a european h2020 project - atena - advanced …...the atena operator can request an assessment of...

Project reference H2020-DS-2015-1-Project 700581

Project title Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their

dependencies over Critical InfrAstructures

Document title Composer User Manual

PUBLIC VERSION of 24

General information

Dissemination level Public

State Final

Work package WP3 IACS design for security

Task Task 3.4

Delivery date 30/04/2019

Version 1.0

H2020-DS-2015-1-Project 700581

Advanced Tools to assEss and mitigate the

criticality of ICT compoNents and their


Composer User Manual






Authors

Name Organisation

Alessandro Giuseppi CRAT

Federico Cimorelli CRAT






Table of Contents

1 Introduction ............................................................................................................................... 5

2 Composer Operator Manual ..................................................................................................... 6

2.1 Graphical User Interface (GUI) .............................................................................................................. 6 2.2 Procedures .............................................................................................................................................. 7

2.2.1 LOGIN AND AUTHENTICATION .................................................................................................................................. 7 2.2.2 ATENA SECURITY METRICS EVALUATION ............................................................................................................... 9 2.2.3 CONFIGURATION COMPUTATION ............................................................................................................................ 12 2.2.4 COMPUTATION MONITORING, RESULTS VIEW AND DSS ............................................................................................ 14 2.2.5 COMPOSER SETTINGS UPDATE .............................................................................................................................. 22






List of figures

Figure 1: Composer GUI main panel ................................................................................................................. 7 Figure 2: Composer GUI - Login panel .............................................................................................................. 8 Figure 3: Composer GUI - Security Metrics Evaluation view .......................................................................... 10 Figure 4: Security Metrics Evaluation results view ........................................................................................... 11 Figure 5: Composer GUI - Configuration computation view ............................................................................ 13 Figure 6: Composer GUI – Archive section view ............................................................................................. 14 Figure 7: Composer GUI – Logs panel view .................................................................................................... 15 Figure 8: Composer GUI – Ranked solution view ........................................................................................... 15 Figure 9: Composer GUI - Single solution main view ...................................................................................... 17 Figure 10: Composer GUI - Security Metrics evaluation report ....................................................................... 18 Figure 11: Composer GUI - Vulnerabilities and Countermeasures details ...................................................... 19 Figure 12: Composer GUI - Starting and new CI Graph model view .............................................................. 20 Figure 13: Composer GUI – Graph-model representation of a CI configuration ............................................. 21 Figure 14: Composer GUI – Graph-model representation of a CI configuration with popup node details ...... 22 Figure 15: Composer GUI - Settings view ....................................................................................................... 23

List of tables

No table of figures entries found.






1 Introduction

The task of the Composer Module is to provide a security evaluator expert with an active Decision Support

for the planning of a secure Critical Infrastructure by helping in selecting which countermeasures to put in

place. The Operator will be provided with a list of options, consisting of Suitable (Security) Configurations,

that satisfy her/his security requirements, expressed in terms of Overall Requirements and of “desired

minimum security level”, and ranked according to its preferences, expressed in terms of Primary and

Secondary Ranking Criteria. It is up to the security expert to select one of the Suitable Configurations

yielded by the Composer for being implemented or as a starting point for her/his following

analyses/refinements.

Refer to the D3.8 “Analysis of Security Metrics and CI Vulnerabilities” and D3.9 “ATENA Tools for Optimal

IACS Design and Configuration” documents for the details of the ATENA Security Metrics and Composer

design and implementation.






2 Composer Operator Manual

This section reports the ATENA Operator user manual for the Composer Module.

2.1 Graphical User Interface (GUI)

Figure 1 presents the Composer Module GUI main window.

Two main sections can be addressed:

1. The Main menu, on the left-side, reporting all the available GUI section links;

2. The Content body, reporting in the below image the Composer main page.

Regarding the Main menu, the following sub-sections are accessible from it:

1. Home: the home page of the GUI;

2. Evaluate Security Metrics: this menu opens the Security Metrics Evaluation section, through which

the ATENA Operator can request an assessment of the ATENA Security Metrics for a scenario of

the underlying CI;

3. Compute Configuration: this menu opens the security-optimized CI configuration computation

section, through which the ATENA Operator can request the computation of security-optimized

configuration for a configuration scenario of the underlying CI;

4. Archive: this menu opens the Archive section, through which the ATENA Operator can monitor the

ongoing computation and view the state, logs and results of the completed security-optimized CI

configuration;

5. Settings: opens the settings page, from which the Operator can update the parameters of the

software tool;

6. Logout: proceeds to logout the Operator from the Composer Module.






Figure 1: Composer GUI main panel

2.2 Procedures

The main functional procedures implemented by the Composer Module are presented in the following

sections, in a step-by-step way.

2.2.1 Login and Authentication

The Composer Module can be accessed with a browser via the IP address of the module.

In order to be authorized to use the Composer Module, the Operator must proceed with the sign-in from

the login panel (see Figure 2).

The requested information is:

1. Username;

2. Password.

When the sign-in process in completed, the GUI is automatically redirected to the Composer Module first

page, as shown in Figure 1.






Figure 2: Composer GUI - Login panel






2.2.2 ATENA Security Metrics Evaluation

This section, accessible from the Evaluate Security Metrics menu, provides to the Operator the

functionality of ATENA Security Metrics evaluation for a given configuration scenario of the underlying CI.

The required information is (see Figure 3):

• CI Graph data model: the module must be supplied with the CI Graph Data Model file for a scenario

of the CI of interest. Two data sources are available:

1. Fetch and Parse CI data from AMNG: this option takes in input the identifier of the scenario

of interest, as configured by the CI Operator when pushing the data to the AMNG.

By pressing the Fetch data button, the Composer Module will proceed to fetch the data

from the Asset Management Module (AMNG), and then processing the information in order

to build the CI Graph Data Model file.

The produced file can be download by pressing the Save CI Graph model file button.

2. Load a parsed CI Graph model file: this option allows the ATENA Operator to load an

already parsed CI Graph Model file, stored locally as json file.

• Computation Settings: this page allows the Operator to specify the security metrics evaluation

settings; in details, the following parameters are tunable:

1. Security Indicator:

▪ Actual Security;

▪ True Protection;

2. Security Metric Extension:

▪ OSSTMM;

▪ OSSTMM + Life Cycle;

▪ OSSTMM + DER;

▪ OSSTMM + CVSS;

▪ OSSTMM + Life Cycle + DER;

▪ OSSTMM + Life Cycle + CVSS;

▪ OSSTMM + CVSS + DER;

▪ OSSTMM + Life Cycle + DER + CVSS.

Refers to the “D3.8 - Analysis of Security Metrics and CI Vulnerabilities” document for the detail of the

ATENA Security Metrics configuration parameters.

After the build of the CI Graph Model file and the specification of the security evaluation settings, the

ATENA Operator can proceed to launch the Evaluation of the Security Metrics to select the desired security

level.






Figure 3: Composer GUI - Security Metrics Evaluation view

When the evaluation is completed, the results are presented as shown in Figure 4. According to the defined

ATENA Security Metrics, such view reports all the numerical results from the evaluation operation.

Refer to the “D3.8 - Analysis of Security Metrics and CI Vulnerabilities” document for the details of the

ATENA Security Metrics report.






Figure 4: Security Metrics Evaluation results view






2.2.3 Configuration Computation

The Configuration Computation section, accessible from the Compute Configuration menu, provides the

Operator with the functionality of the security-optimized CI configuration, computed for a given scenario of

the underlying CI.

The required information is (see Figure 5):

• CI Graph data model: the tool must be supplied with the CI Graph Data Model file for a scenario of

the CI of interest. Two data sources are available in order to produce such file:

1. Fetch and Parse CI data from AMNG: this option takes in input the identifier of the scenario

of interest, as configured by the CI Operator when pushing the data to the AMNG.

By pressing the Fetch data button, the Composer Module will proceed to fetch the data

from the Asset Management Module (AMNG), and then processing the information to build

the CI Graph Data Model file.

This file can be download by pressing the Save CI Graph model file button.

2. Load a parsed CI Graph model file: this option allows the ATENA Operator to load an

already parsed CI Graph Model file, stored locally as json file.

• Computation Settings: this section allows the Operator to specify the security metrics evaluation

settings; the tuning parameters are listed below:

1. Maximum number of generations;

2. Minimum Security Level;

3. Security Indicator:

▪ Actual Security;

▪ True Protection;

4. Security Metric Extension: the possible choices are

▪ OSSTMM;

▪ OSSTMM + Life Cycle;

▪ OSSTMM + DER;

▪ OSSTMM + CVSS;

▪ OSSTMM + Life Cycle + DER;

▪ OSSTMM + Life Cycle + CVSS;

▪ OSSTMM + CVSS + DER;

▪ OSSTMM + Life Cycle + DER + CVSS.

Please refer to the “D3.8 - Analysis of Security Metrics and CI Vulnerabilities” and to “D3.9 - ATENA Tools

for Optimal IACS Design and Configuration” documents for the detail of the ATENA Security Metrics and

configuration computation parameters.






Figure 5: Composer GUI - Configuration computation view

After that the CI Graph Model file is built and after the specification of the computation settings, the ATENA

Operator can proceed to launch the computation of the optimized configuration set.

The processing time of computation depends on the specified settings and on the scenario size. For such

reason the computation is launched as a background detached service.

For the monitoring of the computation state and logs (at runtime), and for collecting the result when the

computation is finished, please refer to the Archive section.






2.2.4 Computation Monitoring, Results view and DSS

As specified in the former section, this section (accessible from the Archive menu) reports all the

completed/in-progress requested computations.

The section main page reports all the computation entry headers, specifying for each of them the following

information:

• Computation Name;

• Selected Security Indicator;

• Selected Security Metrics;

• Date and time of the computation launch;

• Computation state, one from the available ones: Completed, In Progress and Aborted, respectively

(the header line will be colored in green, yellow and red, respectively).

Figure 6: Composer GUI – Archive section view

By clicking on an entry, the panel expands to show the list of all the computed solution, as shown in Figure

8.

The solution panel comprises a Log list view and a Delete button. If the computation is in the In Progress

or in the Aborted state, only the Log panel is shown (see Figure 7). Such panel lists the Log messages

related with the computation classified by the type field. Log messages are organized in INFO, WARNING

and ERROR types.






Figure 7: Composer GUI – Logs panel view

If the requested computation is completed, by clicking on an entry, the list of all the computed solutions

are expanded, as shown in Figure 8. This window represents the Composer DSS, as it contains the various

suitable configurations from which the operator can choose from.

Figure 8: Composer GUI – Ranked solution view






The proposed solutions can be sorted by using the Rank By button, according to a prioritization criterion

between the following:

• Actual Security;

• True Protection;

• Security Limitation;

• Whole Coverage;

• Graph Exploration;

• Number of Controls;

• Implementation Cost;

• Implementation Time.

Please refer to “D3.9 - ATENA Tools for Optimal IACS Design and Configuration” for more details related

to the available criteria.

By clicking on a single solution, the panel expands in order to show the following sub-sections reporting

the computation results:

• Initial Security Metrics Evaluation Report, which reports the ATENA Security Metrics evaluation

result of the CI configuration;

• Security Metrics Evaluation Report, which reports the ATENA Security Metrics evaluation referred

to the CI configuration scenario within the selected solution;

• Control Decisions, which reports details regarding the control actions decided by the Composer

algorithms;

• CI Graph Model, which shows, in an interactive way, the CI graph-model representation referred

to the initial CI configuration and the one reported by the selected solution.






Figure 9: Composer GUI - Single solution main view

By clicking on the (Initial) Security Metrics Report section, the panel expands in order to show all the

numerical results of the security metrics evaluation, as defined by the ATENA Security Metrics and as

reported in Figure 10. Please refer to the D3.8 document for the ATENA Security Metrics details.






Figure 10: Composer GUI - Security Metrics evaluation report

The Controls Decisions tab reports the details of the control actions put in place by the Composer

algorithms (see Figure 11).






In particular the following results are shown:

• Active Controls: it reports the details of each control state-change applied by the Composer

algorithm on the data-model, for the selected solution. In particular the control Name, the

corresponding OSSTMM class and the related state-change are listed;

• Mitigated Limitations: it reports all the limitation details after the processing of the initial CI

configuration by the Composer. In particular, the Name of the limitation, the corresponding

OSSTMM class and the related status are reported.

Figure 11: Composer GUI - Vulnerabilities and Countermeasures details






The CI Graph-model section shows two Open Graph buttons in charge of showing the CI graph-model

representation referred to the initial CI configuration and to the one within the selected solution (see Figure

12).

Figure 12: Composer GUI - Starting and new CI Graph model view

By clicking on one of the Open Graph buttons, a full-screen graph view is shown (as shown in Figure 13),

reporting the graph-model representation of a CI configuration.






Figure 13: Composer GUI – Graph-model representation of a CI configuration

The following node classes can be addressed (refer to “D3.9 - ATENA Tools for Optimal IACS Design and

Configuration” for details about the CI modelling).

In order to facilitate the graph exploration by the operator, the graph view is interactive: with the mouse is

possible to move and/or zoom the view. Additionally, a popup reporting all the related information within

the selected node is shown by clicking on a graph node (see Figure 14).






Figure 14: Composer GUI – Graph-model representation of a CI configuration with popup node details

2.2.5 Composer Settings update

Figure 15 reports the settings section of the Composer module.

In particular, the section reports the profile associated to the user (Administrator or Operator).

In case of an administrator profile, the user is allowed to modify the configuration parameters related to

the integration of the Composer module within the overall ATENA Tool Suite. The following parameters,

related to the integration with the Secure Mediation Gateway module (SMGW), are configurable:

• SMGW Host address;

• SMGW Port number;

• SMGW Composer Client ID;

• SMGW Composer Client Secret.

By click on the Save Settings button, the configuration of the module is updated.






Figure 15: Composer GUI - Settings view






END OF THE DOCUMENT

a european h2020 project - atena - advanced …...the atena operator can request an assessment of...

Documents