle Dynamic Cyber Training with Moodle Moodle's open source and highly configurable platform has enabled us to create training for cyber operators with high levels of fidelity and realism. In this presentation we'll review the unique requirements for training students in cyber security. Additionally, we'll cover the customizations we've made to Moodle plugins that allow for dynamic hands-on training in virtual environments, and finally our incorporation of automated assessment. Who is the cyber workforce? What are challenges in training cyber? Three types of training: individual, small unit, and multi-team training What tools do we use at each level? What is a cyber exercise?

2 Copyright 2018 Carnegie Mellon University. All Rights Reserved.
This material is based upon work funded and supported by the Department of Defense under Contract No. FA D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation. References herein to any specific commercial product, process, or service by trade name, trade mark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Carnegie Mellon University or its Software Engineering Institute. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. [DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. This material was prepared for the exclusive use of MoodleMoot US 2018 Conference and may not be used for any other purpose without the written consent of Carnegie Mellon® is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. DM This material is based upon work funded and supported by the Department of Defense under Contract with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense.

3 Federally Funded Research and Development Center (FFRDC)
Who are we? Federally Funded Research and Development Center (FFRDC)

4 Training the cyber workforce
College and university courses Vender training On the job training Self paced online training courses

5 Individual Training We have our own LMS, STEPfwd
provides recorded lectures slide presentations quizzes dynamically deployed virtual machine lab environment

6 Team Training Large, persistent lab environment
Multiple teams work with or against each other to achieve their objectives Can scale to hundreds of participants, dozens of ESXi servers, 1000s of virtual machines

7 What is a Cyber Exercise?
White Cell Blue – friendly forces Red – opposing forces White – runs the exercise Green – runs the range Black – runs the infrastructure Uses cyber ranges – virtualization and hardware in the loop Attack and defend Blue Cell RED Cell Green Cell Black Cell

8 Cyber Training Challenges
Realism Ensuring that virtualized systems are realistic representations of real world systems we try to develop new technologies, like wireless simulation, to bridge those gaps Creating realistic network traffic simulations so that blue team has more difficulty in finding red team our latest user simulation tool is called ghosts

9 Cyber Training Challenges
Assessment Tracking and assessing the performance of the team members command line tools gui tools programming knowledge differentiation of user skill

10 Why we wanted to Use MOODLE
Robust quiz engine Moodle solves many of our challenges by providing a robust quiz engine great metrics – score history for tracking performance over time regex questions are my favorite! feedback mechanisms both to student and to course designer xapi

11 Why we wanted to Use MOODLE
Interactive videos with H5P H5P makes for more training with better user engagement xapi We are transiting some training courses to moodle and are converting old videos to H5P interactive videos

12 Why we wanted to Use MOODLE
Virtual Programming Labs Cyber operators require programming knowledge VPL makes is possible to grade programming assignments

13 Virtual Programming Labs
We modify the VPL activity to execute the student’s scripts and programs on the actual virtual machines inside of their lab rather than in a jail The first image shows the VPL activity where we have students enter their code The second image shows the networking used to execute the VPL grading scripts on VMs inside the student’s lab

14 Why we wanted to Use MOODLE
xAPI and Metrics Great metrics Student history Real time logging of student performance Data collection via an LRS How long did it take a student to accomplish a task? What was the exact command required to accomplish the task?

15 xApi & the LRS MELLK STACK Actor - verb - object Experience API
User – Action – Activity Using xapi from moodle, h5p, and custom command line logging to derive information about student performance MELLK STACK Actor - verb - object

16 MELLK Stack Conglomeration of technologies Moodle ElasticSearch
LogsSash Learning Locker Kibana

17 Why we wanted to Use MOODLE
Plugins OAUTH It is incredibly easy to create plugins to expand its functionality… as we will now show on the next few slides OAUTH allows us to integrate with other solutions we are building for next generation cyber range technologies

18 Plugins We Have Created
Boost theme Course import We created two plugins so far: a boost theme to match our organization new color theme for other applications an import plugin that allows us to transfer content from old custom LMS into moodle

19 Future Moodle Work Integrate with new technology to:
Deploy VMs from Moodle Create a new activity Use OAUTH to communicate with integrated range deployment tool

20 Future Moodle Work Integrate with new technology to:
View VM console inside Moodle Embed the virtual machine HTML5 console in a an iframe in the moodle activity

21 Future Moodle Work Integrate with new technology to:
Receive real-time performance metrics from VMs in a lab Automatically grade and advance student’s task Then, receive metrics like xapi from the virtual machine and have the moodle activity automatically score and advance task

22 Thank you!

Download ppt "Dynamic Cyber Training with Moodle"

Similar presentations

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.
© 2013 Carnegie Mellon University UFO: From Underapproximations to Overapproximations and Back! Arie Gurfinkel (SEI/CMU) with Aws Albarghouthi and Marsha.

© 2013 Carnegie Mellon University UFO: From Underapproximations to Overapproximations and Back! Arie Gurfinkel (SEI/CMU) with Aws Albarghouthi and Marsha.
Interactive Classroom Goals Overview of the User Experience Demo Applying Lessons from Classroom Presenter Discussion.

Interactive Classroom Goals Overview of the User Experience Demo Applying Lessons from Classroom Presenter Discussion.
© 2014 Microsoft Corporation. All rights reserved.

© 2014 Microsoft Corporation. All rights reserved.
© 2011 Carnegie Mellon University System of Systems V&V John B. Goodenough October 19, 2011.

© 2011 Carnegie Mellon University System of Systems V&V John B. Goodenough October 19, 2011.
© 2013 Carnegie Mellon University Academy for Software Engineering Education and Training, 2013 Session Architect: Tony Cowling Session Chair: Nancy Mead.

© 2013 Carnegie Mellon University Academy for Software Engineering Education and Training, 2013 Session Architect: Tony Cowling Session Chair: Nancy Mead.
© 2007-2011 Carnegie Mellon University The CERT Insider Threat Center.

© Carnegie Mellon University The CERT Insider Threat Center.
1 Jon Sudduth Project Engineer, Intelligent Grid Deployment SWEDE April 26, 2011.

1 Jon Sudduth Project Engineer, Intelligent Grid Deployment SWEDE April 26, 2011.
Almost 4 decades of Advanced Analytics & DM expertise.

Almost 4 decades of Advanced Analytics & DM expertise.
Benefits of a SUSE ® Subscription Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/Email (14pt)

Benefits of a SUSE ® Subscription Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Conditions and Terms of Use

Conditions and Terms of Use
April 30, 2007 openSUSE.org Build Service a short introduction Moiz Kohari VP Engineering.

April 30, 2007 openSUSE.org Build Service a short introduction Moiz Kohari VP Engineering.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Author Software Engineering Institute

Author Software Engineering Institute
Oracle Fusion Applications 11gR1 (11.1.1.5.0) Functional Overview (L2) Manage Inbound Logistics (L3) Manage and Disposition Inventory Returns.

Oracle Fusion Applications 11gR1 ( ) Functional Overview (L2) Manage Inbound Logistics (L3) Manage and Disposition Inventory Returns.
Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/E-mail (14pt)

Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
1 CERT BFF: From Start To PoC June 09, 2016 © 2016 Carnegie Mellon University This material has been approved for public release and unlimited distribution.

1 CERT BFF: From Start To PoC June 09, 2016 © 2016 Carnegie Mellon University This material has been approved for public release and unlimited distribution.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Oracle Proprietary and Confidential. 1.

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Oracle Proprietary and Confidential. 1.
IDC Says, Don't Move To The Cloud Richard Whitehead Director, Intelligent Workload Management August, 2010 Ben Goodman Principal.

IDC Says, "Don't Move To The Cloud" Richard Whitehead Director, Intelligent Workload Management August, 2010 Ben Goodman Principal.
Use this title slide only with an image SAP LoadRunner by HP Speaker’s Name/Department (delete if not needed) Month 00, 2015 Public.

Use this title slide only with an image SAP LoadRunner by HP Speaker’s Name/Department (delete if not needed) Month 00, 2015 Public.

Similar presentations

Ads by Google