Securing CHEESEHub: A Cloud-based, Containerized Cybersecurity Education Platform

Mike Lambert; Rajesh Kalyanam; Rob Kooper; Baijian Yang

doi:10.1145/3437359.3465584

Securing CHEESEHub: A Cloud-based, Containerized Cybersecurity Education Platform

Mike Lambert
, Rajesh Kalyanam
, Rob Kooper
, Baijian Yang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

The Cyber Human Ecosystem for Engaged Security Education (CHEESEHub) is an open web platform that hosts community-contributed containerized demonstrations of cybersecurity concepts. In order to maximize flexibility, scalability, and utilization, CHEESEHub is currently hosted in a Kubernetes cluster on the Jetstream academic cloud. In this short paper, we describe the security model of CHEESEHub and specifically the various Kubernetes security features that have been leveraged to secure CHEESEHub. This ensures that the various cybersecurity exploits hosted in the containers cannot be misused, and that potential malicious users of the platform are cordoned off from impacting not just other legitimate users, but also the underlying hosting cloud. More generally, we hope that this article will provide useful information to the research computing community on a less discussed aspect of cloud deployment: the various security features of Kubernetes and their application in practice.

Original language	English
Title of host publication	PEARC 2021 - Practice and Experience in Advanced Research Computing 2021
Subtitle of host publication	Evolution Across All Dimensions
Publisher	Association for Computing Machinery
ISBN (Electronic)	9781450382922
DOIs	https://doi.org/10.1145/3437359.3465584
State	Published - Jul 17 2021
Externally published	Yes
Event	5th Practice and Experience in Advanced Research Computing Conference: Evolution Across All Dimensions, PEARC 2021 - Virtual, Online, United States Duration: Jul 19 2021 → Jul 22 2021

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	5th Practice and Experience in Advanced Research Computing Conference: Evolution Across All Dimensions, PEARC 2021
Country/Territory	United States
City	Virtual, Online
Period	07/19/21 → 07/22/21

Funding

This work is funded by the National Science Foundation through awards 1820573 and 1820608. CHEESEHub platform development and operations are made possible by XSEDE Jetstream. We would also like to thank Craig Willis from the National Center for Supercomputing Applications (NCSA) for his help in developing the CHEESEHub security model, and Alex Withers (also from NCSA) for his help in reviewing the security model.

Keywords

Kubernetes
cloud computing
containers
cybersecurity

Access to Document

10.1145/3437359.3465584

Cite this

Lambert, M., Kalyanam, R., Kooper, R., & Yang, B. (2021). Securing CHEESEHub: A Cloud-based, Containerized Cybersecurity Education Platform. In PEARC 2021 - Practice and Experience in Advanced Research Computing 2021: Evolution Across All Dimensions (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3437359.3465584

@inproceedings{75e384814c99417facd461456bde0344,

title = "Securing CHEESEHub: A Cloud-based, Containerized Cybersecurity Education Platform",

abstract = "The Cyber Human Ecosystem for Engaged Security Education (CHEESEHub) is an open web platform that hosts community-contributed containerized demonstrations of cybersecurity concepts. In order to maximize flexibility, scalability, and utilization, CHEESEHub is currently hosted in a Kubernetes cluster on the Jetstream academic cloud. In this short paper, we describe the security model of CHEESEHub and specifically the various Kubernetes security features that have been leveraged to secure CHEESEHub. This ensures that the various cybersecurity exploits hosted in the containers cannot be misused, and that potential malicious users of the platform are cordoned off from impacting not just other legitimate users, but also the underlying hosting cloud. More generally, we hope that this article will provide useful information to the research computing community on a less discussed aspect of cloud deployment: the various security features of Kubernetes and their application in practice.",

keywords = "Kubernetes, cloud computing, containers, cybersecurity",

author = "Mike Lambert and Rajesh Kalyanam and Rob Kooper and Baijian Yang",

note = "Publisher Copyright: {\textcopyright} 2021 Owner/Author.; 5th Practice and Experience in Advanced Research Computing Conference: Evolution Across All Dimensions, PEARC 2021 ; Conference date: 19-07-2021 Through 22-07-2021",

year = "2021",

month = jul,

day = "17",

doi = "10.1145/3437359.3465584",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

booktitle = "PEARC 2021 - Practice and Experience in Advanced Research Computing 2021",

}

Lambert, M, Kalyanam, R, Kooper, R & Yang, B 2021, Securing CHEESEHub: A Cloud-based, Containerized Cybersecurity Education Platform. in PEARC 2021 - Practice and Experience in Advanced Research Computing 2021: Evolution Across All Dimensions. ACM International Conference Proceeding Series, Association for Computing Machinery, 5th Practice and Experience in Advanced Research Computing Conference: Evolution Across All Dimensions, PEARC 2021, Virtual, Online, United States, 07/19/21. https://doi.org/10.1145/3437359.3465584

Securing CHEESEHub: A Cloud-based, Containerized Cybersecurity Education Platform. / Lambert, Mike; Kalyanam, Rajesh; Kooper, Rob et al.
PEARC 2021 - Practice and Experience in Advanced Research Computing 2021: Evolution Across All Dimensions. Association for Computing Machinery, 2021. (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Securing CHEESEHub

T2 - 5th Practice and Experience in Advanced Research Computing Conference: Evolution Across All Dimensions, PEARC 2021

AU - Lambert, Mike

AU - Kalyanam, Rajesh

AU - Kooper, Rob

AU - Yang, Baijian

PY - 2021/7/17

Y1 - 2021/7/17

N2 - The Cyber Human Ecosystem for Engaged Security Education (CHEESEHub) is an open web platform that hosts community-contributed containerized demonstrations of cybersecurity concepts. In order to maximize flexibility, scalability, and utilization, CHEESEHub is currently hosted in a Kubernetes cluster on the Jetstream academic cloud. In this short paper, we describe the security model of CHEESEHub and specifically the various Kubernetes security features that have been leveraged to secure CHEESEHub. This ensures that the various cybersecurity exploits hosted in the containers cannot be misused, and that potential malicious users of the platform are cordoned off from impacting not just other legitimate users, but also the underlying hosting cloud. More generally, we hope that this article will provide useful information to the research computing community on a less discussed aspect of cloud deployment: the various security features of Kubernetes and their application in practice.

AB - The Cyber Human Ecosystem for Engaged Security Education (CHEESEHub) is an open web platform that hosts community-contributed containerized demonstrations of cybersecurity concepts. In order to maximize flexibility, scalability, and utilization, CHEESEHub is currently hosted in a Kubernetes cluster on the Jetstream academic cloud. In this short paper, we describe the security model of CHEESEHub and specifically the various Kubernetes security features that have been leveraged to secure CHEESEHub. This ensures that the various cybersecurity exploits hosted in the containers cannot be misused, and that potential malicious users of the platform are cordoned off from impacting not just other legitimate users, but also the underlying hosting cloud. More generally, we hope that this article will provide useful information to the research computing community on a less discussed aspect of cloud deployment: the various security features of Kubernetes and their application in practice.

KW - Kubernetes

KW - cloud computing

KW - containers

KW - cybersecurity

UR - https://www.scopus.com/pages/publications/85111051432

U2 - 10.1145/3437359.3465584

DO - 10.1145/3437359.3465584

M3 - Conference contribution

AN - SCOPUS:85111051432

T3 - ACM International Conference Proceeding Series

BT - PEARC 2021 - Practice and Experience in Advanced Research Computing 2021

PB - Association for Computing Machinery

Y2 - 19 July 2021 through 22 July 2021

ER -

Securing CHEESEHub: A Cloud-based, Containerized Cybersecurity Education Platform

Abstract

Publication series

Conference

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this