A cyber range is an environment used for training security experts and testing attack and defence tools and procedures. Usually, a cyber range simulates one or more critical infrastructures that attacking (red) and defending (blue) teams must compromise and protect, respectively. The infrastructure can be physically assembled, but much more convenient is to rely on the Infrastructure as a Service (IaaS) paradigm. Although some modern technologies support the IaaS, the design and deployment of scenarios of interest is mostly a manual operation. As a consequence, it is a common practice to have a cyber range hosting few (sometimes only one), consolidated scenarios. However, reusing the same scenario may significantly reduce the effectiveness of the training and testing sessions. In this paper, we propose a framework for automating the definition and deployment of arbitrarily complex cyber range scenarios. The framework relies on the virtual scenario description language (VSDL), i.e., a domain-specific language for defining high-level features of the desired infrastructure while hiding low-level details. The semantics of VSDL is given in terms of constraints that must be satisfied by the virtual infrastructure. These constraints are then submitted to an SMT solver for checking the satisfiability of the specification. If satisfiable, the specification gives rise to a model that is automatically converted to a set of deployment scripts to be submitted to the IaaS provider.

中文翻译：

---

使用 VSDL 自动生成网络靶场虚拟场景

网络靶场是用于培训安全专家和测试攻击和防御工具和程序的环境。通常，网络靶场模拟一个或多个关键基础设施，攻击（红色）和防御（蓝色）团队必须分别妥协和保护这些基础设施。基础设施可以物理组装，但更方便的是依靠基础设施即服务 (IaaS) 范式。虽然一些现代技术支持 IaaS，但感兴趣的场景的设计和部署大多是手动操作。因此，通常的做法是让一个网络靶场托管少数（有时只有一个）综合场景。但是，重复使用相同的场景可能会显着降低培训和测试课程的有效性。在本文中，我们提出了一个框架，用于自动定义和部署任意复杂的网络靶场场景。该框架依赖于虚拟场景描述语言 (VSDL)，即一种用于定义所需基础设施的高级功能同时隐藏低级细节的领域特定语言。VSDL 的语义是根据虚拟基础架构必须满足的约束条件给出的。然后将这些约束提交给 SMT 求解器以检查规范的可满足性。如果可满足，规范会产生一个模型，该模型会自动转换为一组部署脚本，以提交给 IaaS 提供商。一种特定领域的语言，用于定义所需基础架构的高级功能，同时隐藏低级细节。VSDL 的语义是根据虚拟基础架构必须满足的约束条件给出的。然后将这些约束提交给 SMT 求解器以检查规范的可满足性。如果可满足，规范会产生一个模型，该模型会自动转换为一组部署脚本，以提交给 IaaS 提供商。一种特定领域的语言，用于定义所需基础架构的高级功能，同时隐藏低级细节。VSDL 的语义是根据虚拟基础架构必须满足的约束条件给出的。然后将这些约束提交给 SMT 求解器以检查规范的可满足性。如果可满足，规范会产生一个模型，该模型会自动转换为一组部署脚本，以提交给 IaaS 提供商。