Constructing Virtual Laboratory for

Research and Education

(Progress Report --- Week 8)

Team members: Melissa Nichols and Nathan Torrez

Mentor: Dr. Anyi Liu
Outline
Timeline
List of Tasks
Key Terms
Schedule and Achievement of Week 8
Finishing experiment documentation
Optimizing test environment and web client
Experimenting with Volatility
The Plan of Week 9
References
Demonstration Video
Timeline
Week Six Write the module that can change
network topologies using OpenStack
API (Part 2)
Start working on the module that
can change the routing rules (Part 2)

Week Seven Continue working on the module

that can change the routing rules
(Part 2)
Draft the research paper

Week Eight Improve the performance and

efficiency of the virtual laboratory
Refine the user interface


Work on the poster
Continue work on research paper
We are here

Week Nine Conduct tests in virtual laboratory

environment
Revise research paper
Continue work on poster
If possible, work with VMI library
(libVMI)
Week Ten Finalize research paper
Finalize poster
Finalize tests and scripts
List of Tasks
Task
Getting familiarized with CloudLab,
Amazon EC2, and SSH clients
Adding function that lists virtual
machine images to confirm
connection to TesterScript
Downloading VM images from
CloudLab and running them locally
Creating better documentation on
how to run TesterScript and
MasterScript
Writing documentation
Adding functionality that allows
creation of multiple virtual machine
images at once using TesterScript
Using multithreading to speed up
creation of virtual machine images
Uploading VM images from local
machine and using SSH to connect
to them in CloudLab
Uploading an experiment from XML
document
Fixing XML Importation issues
regarding router interfaces
Status
Complete (Week One + Week Two)
Complete (Week Two)
Complete (Week Two)
Complete (Week Two)
In Progress (Week Two)
Complete (Week Three)
Complete (Week Three)
Complete (Week Two + Three)
Complete, but still need to automate
creation of router interfaces (Week
Three)
Complete(Week Four)
Finding better open-source SSH client Complete (Week Four)
Examining Python code in depth Complete (Week Four)
Running attack scenario on local Complete (Week Four)
computers
Creating virtual machine images for Complete (Week Five)
use with Attack Scenario
Running attack scenario in the cloud Complete (Week Five)
Creating documentation for instructors In Progress (Week Five)
and students to run Attack scenario
Experimenting with libvmi tools In Progress (Week Five)
Familizarizing ourselves with Snort, Bro, Complete( Week Five)
and nmap (Tools for detecting attacks)
Improving the performance and In Progress (Week Five)
efficiency of the virtual laboratory
Automating router interface recreation Found Alternative (Week Six)
from XML
Writing the module that can change In Progress (Week Six + Seven)
network topologies
Using a proxy to distribute IP addresses Complete (Week Seven + Eight)
for Attack scenario
Writing the module that can change To be completed
routing rules
Writing research paper To be completed
Creating the poster To be completed
Key Terms

Volatility an open-source tool written in Python

that offers many digital forensics applications,
including analyzing memory dumps. [1]
The Achievement of Week 8
Day 1:
Writing experiment documentation
Optimizing test environment and web
client
Day 4:
Writing experiment documentation
Optimizing test environment and web
client
Experimenting with Volatility

Day 2:
Writing experiment documentation
Optimizing test environment and web
client
Day 3:
Writing experiment documentation
Optimizing test environment and web
client
 Days 1-4: Optimizing test environment
and writing experiment documentation
A web client is used to assign
students IP addresses for an
experiment
The web client stores the IP
addresses in a database and
ensures that no duplicate IPs are
assigned
The web client allows the student Sign-in Page for Web Client
to open an in-browser SSH terminal
to the Attack machine
We have been working to perfect
the web client and ensure that it
works as intended with every
experiment

Attack and Victim IPs assigned to a student

 Days 1-4: Optimizing test environment and
writing experiment documentation (cont.)

We continued to write our experiment documentation

with instructions on how to create the experiment and
how to run exploits using the created environment

We plan to add more features to the exploit portion of

our experiment, including memory forensics and
Windows virtual machines
Day 4: Experimenting with Volatility

In order to use Volatility, we first

need a memory dump of a virtual
machine
We took a snapshot of our
Metasploitable virtual machine
while running one of our exploits
and acquired a memory dump
using VirtualBox
We will then use Volatility to
examine the list of ports on our
Linux machine to find the port
being used by the malicious exploit
We plan to run exploits on a
Windows machine and acquire the A list of profiles in Volatility that can be used
memory dumps from that as well to examine memory information on a
specific virtual machine
Plan For Week 9

Testing

Adding Volatility memory forensics portion to

experiment
Finishing experiment documentation
Continuingto optimize experiment for best
performance
References

[1] The Volatility Foundation - Open Source

Memory Forensics. (n.d.). Retrieved from
http://www.volatilityfoundation.org/
Demonstration Video

https://www.youtube.com/watch?v=9xm6UbrdELY