Thunder CTF: Learning Cloud Security on a Dime

Nicholas Springer (1); Wu-chang Feng (1) ((1) Portland State; University)

arXiv:2107.12566·cs.CR·July 28, 2021·1 cites

Thunder CTF: Learning Cloud Security on a Dime

Nicholas Springer (1), Wu-chang Feng (1) ((1) Portland State, University)

PDF

Open Access

TL;DR

Thunder CTF is an accessible, scenario-based training platform designed to help students learn and practice cloud security skills amidst the complex security models of major cloud providers.

Contribution

It introduces a scalable, low-cost, and extensible Capture-the-Flag platform tailored for cloud security education and hands-on learning.

Findings

01

Easy deployment at minimal cost

02

Highly extensible for evolving security issues

03

Enhances practical cloud security skills

Abstract

Organizations have rapidly shifted infrastructure and applications over to public cloud computing services such as AWS (Amazon Web Services), Google Cloud Platform, and Azure. Unfortunately, such services have security models that are substantially different and more complex than traditional enterprise security models. As a result, misconfiguration errors in cloud deployments have led to dozens of well-publicized breaches. This paper describes Thunder CTF, a scaffolded, scenario-based CTF (Capture-the-Flag) for helping students learn about and practice cloud security skills. Thunder CTF is easily deployed at minimal cost and is highly extensible to allow for crowd-sourced development of new levels as security issues evolve in the cloud.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsCloud Data Security Solutions · Software System Performance and Reliability · Information and Cyber Security