Sandia TracerFIRE and Minimega Programs at Purdue Computer Science
As part of the strategic alliance with Purdue University, Sandia National Laboratories sponsored a series of digital forensic incident response workshops on campus in 2019. The Sandia program, called TracerFIRE (Forensic Incident Response Exercise), is designed to educate and train incident responders through a competitive game.
Sandia ran cybersecurity workshops in April, October, and November with Computer Science students and students from other Purdue departments. The workshops, hosted on campus by Purdue Computer Science and CERIAS, also included students from Norfolk State University in October. Dongyan Xu, Department Head and Samuel D. Conte Professor of Computer Science, observed the workshops. "We are excited to partner with Sandia and CERIAS to promote hands-on cybersecurity training for our undergraduate students and our visitors from the computer science department at Norfolk State University.” Xu added, “We look forward to continued work with our partners and hope to establish a long-term collaboration to promote research excellence and diversity in cybersecurity."
The April and October workshops featured the TracerFIRE game, which allows students to compete in teams. There are two main goals: to introduce students to opportunities in cybersecurity; and to create a training platform for students teaching skills in digital forensics, malware reverse engineering, and network/memory analysis.
The TracerFIRE Program offers students:
- A 100% hands-on exercise that reinforces cutting-edge digital forensic skills and open source software to build investigative abilities.
- A target rich environment to exercise new collaborative analysis methods and augmented human cognition techniques in a contested cyberspace environment.
- Exposure to real-world cyber campaigns that utilizes APT style malware to bridge the gap between reality and a synthetic task environment.
- Tie challenges together in a unified narrative to provide a “big picture” that helps students identify adversary trends and strategies.
Michael Reeves, a Purdue master’s degree student in Computer Science, is a member of the Sandia National Labs’ Critical Skills Master's Program. “As an employee at Sandia National Labs, I work with the TracerFIRE team at Sandia. Sharing my skills and knowledge during TracerFIRE has been an extremely rewarding experience.” Reeves continued, “Many students come in with zero experience and leave with real cybersecurity knowledge and skills. Witnessing the students’ excitement and enthusiasm is my motivation to continue improving the workshop here at Purdue.”
Workshop participants gain real-world experience tracking down malicious activity without the real-world consequences. Sandia’s TracerFIRE team strives to ensure the whole scenario is forensically accurate, and creates realistic cyber-attacks following the MITRE Att&ck framework. Reeves adds, “The workshop participants leave prepared for real-world cybersecurity encounters. The TracerFIRE team focuses on teaching Sandia’s cutting edge open source tools, so students gain useful skills and can continue to develop them on their own without having to buy enterprise grade products. Even students that come to the event with previous cyber experience discover new tools or techniques they'd never seen.”
The workshops are split into three portions: teaching, competition, presentation. In the teaching portion, lectures are given on digital forensic tools, topics, and techniques so that the students are able to complete the various challenges during the competition portion. During the competition portion, students access the hacked network and receive a series of questions to lead them through the investigation. Using the skills and tools they learned, the goal is to solve the challenges and determine the actions taken by adversaries in the network. Finally, students discuss their findings in a presentation targeted for C-suite executives, to demonstrate their understanding of the adversary’s actions, and to explain how they conducted their high level security response.
The November workshop focused on minimega, a platform developed at Sandia to launch and manage large scale virtual machine based experiments. It leverages expertise in high performance computing, cybersecurity, and virtualization to provide a novel suite of emulation, modeling, and analysis tools for predictive simulation and real-time dynamic defense.
Purdue University is among a small group of research universities that have entered into strategic alliances with Sandia. To solve cybersecurity problems and accelerate technology adoption, the Computer Science Department collaborates with Sandia to offer new opportunities for faculty and students, both at Purdue and Sandia.
Writer: Emily Kinsell, 765-494-0669, firstname.lastname@example.org, @emilykinsell
Source: Michael Reeves, email@example.com