Next Article in Journal
Specification, Design and Development of a Pyramidal Learning Platform
Previous Article in Journal
Assisted Behavior Control with Wearable Devices: A Case Study for High-Functioning Autism
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Proceeding Paper

A Cybersecurity Experience with Cloud Virtual-Remote Laboratories †

1
Department of Control and Communication Systems, Computer Science Engineering School, Spanish National University for Distance Education (UNED), 28040 Madrid, Spain
2
Faculty of Law, San Pablo CEU University, 28003 Madrid, Spain
*
Author to whom correspondence should be addressed.
Presented at the 13th International Conference on Ubiquitous Computing and Ambient Intelligence UCAmI 2019, Toledo, Spain, 2–5 December 2019.
Proceedings 2019, 31(1), 3; https://doi.org/10.3390/proceedings2019031003
Published: 15 November 2019

Abstract

:
In recent years, there has been a great increase in the daily use of technology, to the extent that people are almost permanently connected to the Internet. In our particular case, we are interested in maintaining information security, which is known as cybersecurity. Traditional security techniques are obsolete, so it becomes necessary to acquire new practical skills with a problem-based learning methodology. Therefore, this paper presents a new approach based on virtual-remote laboratories for the creation of dynamic cybersecurity scenarios in the Cloud. Additionally, the factors that influence the intentions of the participants in the subject employed for this work have been studied. This information has been gathered by using both the answers obtained from an opinion survey and available information in the activity records of the educative labs.

1. Introduction

Over the past few years, our society has evolved into a digital era. The development of new technologies that offer various types of functionality available to be accessed as Internet services (Anything as a Service, XaaS) [1] has aroused a growing interest due to their potential and versatility. Among the various problems arising from the current digital society in which we live, cybersecurity has become an especially challenging issue. The exponential need of cybersecurity professionals has been growing faster than qualified professionals are trained [2].
In particular, this research work pays attention to the employment and evaluation of a remote virtual laboratory in the cloud, which has been evaluated with a set of students, and integrated in the course design of the “Cibersecurity in Information Systems” (CIS) subject (in Spanish, “Seguridad en los Sistemas de Información”) by using a distance methodology. This subject belongs to the “Computer Science Engineering” Masters degree (MSc) at the Computer Science Engineering School of UNED in Spain. Following the distance methodology, subjects are based on an autonomous study, supported by a set of multimedia resources, assessments, guides, and technology.
The institution must provide students with physical and remote equipment that facilitates the acquisition of the necessary skills for professional training and, also, the evaluation of students’ performance during the distant teaching-learning process. Remote and virtual laboratories currently in use must be analyzed in order to determine their advantages and drawbacks. Likewise, our virtual remote laboratory was incorporated in the work planning of the CIS subject, with its corresponding schedule for the study of theoretical and multimedia material of practical activities.
When integrating these novel technologies, such as virtual remote laboratories in the cloud, into learning/teaching methodologies, a set of functional features (acceptance, attitude, frustration), social needs, and interactions may well arise among the students. Additionally, the intention to use modern technologies can be analyzed with the Unified Theory of Acceptance and Use of Technology (UTAUT) model [3], which incorporates various models of human behavior theory. Researching in the Learning Analytics (LA) [4] direction also makes sense, being a great field of interest.
The rest of this paper is organized as follows. Section 2 presents a summary of previous works on remote and virtual laboratories. After that, Section 3.1 describes the educational context, and presents the deployed virtual-remote laboratory for cybersecurity. The obtained results from the experience with students based on the proposed laboratory are presented in Section 4. Finally, the paper outlines our conclusions and future works in Section 5.

2. State of the Art

A remote laboratory is composed of a set of hardware elements, and one or more applications that use these physical elements. These elements interact with the users of the laboratory in a dynamic way. Recently, low-cost remote laboratories have been developed for renewable energies (wind and solar) [5]. These resources can be seen as a set of services (Laboratory as a Service, LaaS) which allow the flexible configuration of remote laboratories within a virtual course [6]. Regarding this field of study, other examples of remote laboratories for real renewable energies can be found in the literature, such as [7,8]. As previously mentioned, the LaaS approach facilitates the versatile creation of experiments on demand, through the use of laboratory services.
On the other hand, virtual laboratories are also especially interesting for our purposes, since no hardware components are associated to them. Only a computer and an Internet connection are needed for accessing this type of laboratories, from any physical location. An example of a virtual laboratory is AutoES [9], used by students within the field of networks for the automatic evaluation of network services hosted in a virtual server, configured by the students from home.
In this sense, virtualization and cloud computing technologies [10,11,12] present highly beneficial characteristics for the dynamic creation of virtual environments on demand, in a wide variety of research and commercial fields. Laboratory management is also experiencing significant changes with the current migration of remote and/or virtual laboratories to the Cloud Computing [13] and the Internet of Things (IoT) [14] paradigms. New control challenges arise as services such as storage, computing power, network infrastructures and applications are provided measurably through the Internet.

3. The Proposed Remote-Virtual Laboratory

3.1. Educative Context

“Cibersecurity in Information Systems” (CIS) is part of the “Computer Science Engineering” Masters degree (MSc) at the Computer Science Engineering School of UNED. The Masters degree is composed of a set of mandatory and optional subjects, some of them having 6 ECTS credits and others 4 ECTS credits. The subject considered in this work is mandatory, consists of 4 ECTS credits and is studied in the first semester of the first academic year.

3.2. Deployment of the Lab

The purpose of the proposed remote-virtual laboratory is to develop practical activities in the field of Engineering. In our particular case, these activities are carried out in the context of cybersecurity with the next general objectives:
  • Management of security incidents.
  • Design of access policies.
  • Implement the designed access policies.
  • Discover vulnerabilities, and fix them.
The proposed laboratory allows students to interact with network devices (nodes and routers) belonging to an infrastructure previously defined and pre-configured by the teaching team. Students are able to manage the network infrastructure in the same way as if they were working with real components. The remote-virtual laboratory was developed using the Emulated Virtual Environment-Next Generation (EVE-NG) technology [15], as core of the system. Virtualization and cloud computing technologies are merged in this work for dynamically providing students with useful work environments.
To access the virtual-remote laboratory, students have to use the link provided within the learning platform. A particular student account is needed for using the laboratory. In addition to this, a booking scheduler has been developed in order to support the use of the platform by several students (see Figure 1), considering that only one student at a time can access the system with an active role. The student books the desired session or sessions by selecting the time and date on a provided calendar. He/she can also examine the list of pending/finished sessions.
Figure 2 shows a virtual-remote laboratory ready to be used by emulating a set of physical systems. This lab is composed of a network infrastructure as an example. In particular, this lab is designed for auditing the network deployed in the scenario, and the local computer, based on an Ubuntu distribution, as well as for verifying the security of the whole network.

3.3. Practical Activity with the Lab

For the specific purposes of the practical activity, the network structure of the remote-virtual laboratory is presented in Figure 3. Once the student selects one of the nodes, he/she gains access to this system in the cloud.
In this particular activity, the student takes the role of a new security technician of a company, named Disaster Co. The company provides the student with a remote terminal in the cloud, linked to a device belonging to the network infrastructure of the company (see Figure 3). The initial objective will be to analyze the current state of the internal network with the nmap tool (in terms of devices, ports, and services). From the findings made by the student, and the subsequent report, the security policy of the company will be revised to check whether everything is correct, or some vulnerabilities appear. In this case, the student must take the opportune actions.
The main objectives to solve in the practical activity by using the remote-virtual lab are as follows:
  • Find out the number of nodes located in the network infrastructure.
  • Discover the IP addresses of all nodes connected to the company system (machines, devices …).
  • Discover the available ports (open and closed) in each connected node.
  • Find out the Operating System (OS) of each connected node.
  • Report the existing vulnerabilities, if any, in each connected node.

4. Evaluation

Two types of data are to be studied in this work, which are related to the proposed remote-virtual laboratory in the cloud. The first set of data was recorded in the laboratory (and the learning platform) in order to analyze the students’ learning process. Additionally, students filled out an opinion survey after finishing the practical activity. The format of this questionnaire is based on the UTAUT methodology [3,16].
From a total of 28 students enrolled in the CIS subject for the 2017–2018 academic year, 21 students finished the practical activity. Most of the students who finished the activity related to the proposed virtual laboratory successfully passed the subject either in the ordinary or extraordinary period.

4.1. User Tracking

The students’ learning process presents several challenges: apart from the common drawbacks of distant learning (for instance, maintaining motivation and interest of students, or addressing the complexity in the communication between the teaching team and the students), the difficulty of carrying out practical activities that reflect the knowledge acquired during the lessons must be also taken into account. For this reason, a set of data was automatically recorded to analyze the students’ learning process, in terms of access sessions, booking sessions and user location, among others.
Figure 4 shows the number of sessions per student in the platform that supported the proposed remote-virtual laboratory with the EVE-NG technology. The horizontal axis represents the student identification (ID), and the vertical axis the amount of sessions. IDs 1, 2 and 21 belong to lecturers of the subject.
As can be observed, some of the users (with ID 6 and 14) registered in the laboratory but never started a session, because they registered again with another e-mail account, hence getting a new identification. In particular, IDs 7 and 15, respectively. Most of the students completed the practical activity in 1, 2, or 3 sessions, whereas only three students completed the activity in more than 5 sessions. This fact indicates the usefulness and ease of use of the remote-virtual laboratory for performing the proposed activity.
Regarding session bookings, Figure 5 illustrates the amount of bookings for the remote-virtual laboratory per student. The horizontal axis represents the student ID, and the vertical axis the amount of booked sessions. Results are similar to those regarding access sessions in Figure 4. Some of the students completed the practical session in 1, 2, or 3 booking sessions. Only five students completed the activity in more than 5 sessions. This fact enforces those conclusions achieved after analyzing Figure 4. However, some minor differences between access sessions and booking sessions can be found in the figures. For instance, the user with ID number 7 booked more sessions (a total of 15) than the number of sessions that actually took place in the platform (a total of 7). This fact can be due to two different reasons: 1) several bookings might have been completed in just one access session; or 2) the student might have missed some booked sessions.
Finally, Figure 6 shows the evolution of the booking distribution during the period of the practical activity. It can be observed that around Christmas the amount of sessions was quite low, probably due to holidays (from December 22nd to January 8th, approximately). However, after this period students started to use the remote-virtual laboratory, and the platform that supported it. At the end of January, the students’ accesses finished, which is consistent with the deadline for finishing the practical activity.

4.2. User Satisfaction

Regarding the satisfaction survey, students were asked for their opinion about the proposed experience of doing the practical activity in the cloud with the EVE-NG technology. Each indicator in the survey is composed of a set of specific statements/questions. From them, the mean and standard deviation values are calculated for each indicator (see Table 1). Each statement is a five-point liker-type scale, ranging from (1) “strongly disagree” to (5) “strongly agree”.
These questions are focused on the following indicators:
  • Perceived usefulness of the students about the practical experience with the laboratory.
  • Estimated effort, in terms of the ease of use of the virtual laboratory.
  • Attitude, towards the technological solution adopted, assessing whether the students perceive or not the benefits of using the laboratory for the intended purposes.
  • Social influence, which reflects how the students’ opinion is perceived by other classmates and faculty about the virtual experience.
  • Ease of access, and perceived availability of educative resources during the progress of the virtual experience.
  • Intention of use of the proposed laboratory.
Figure 7 shows the obtained values, for each indicator of the opinion survey, for the proposed experience within the 2017–2018 academic year. The mean perceived usefulness to complete the proposed experience is about 4.3 out of 5. Additionally, the estimated effort is a bit higher, a total of 4.55 points out of 5. On the other hand, the students’ attitude regarding the proposed virtual-remote laboratory in the cloud is even better, more or less 4.61 out of 5. The social influence is also good, about 4.07 out of 5.
According to these results, the perceived ease of access to the virtual-remote laboratory in the cloud and availability of resources is not so satisfactory from their point of view (3.58 points out of 5). Finally, the students’ intention of use of the virtual-remote laboratory is quite probable, reaching almost 4.40 points out of 5. The standard deviation of all indicators ranges from 0.42 to 0.80, as shown in Table 1.

5. Conclusions and Future Work

This work proposes a new remote-virtual laboratory, to be used in the cloud, within the context of Engineering and paying special attention to the cybersecurity topic. A practical case of study is detailed for the use of the laboratory, and technical requirements are depicted. Additionally, the factors that influence the students’ learning are analyzed from both the user satisfaction with the system after completing the practical activity, and the interaction of each student with the laboratory throughout the development of the activity.
As for future work, the influence among the evaluated indicators will be studied in more detail. Therefore, it is planned to validate them by means of proposing a structural equation model that satisfies the students’ acceptance of the presented technology. To achieve this, an UTAUT model will be hypothesized. Another future line of research is the development of a more exhaustive tracking process of the students’ learning progress as the practical activity is carried out.

Author Contributions

Data curation, L.T.; Formal analysis, R.P.; Funding acquisition, A.R.-G.; Investigation, L.T., R.H. and A.R.-G.; Methodology, L.T. and R.P.; Project administration, R.P.; Software, L.T. and A.R.-G.; Supervision, R.H.; Validation, R.P.; Visualization, A.R.-G.; Writing—original draft, L.T., A.R.-G., R.P., R.H., A.D., and J.C.; Writing—review & editing, A.R.-G. and A.D.

Acknowledgments

Authors would like to acknowledge the support of the eNMoLabs research project for the period 2019–2020 from UNED; our teaching innovation group, CiberGID, started at UNED in 2018; another project for the period 2017–2018 from the Computer Science Engineering School (ETSI Informática) in UNED; and the Region of Madrid for the support of E-Madrid-CM Network of Excellence (S2018/TCS-4307). The authors also acknowledge the support of SNOLA, officially recognized Thematic Network of Excellence (RED2018-102725-T) by the Spanish Ministry of Science, Innovation and Universities.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Duan, Y. Value Modeling and Calculation for Everything as a Service (XaaS) Based on Reuse. In Proceedings of the 13th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), Kyoto, Japan, 8–10 August 2012. [Google Scholar]
  2. ISACA; Survey, R.C. State of Cybersecurity. Implications for 2016. Available online: https://www.isaca.org/cyber/Documents/state-of-cybersecurity_res_eng_0316.pdf (accessed on 30 October 2019).
  3. Venkatesh, V.; Morris, M.G.; Davis, G.B.; Davis, F.D. User Acceptance of Information Technology: Toward a Unified View. MIS Q. 2003, 27, 425–478. [Google Scholar] [CrossRef]
  4. Siemens, G. Learning Analytics. Am. Behav. Sci. 2013, 57, 1380–1400. [Google Scholar] [CrossRef]
  5. Tobarra, L.; Ros, S.; Hernández, R.; Pastor, R.; Robles-Gómez, A.; Caminero, A.C.; Castro, M. Low-Cost Remote Laboratories for Renewable Energy in Distance Education. In Proceedings of the 11th International Conference on Remote Engineering and Virtual Instrumentation (REV 2014), Porto, Portugal, 26–28 February 2014. [Google Scholar]
  6. Tobarra, L.; Ros, S.; Hernández, R.; Marcos-Barreiro, A.; Robles-Gómez, A.; Caminero, A.C.; Pastor, R.; Castro, M. Creation of Customized Remote Laboratories Using Deconstruction. IEEE-RITA 2015, 10, 69–76. [Google Scholar] [CrossRef]
  7. Shankar, B.; Sarithlal, M.; Vijayan, V.; Freeman, J.; Achuthan, K. Remote Triggered Solar Thermal Energy Parabolic Trough laboratory: Effective implementation and future possibilities for Virtual Labs. In Proceedings of the 2013 IEEE International Conference on Control Applications (CCA), Hyderabad, India, 28–30 August 2013; pp. 472–476. [Google Scholar] [CrossRef]
  8. Rao, P.; Dinesh, P.; Ilango, G.; Nagamani, C. Laboratory course on solar photovoltaic systems based on low cost equipment. In Proceedings of the 2013 IEEE International Conference on MOOC Innovation and Technology in Education (MITE), Jaipur, India, 20–22 December 2013; pp. 146–151. [Google Scholar] [CrossRef]
  9. Ros, S.; Robles-Gómez, A.; Hernández, R.; Caminero, A.C.; Pastor, R. Using Virtualization and Automatic Evaluation: Adapting Network Services Management Courses to the EHEA. IEEE Trans. Educ. 2012, 55, 196–202. [Google Scholar] [CrossRef]
  10. Bora, U.J.; Ahmed, M. E-learning using Cloud Computing. Int. J. Sci. Mod. Eng. (IJISME) 2013, 1, 9–13. [Google Scholar]
  11. IBM Corporation. Cloud Computing Saves Time, Money and Shortens Production Cycle. Available online: http://www-935.ibm.com/services/in/cio/pdf/dic03001usen.pdf (accessed on 30 October 2019).
  12. Selviandro, N.; Hasibuan, Z. Cloud-Based E-Learning: A Proposed Model and Benefits by Using E-Learning Based on Cloud Computing for Educational Institution. In Information and Communication Technology; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2013. [Google Scholar]
  13. Pastor, R.; Caminero, A.C.; Rama, D.S.; Hernández, R.; Ros, S.; Robles-Gómez, A.; Tobarra, L. Laboratories as a Service (LaaS): Using Cloud Technologies in the Field of Education. J. UCS 2013, 19, 2112–2126. [Google Scholar]
  14. Tobarra, L.; Robles-Gómez, A.; Pastor, R.; Hernández, R.; Cano, J.; López, D. Web of Things Platforms for Distance Learning Scenarios in Computer Science Disciplines: A Practical Approach. Technologies 2019, 7, 17. [Google Scholar] [CrossRef]
  15. EVE-ND, Emulated Virtual Environment-Next Generation. Available online: http://www.eve-ng.net/index.php/downloads/eve-ng (accessed on 30 October 2019).
  16. Holden, R.; Karsh, B.T. The Technology Acceptance Model: Its Past and Its Future in Health Care. J. Biomed. Inform. 2010, 43, 159–172. [Google Scholar] [CrossRef] [PubMed]
Figure 1. Booking a session in the security lab.
Figure 1. Booking a session in the security lab.
Proceedings 31 00003 g001
Figure 2. Example of remote-virtual laboratory for auditing local and network security.
Figure 2. Example of remote-virtual laboratory for auditing local and network security.
Proceedings 31 00003 g002
Figure 3. Network structure of the laboratory for the CIS subject.
Figure 3. Network structure of the laboratory for the CIS subject.
Proceedings 31 00003 g003
Figure 4. Number of Sessions per Student.
Figure 4. Number of Sessions per Student.
Proceedings 31 00003 g004
Figure 5. Number of Bookings per Student.
Figure 5. Number of Bookings per Student.
Proceedings 31 00003 g005
Figure 6. Evolution of the Booking Distribution.
Figure 6. Evolution of the Booking Distribution.
Proceedings 31 00003 g006
Figure 7. Evaluated indicators for the 2017–2018 academic year.
Figure 7. Evaluated indicators for the 2017–2018 academic year.
Proceedings 31 00003 g007
Table 1. Mean and standard deviation for the evaluated indicators.
Table 1. Mean and standard deviation for the evaluated indicators.
Perc. UsefulnessEst. EffortAttitudeSocial Infl.Easy of Acc.Int. of Use
Mean4.304.554.614.073.584.40
Standard Deviation0.590.420.460.800.650.71
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Tobarra, L.; Robles-Gómez, A.; Pastor, R.; Hernández, R.; Duque, A.; Cano, J. A Cybersecurity Experience with Cloud Virtual-Remote Laboratories. Proceedings 2019, 31, 3. https://doi.org/10.3390/proceedings2019031003

AMA Style

Tobarra L, Robles-Gómez A, Pastor R, Hernández R, Duque A, Cano J. A Cybersecurity Experience with Cloud Virtual-Remote Laboratories. Proceedings. 2019; 31(1):3. https://doi.org/10.3390/proceedings2019031003

Chicago/Turabian Style

Tobarra, Llanos, Antonio Robles-Gómez, Rafael Pastor, Roberto Hernández, Andrés Duque, and Jesús Cano. 2019. "A Cybersecurity Experience with Cloud Virtual-Remote Laboratories" Proceedings 31, no. 1: 3. https://doi.org/10.3390/proceedings2019031003

APA Style

Tobarra, L., Robles-Gómez, A., Pastor, R., Hernández, R., Duque, A., & Cano, J. (2019). A Cybersecurity Experience with Cloud Virtual-Remote Laboratories. Proceedings, 31(1), 3. https://doi.org/10.3390/proceedings2019031003

Article Metrics

Back to TopTop