Undergraduate Security Laboratory Modules Using the System Administrator Simulation Training (SAST)
Many universities have developed computer science and information science education courses in security. These courses satisfy the increasing demand for computer security professionals in industry and government. For example, the National Security Agency and the Department of Homeland Security jointly sponsor the National Centers of Academic Excellence Program in response to Priority III of the President's National Strategy to Secure Cyberspace of 2003 directing the Federal Government to foster training and education programs to support the Nation's cybersecurity needs, and to increase the efficiency of existing Federal cybersecurity programs. Some 75 Centers across 32 states have been identified by this program. Much of the course material used in these centers is based on the NSTISSI-4011 National Training Standard for Information Systems Security (INFOSEC) Professionals (NSTISSI, 1994) and CNSSI-4013 National Information Assurance Training Standard For System Administrators (CNSS, 2004). To be effective, many of these programs include a laboratory component that allows students to experience the problems of managing the security of computer systems in real-life situations and under attack. One paper that explores these training opportunities is “Exploring a National Cyber Security Exercise for Universities” (Hoffman, 2005). The idea of offering security exercises for colleges has developed into the National Collegiate Cyber Competition (NCCDC, 2007). In this competition, undergraduate defense teams are pitted against a red team in a security exercise to defend a cyber installation against attack.

The University of Illinois and many other universities are developing laboratory courses that offer hands-on systems administrator experiences of security incidents and defense. Computer Science CS460 (CS460,2007) is a laboratory course designed to complement CS 461, “An Introduction to Information Assurance,” (CS461, 2007) and CS463, “Computer Security,” (CS463, 2007) with laboratory experience of security. However, providing an effective and safe laboratory environment for such a course is expensive, both in terms of dedicated equipment and in terms of manpower to monitor and control the laboratory. The proposal seeks NCASSR funding to build a security laboratory using PNNL’s System Administrator Simulation Trainer (SAST). The outcome of the research will be to provide hands-on training exercises and pedagogical materials using SAST conforming to the standards of NSTISSI-4011 and CNSSI-4013. The materials will be distributed through NCSA and other web sites as public domain and open source.
 
Project Leads
Roy Campbell, CS Dept, University of Illinois

Return to Projects list


The National Center for Advanced Secure Systems Research NCASSR) at the University of Illinois at Urbana-Champaign (UIUC) is a multi-institutional cybersecurity research team. NCASSR focuses basic and applied research necessary to develop next generation information security technologies that address national cybersecurity needs. NCASSR is led by the National Center for Supercomputing Applications (NCSA) and supported by funding from the Office of Naval Research (ONR).


SELS 0.7 released
Secure Email List Services (SELS) is an open source software for creating and developing secure email list services among user communities.
 
Strong community engagement strengthens cybersecurity research and development
NCASSR-supported exploratory research at NCSA and elsewhere has sparked additional external funding and development opportunities as well as successful deployment and adoption by users ranging from the defense sector to state law enforcement to the utilities industry.
 
NCASSR Collaborator Goes To Washington
Carl Gunter, a professor in the University of Illinois Department of Computer Science and a project lead on NCASSR-supported work involving adaptive, secure messaging, recently spoke to an audience of congressional staffers and lobbyists on Capitol Hill regarding ways to address a variety of critical cybersecurity issues in areas such as healthcare and energy distribution.