Design and Development of the Back-End Software Architecture for a Hybrid Cyber Range

In the last decades, reports and news about cyber attacks have showed up a turnover. Such exploits are making use of latest technology and exploiting new techniques and methodologies. Security specialists and researchers are making unique efforts to develop platforms that are capable of emulating threatening situations and allowing to learn how to counter them properly. The development of cyber ranges, simulated environments where vulnerable IT infrastructures are reproduced, mainly allow to improve the skills for people operating in the first line of defense, and of course to educate students in the cybersecurity field. To date, software virtualization techniques allow you to create simulated environments that are very faithful to the original ones, with deeply customizable network topologies and connected devices of all kinds. Virtualization allows considerable savings on the physical equipment required for the implementation of these environments, as well as on the expertise required, given the growing variety of existing automatic design tools. Despite all these advantages, it should not be underestimated that a large part of devices and infrastructures are still irreproducible in the software domain, and that many companies still include physical routers, switches and firewalls in their IT and OT infrastructures, especially when needed to communicate with industrial control devices. Furthermore, the increasingly widespread IoT networks in cities, homes and even wearable objects are hard to be reproduced in totally virtual environments. In fact, training totally abstracted from physical devices is significantly limiting, because a very large part of threats, such as those related to side-channel vulnerabilities or low-level communication protocols, is ruled out. This thesis present a contribution on the design of a hybrid cyber range, entitled PAIDEUSIS, that aims to combine virtualization techniques with real physical devices. In addition to providing an overview of the general features of cyber ranges and the particularities of PAIDEUSIS, the thesis presents the work carried out about the development of the back-end code infrastructure, including the database design and different kind of security features that are fundamental to protect the data over the network. The work is concluded by stating the upcoming features and capabilities to be considered for the future work of the project.