EDURange: Meeting the Pedagogical Challenges of Student Participation in Cybertraining Environments

This paper reflects on the challenges that arose and the lessons learned when we used hands-on cyberoperations exercises in our courses. After exploring a range of exercises and platforms (and having discovered their limitations), we designed and built an environment for hosting such exercises called EDURange.

These limitations fall into two categories: technical and pedagogical. One of the main pedagogical issues was that most existing exercises were not aimed at teaching analysis skills, (i.e. a set of practices that support the ability to achieve understanding of complex systems). On the other hand, one of the main practical issues with existing cyber-training environments involves scalability limitations imposed by the inherent resource constraints of existing testbeds. A third techno-pedagogical issue was that scenarios were not dynamic. An exercise that is always the same has limited utility in that there is little incentive for students to repeat it, and with time, the solutions can be found on the Internet. EDURange allows instructors to configure aspects of the scenarios to repeatedly create new variations of the exercises. EDURange is designed especially for the needs of teaching faculty. The scenarios we have implemented each are designed specifically to nurture the development of analysis skills in students as a complement to both theoretical security concepts and specific software tools.