Skip to content

DSP Design

Jump to bottom
Gaetano Perrone edited this page Dec 14, 2019 · 1 revision

Docker Security Playground: Design

In this Section Docker Security Playground (named DSP to summarize) design will be discussed, by analyzing some important use case, such as the creation of a lab.

DSP Overview

DSP is an application that offers a microservices-based framework to create, manage and use network security labs. Each lab helps the user to learn a network security argument.

Network security Labs are grouped by repositories. DSP can manage multiple repositories; each repository is a set of labs that is remotely stored. All repositories are saved in a root application directory (named main_dir directory) that is chosen by the user on installation.

When the user installs DSP:

  • a default network security repository (named DSP_Projects) is downloaded and installed in root application directory from remote.

  • a user network security repository is created.

Other informations about repository are discussed in [sec:dspusers]

All repository images are stored are located inside the repository root directory and built when the repository is imported, Anyway the official repository’s images are stored in DockerRegistry hub the at the dockersecplayground organization (https://hub.docker.com/u/dockersecplayground/).

Each lab has descriptive informations that help user to understand the lab’s goal:

  • The lab’s name that identify the lab from the other of a same repository;

  • A description: a brief summary about the lab;

  • Goal: what is the lab objective: to find a ctf, to discover user’s password, to correct a vulnerability, to analyze a pcap file, etc;

  • Solution: how to resolve the lab.

A lab’s infrastructure is defined by a docker-compose file, so for each lab there is an associated docker-compose file. Anyway, the user doesn’t directly write a docker-compose file but the application provides a graphic docker-compose editor: the user draws the containers in a white canvas, then saves the network and a docker-compose file is generated by the application. The graphic description also contains informations about actions and files to copy inside the container.

A network is composed by more containers and subnets; when the user creates a container he selects a docker image for the container. If the image uses the Docker Wrapper Image standard (that will be defined later) it exposes some actions that user can select during the network creation. Other things that the user can add to containers are the files to copy inside the container. All these docker commands will be setted during the lab’s network creation and will be executed after the lab is running and all the containers are active.

As the user draws the labs, a lab is described by a graphical description that contains graphic and post-running docker informations (for example the x-y coordinates, the action to do, the files to copy).

DSP Design Navigation

Summary of DSP Application Use Cases

A list of DSP application uses cases is the following.

  • Create new lab: User creates a new lab, by adding informations: name, description, goal and solution. User can also select and add labels from the list of repository labels. When the user submit the operation:

A new lab directory is created in the user repository directory; A new entry in table state file is created with NO_NETWORK state;

  • Add network description to lab: After that user has created the lab he goes in the graphic editor and creates a graphic network description by using the GUI. DSP saves all informations about containers and subnets and generates the docker-compose file. The entry lab in the state table changes from NO_NETWORK to STOPPED.

  • Import Lab : The user wants to import a lab from a repository (such as DSP_Projects repo) in local user repository. A new entry in state table is created with repository equal to user repository and name equal to lab name. A new lab directory is created in the user repository directory, all the files that containers uses are copied in the .data directory of the user repository. All the used labels in imported lab are copied in the user repository set of labels.

  • Copy Lab: The user copy an lab of his local user repository. A new lab directory is created in local user repository with same informations, except for the name (that is changed by adding a footer such as _1, _2 according to current name: if the current name doesn’t end with _number, _number is appended to current name, but if current name ends with _number this is replaced with _[number+1]). A new entry in state table is added with new copied lab name and local user repository.

  • Create a new label: The user creates a new label in his local user repository. He select the name of label, a description and a color for the label. A new label is added to the list of labels of his local repository.

  • Edit a label: The user edits an existing label: he choices a label by name, changes informations (can change color, name, description) and submits the operation. The user cannot edit the label if a label with same name is present in the set of repository labels.

  • Delete a label: The user deletes an existing label in user repository: he choices a label by name and DSP deletes the label from the list of user repository labels. The deleted label could be associated with some lab, so DSP checks each lab in user repository to find if the deleted label has been associated with the lab. When a lab is found, the deleted label is removed from the list of lab labels.

  • Start lab: The user starts a lab. The docker-compose command is started in lab directory (with docker-compose up operation). After that all the containers are active, the entry of the lab in the state table changes from STOPPED to RUNNING and all the copy and action operations are executed. If some error occurs it is showed on user interface, the lab is stopped if it’s running and the lab entry in the state table comes back to STOPPED.

  • Stop lab: The user stops a lab: DSP executes docker-compose down command, all containers are destroyed and the lab entry in the state table changes from RUNNING to STOPPED.

  • Add a new file to user local repository: User adds a new file to .data directory of his local repository. This file is made available to graphic network interface when the user wants to copy files inside a container.

Clone this wiki locally