simulation in cyber security - utvarmo/tday-polva/ojamaa-slides.pdf · simulation in cyber security...
TRANSCRIPT
Simulation in Cyber Security
Andres Ojamaa
Institute of Cybernetics, Tallinn University of Technology
CS Theory Days, 25 Jan 2008, Põlva
Outline
Cyber Security and SimulationWhat is this thing called Cyber Security?Simulation Needs and TasksSimulation: Advantages, Disadvantages
Computer Network Simulation SoftwareDiscrete Event SimulationNetwork Simulator (ns-2)OPNET R©OMNeT++
Rich Components in CoCoViLaRich ComponentsInteractivity in CoCoViLa
25.01.2008 A. Ojamaa Simulation in Cyber Security 2
What is this thing called Cyber Security?
I Information security
I Confidentiality, Availability, Integrity
I ... also Forensics, Auditing, Disaster recovery, ...
I Information assurance
I Cyber security
I Cyber defence
Laws? Military?
25.01.2008 A. Ojamaa Simulation in Cyber Security 3
Simulation Needs and Tasks
I Education
I Planning and design of computer networks
I Application performance analysis
I Simulation of attacks on attack trees
I Simulation of worms, viruses
I Denial of Service, hardware failures
I Network models
I Visualization
25.01.2008 A. Ojamaa Simulation in Cyber Security 4
Simulation: Motivation
I Learn by playing "what-if" games
I Optimize budget
I Discover design flaws earlier
I Visualize fast and invisible processes
I Save resources
25.01.2008 A. Ojamaa Simulation in Cyber Security 5
Simulation: Shortcomings
I Not always reliable
I Models can be expensive to build and maintain
I Not trivial to get it right: performance, accuracy, level of
abstraction
I There is no single tool to answer all questions
I The Internet is constantly changing
I Hard to get real data, adaptivity of network protocols
25.01.2008 A. Ojamaa Simulation in Cyber Security 6
Discrete Event Simulation
Most of the simulators are just class libraries and frameworks to
build the simulation program upon.
I Infrastructure: tracing, events, objects, connections, ...
I Event queue and queue manager
I Class libraries of standard components: clocks, protocol
implementations, traffic generators
I Tools for postprocessing and visualizing the traces
(Network ANimator)
25.01.2008 A. Ojamaa Simulation in Cyber Security 7
ns-2
Ns-2 is a discrete event simulator targeted at networking
research.
I Supports: TCP, routing, ...
I Implemented in C++, Tcl
I Portable, free software
I Single threaded, no distributed coputations
I Separate tools for model construction and processing the
output
25.01.2008 A. Ojamaa Simulation in Cyber Security 8
Using ns-2: hello, world
% set ns [new Simulator]
% $ns at 1 "puts \"hello, world\""
% $ns at 2 "exit"
% $ns run
hello, world
25.01.2008 A. Ojamaa Simulation in Cyber Security 9
Basic ns-2 Simulation
I Create scheduler
I Build network and connections
I Generate traffic
I Analyze traces
25.01.2008 A. Ojamaa Simulation in Cyber Security 10
Ns-2 Script Examples
set n0 [$ns node]
$ns duplex-link $n0 $n1 5Mb 2ms DropTail
set tcp [$ns create-connection
TCP $n0 TCPSink $n1 0]
set ftp [new Application/FTP]
$ftp attach-agent $tcp
25.01.2008 A. Ojamaa Simulation in Cyber Security 11
OPNET R©
I Really fancy: integrated software and hardware appliances
I Graphical user interface
I Tools for various tasks: design and planning, auditing,
monitoring
I Lots of pre-built components
I Really expensive
25.01.2008 A. Ojamaa Simulation in Cyber Security 12
Rich Components
Rich Components — Concepts of (simulation) domains
I Visual representation for visual programming
I Logical part for abstract properties
I Program component implementing computation algorithms
I Daemon part for interactive properties
25.01.2008 A. Ojamaa Simulation in Cyber Security 14
Workflow in CoCoViLa
1. Scheme
2. Textual specification
3. Internal representation
4. Proof = Algorithm
5. Java program
6. Output
25.01.2008 A. Ojamaa Simulation in Cyber Security 16
Interactivity in CoCoViLa Simulations
A programming interface between the generated Java program
and the scheme was needed...
ProgramContext.getFieldValue(objectName,
fieldName);
25.01.2008 A. Ojamaa Simulation in Cyber Security 17
Oscillator: Textual Representation and Algorithm
25.01.2008 A. Ojamaa Simulation in Cyber Security 19
Oscillator: Simulation Result
Fields k1 and k2 of the Adder were changed.
25.01.2008 A. Ojamaa Simulation in Cyber Security 20
Future Work
I Develop an expert system shell for CoCoViLa
I Implement a simple simulation engine as a rich component
I Build an AS level model of the Estonian Internet
I Collect and accumulate expert knowledge and real data
I Experiments with real data
I Implement interfaces to other simulation packages
25.01.2008 A. Ojamaa Simulation in Cyber Security 22
Thank you for your attention!
Supporters:
I Institute of Cybernetics
I Estonian Information Technology Foundation
I Tiger University
25.01.2008 A. Ojamaa Simulation in Cyber Security 24
References
I CoCoViLa — Compiler Compiler for Visual Languages,
http://www.cs.ioc.ee/~cocovila/
I ns-2 — Network Simulator,
http://www.isi.edu/nsnam/ns/
I OMNeT++ — Discrete event simulator,
http://www.omnetpp.org/
I OPNET R©, http://www.opnet.com/
25.01.2008 A. Ojamaa Simulation in Cyber Security 25