The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

VMworld 2006:  Teaching (security) using virtual labs


This talk by Marcus MacNeill (Surgient) discussed the Surgient Virtual Training Lab used by CERT-US to train military personnel in security best practices, etc…  I was disappointed because the talk didn’t discuss the challenges of teaching security, and the lessons learned by CERT doing so, but instead focused on how the product could be used in a teaching environment.  Not surprisingly, the Surgient product resembles both VMware’s lab manager and ReAssure.  However, the Surgient product doesn’t support the sharing of images, and stopping and restarting work, e.g. development work by users (from what I saw—if it does it wasn’t mentioned).  They mentioned that they had patented technologies involved, which is disturbing (raise your hand if you like software patents).  ReAssure meets (or will soon, thanks to the VIX API) all of the requirements he discussed for teaching, except for student shadowing (seeing what a student is attempting to do).  So, I would be very interested in seeing teaching labs using ReAssure as a support infrastructure.  There are of course other teaching labs using virtualization that have been developed at other universities and colleges;  the challenge is of course to be able to design courses and exercises that are portable and reusable.  We can all gain by sharing these, but for that we need a common infrastructure where all these exercises would be valid.


Posted by FrozenKiwi
on Wednesday, November 8, 2006 at 10:00 AM

Is this new? I mean sure it sounds like they’ve got some cool exercises but virtualization in teaching has been around for a LONG time. I’ve seen this in tertiary courses since at least 2003 and MS has been using their product in training since shortly after they bought Virtual-PC.

You are right - the real challenge is in course design. As it always has been. Virtualization means that it’s cheaper to give each student multiple networked machines to play with, along with various levels of isolation. But the real challenge is in finding the most educative exercises for developing the students understanding and skills.

The idea of sharing these is fantastic, often talked about, but so far I haven’t heard of anything successful.

Posted by Pascal Meunier
on Wednesday, November 8, 2006 at 11:20 AM

FrozenKiwi, you’re right, virtualization in teaching isn’t new.  In addition to what you mention, virtualization in the right environment may enable students to learn while doing “dumb” things (like publishing a RIP message stating that their computer has the shortest route to everywhere, or doing heavy scans) without affecting the real world. This is harder to ensure in Lab Manager, for example.  An interesting approach is that used by our friends at Syracuse U.;  they add security features to MINIX while working inside VMware:
I will try to borrow a page or two from them next semester, so they’re at least successful in that.

Leave a comment

Commenting is not available in this section entry.