A cyber range is an environment used for training security experts and testing attack and defence tools and procedures. Usually, a cyber range simulates one or more critical infrastructures that attacking (red) and defending (blue) teams must compromise and protect, respectively. The infrastructure can be physically assembled, but much more convenient is to rely on the Infrastructure as a Service (IaaS) paradigm. Although some modern technologies support the IaaS, the design and deployment of scenarios of interest is mostly a manual operation. As a consequence, it is a common practice to have a cyber range hosting few (sometimes only one), consolidated scenarios. However, reusing the same scenario may significantly reduce the effectiveness of the training and testing sessions. In this paper, we propose a framework for automating the definition and deployment of arbitrarily complex cyber range scenarios. The framework relies on the virtual scenario description language (VSDL), i.e., a domain-specific language for defining high-level features of the desired infrastructure while hiding low-level details. The semantics of VSDL is given in terms of constraints that must be satisfied by the virtual infrastructure. These constraints are then submitted to an SMT solver for checking the satisfiability of the specification. If satisfiable, the specification gives rise to a model that is automatically converted to a set of deployment scripts to be submitted to the IaaS provider.

翻译：网络靶场是一种用于培训安全专家以及测试攻击与防御工具和流程的环境。通常，网络靶场模拟一个或多个关键基础设施，攻击方（红队）和防御方（蓝队）需分别对其进行攻破与保护。这些基础设施可通过物理方式搭建，但更便捷的方式是采用基础设施即服务（IaaS）范式。尽管某些现代技术支持IaaS，但目标场景的设计与部署大多仍为手动操作。因此，网络靶场通常仅托管少量（有时仅一个）固定场景。然而，重复使用相同场景可能显著降低培训与测试的有效性。本文提出一种自动化定义与部署任意复杂网络靶场场景的框架。该框架基于虚拟场景描述语言（VSDL），这是一种领域特定语言，用于定义所需基础设施的高级特征，同时隐藏底层细节。VSDL的语义以虚拟基础设施必须满足的约束形式给出。这些约束随后被提交至SMT求解器，以检验规格的可满足性。若可满足，该规格将生成一个模型，并自动转换为部署脚本集，提交至IaaS提供商。