The security lab has three subsystems that support research and teaching activities at the TU/e Mathematics and Computer Science department. The integration of the subsystems gives students and researchers an opportunity to investigate all kinds of security aspects.
SOC is a centralized unit that monitors the security state of a computer network. In the lab, the initial scope of the SOC includes two areas to monitor: the IT network of the department (Office); the cyber-physical sensors network of the university (Building/Security). The following figure shows the schematic architecture of the SOC and an overview of the involved systems.
We allow students to conduct interesting experiments using the SOC. For instance, students, as analysts, are assigned to detect and analyze suspicious events or attacks from the network traffic by reconstructing the evidence.
The lab also has a strong IoT component that allows testing new attacks and malware (e.g. for IoT botnet-based bitcoin mining). A board in the lab will allow adding and physically operating on new components. As an example, you find below the first BACnet components schematics.
The B-LAB provides a powerful infrastructure to enable students and researchers alike to experiment with malware, vulnerabilities, and exploits freely. The infrastructure is a setup to assure high isolation from the network environment while allowing remote collaboration from affiliate institutions.
The lab provides access to APT malware platforms, exploits and exploit kits traded in the underground, and nation-grade vulnerability exploits. All resources can be freely accessed in the context of the laboratory.
Current projects include:
A schematic representation of the B-LAB's infrastructure is given below: