The OCCP Documentation is in development. The Subscribe page is active so that you can sign up for notifications of releases. The Project Plan page shows the current development schedule.

General OCCP Concept

The OCCP concept is based this design:

  • Virtual Scenario Network (VSN)– a network of virtual machines representing an organization's IT infrastructure (network, servers, workstations, data stores, IT tools, etc.)
  • Gray Team - scripts that generate “normal” use of the VSN services.
  • Red Team – people or scripts that attack the VSN to deny/corrupt services, steal data, etc.
  • Blue Team – people or scripts that represent the IT staff for the the VSN.
  • White Team – people and scripts that monitor/support the system, and officiate/score the challenge instance.
The OCCP supports challenges types. Current challenge types include:
Network Defense – Blue Team is students, Red Team is scripted attacks. Positive points assigned to Blue for services kept active, negative points assigned to Blue for data stolen and services denied. Secure Programming – Blue Team is student programmers, Red Team is scripted attacks (e.g. SQL injection). Negative points assigned for data stolen and services denied.
Penetration Testing– Red Team is students, Blue Team is scripted. Positive points assigned for data stolen and services denied. Incident Response – Read Team is scripted attack, Blue Team of students must find what data was stolen and who did it.
Digital Forensics - The Blue Team are students who search for evidence in the VSN. The Red Team is scripted, but is optional - there may be an on-going malicious component or the Red Team may be dormant. Malware Analysis - The Blue Team are students who search for malware in the VSN and diagnosis it. The Red Team is scripted, but is optional - there may be an on-going malicious component or the Red Team may be dormant.

A specific instance of a challenge is called a scenario. Here is a description of a proof of concept Network Defense scenario .

All OCCP scenarios require the installation of the Administrative VM, which does the work necessary to setup the rest of the scenario. The Administrative VM accepts a scenario package (described below), and then configures the Game Server, VSN, and other support machines as required.

Game Server: The Game Server is a VM for running the scenario. It:

  • Runs all Gray script actions (e.g. “normal” service requests to the VSN)
  • Runs all automated team scripts (e.g. Red scripts in a Network Defense challenge).
  • Interacts with the Gray scripts and Team scripts to track the score
  • Controls the Game Clock
  • Provides White Team services such as communication with the players
  • Exposes Web services for:
    • Moderator monitoring of the challenge scenario
    • Spectator monitoring of the challenge scenario
    • Player monitoring of the challenge scenario
  • Can be interacted with using the Game Server Web Application

Italics denote features to be implemented

Administrative VM: This VM is used by the administrators before a challenge instance to:

  • Start the Game Server & VSN VMs;
  • Automatically reconfigure the VMs of the scenario, if necessary;
  • Automatically set up VPN networking for remote VMs, if necessary.

Scenario Package: The download of an OCCP scenario is in the form of a scenario package with these components:

  • Documentation on the specific scenario for the Administrators (e.g goals of the scenario, required skill sets of the participants, training materials for participants, network topology, etc.)
  • Templates for documentation to be provided to the players (goals, network topology, initial passwords, etc)
  • Virtual Scenario Network Virtual Machines
  • Player Virtual Machines
  • A Scenario File - an XML file that is read by the Game Server and Administrative VM components of the OCCP at start-up to configure the scenario. The scenario file contains:
  • A description of the Gray actions for the Game Server to perform. This description includes the action to be performed, and when it is to be performed.
  • A description of the automated team actions for the Game server to perform. This description includes the action to be performed, and when it is to be performed.
  • A description of scoring events and their weights. This is used by the White scripts to score the challenge scenario.
  • A description of the VSN, such as what servers it has, and what the content of the servers are. This allows the Administrative VM to manage the other VMs.

The scenario file XML tags are described in Scenario File.

The VMs are packaged in the Open Virtualization Format (OVF) file format (see http://dmtf.org/standards/ovf ), which is a widely-used text file format that specifies VM configurations. OVF can be used to specify VMs in most prominent hypervisors, including VMware and Virtual Box.

Attachments (1)

Download all attachments as: .zip