System Administrator Simulation Trainer (SAST)
Defending the nation’s information infrastructure depends on highly-skilled and experienced security personnel—who are currently in short supply. System administrators are the first line of defense against cyber threats and have extensive access to an organization’s sensitive digital information. Yet, those jobs typically are entry-level positions filled by young, less experienced staff who often move on to more desirable positions, creating a high turnover rate. This, in turn, results in system administrators who lack significant experience, which only increases an organization’s vulnerability to cyber assaults.

The commercial market offers a broad range of security training for computer and network administrators. Such training typically involves classroom instruction and a few laboratory exercises to provide some hands-on experience. The training allows for quick delivery of security information to students, but it does not provide the in-depth experience that is so increasingly necessary to manage complex real-world, real-time events in their workplace.

To assist in fulfilling the void for highly experienced security personnel, the System Administrator Simulation Trainer (SAST) essentially simulates the basic Internet/network environment used by many DoD organizations, creating a unique capability for security personnel and system administrators to both learn and hone their skills. SAST achieves the simulation by artificially generating Internet/network traffic and superimposing actual exploits on it. This mimics the real world where hackers and potential adversaries exploit the networks and computers that the defense of our nation depends upon. SAST offers an isolated network to simulate a larger, real world network under attack by external hackers and adversaries.

SAST is a suite of application software that provides students and trainers the ability to:
• Train one or more students simultaneously
• Deliver multiple exploit experience in either a random or playback mode.
• Accessible anywhere in the world
• Simulation environment can mimic an organizations information infrastructure
• Scope of simulation network is scalable
• Provides a database of 1000s of exploits that is upgradeable
• Allows for group session training exercises
SAST incorporates a synthetic traffic generator, an attack tool that can draw on an extensive exploit data base, an attack insert engine, and a remote administration/collaboration tool to offer safe access to the collective training capability anywhere in the world.

The current practice for security training draws on traditional methods including books, class room instruction, computer-based training tools, and laboratory sessions. SAST is unique in that it offers capabilities for the cyber defender analogous to a flight simulator for an aircraft pilot. The only difference is that SAST does so with network traffic and exploits. A comparable capability does not exist based on the literature and information from the cyber security community.
 
Project Leads
Wayne Meitzler, PNNL
Steve Ouderkirk, PNNL
 
Project Contributors
Richard Griswold, PNNL
William Yurcik, NCSA

Return to Projects list


The National Center for Advanced Secure Systems Research NCASSR) at the University of Illinois at Urbana-Champaign (UIUC) is a multi-institutional cybersecurity research team. NCASSR focuses basic and applied research necessary to develop next generation information security technologies that address national cybersecurity needs. NCASSR is led by the National Center for Supercomputing Applications (NCSA) and supported by funding from the Office of Naval Research (ONR).


SELS 0.7 released
Secure Email List Services (SELS) is an open source software for creating and developing secure email list services among user communities.
 
Strong community engagement strengthens cybersecurity research and development
NCASSR-supported exploratory research at NCSA and elsewhere has sparked additional external funding and development opportunities as well as successful deployment and adoption by users ranging from the defense sector to state law enforcement to the utilities industry.
 
NCASSR Collaborator Goes To Washington
Carl Gunter, a professor in the University of Illinois Department of Computer Science and a project lead on NCASSR-supported work involving adaptive, secure messaging, recently spoke to an audience of congressional staffers and lobbyists on Capitol Hill regarding ways to address a variety of critical cybersecurity issues in areas such as healthcare and energy distribution.