Simulation in Cyber Security

Andres Ojamaa

Institute of Cybernetics, Tallinn University of Technology

CS Theory Days, 25 Jan 2008, Põlva

Outline

Cyber Security and SimulationWhat is this thing called Cyber Security?Simulation Needs and TasksSimulation: Advantages, Disadvantages

Computer Network Simulation SoftwareDiscrete Event SimulationNetwork Simulator (ns-2)OPNET R©OMNeT++

Rich Components in CoCoViLaRich ComponentsInteractivity in CoCoViLa

25.01.2008 A. Ojamaa Simulation in Cyber Security 2

What is this thing called Cyber Security?

I Information security

I Confidentiality, Availability, Integrity

I ... also Forensics, Auditing, Disaster recovery, ...

I Information assurance

I Cyber security

I Cyber defence

Laws? Military?

25.01.2008 A. Ojamaa Simulation in Cyber Security 3

Simulation Needs and Tasks

I Education

I Planning and design of computer networks

I Application performance analysis

I Simulation of attacks on attack trees

I Simulation of worms, viruses

I Denial of Service, hardware failures

I Network models

I Visualization

25.01.2008 A. Ojamaa Simulation in Cyber Security 4

Simulation: Motivation

I Learn by playing "what-if" games

I Optimize budget

I Discover design flaws earlier

I Visualize fast and invisible processes

I Save resources

25.01.2008 A. Ojamaa Simulation in Cyber Security 5

Simulation: Shortcomings

I Not always reliable

I Models can be expensive to build and maintain

I Not trivial to get it right: performance, accuracy, level of

abstraction

I There is no single tool to answer all questions

I The Internet is constantly changing

I Hard to get real data, adaptivity of network protocols

25.01.2008 A. Ojamaa Simulation in Cyber Security 6

Discrete Event Simulation

Most of the simulators are just class libraries and frameworks to

build the simulation program upon.

I Infrastructure: tracing, events, objects, connections, ...

I Event queue and queue manager

I Class libraries of standard components: clocks, protocol

implementations, traffic generators

I Tools for postprocessing and visualizing the traces

(Network ANimator)

25.01.2008 A. Ojamaa Simulation in Cyber Security 7

ns-2

Ns-2 is a discrete event simulator targeted at networking

research.

I Supports: TCP, routing, ...

I Implemented in C++, Tcl

I Portable, free software

I Single threaded, no distributed coputations

I Separate tools for model construction and processing the

output

25.01.2008 A. Ojamaa Simulation in Cyber Security 8

Using ns-2: hello, world

% set ns [new Simulator]

% $ns at 1 "puts \"hello, world\""

% $ns at 2 "exit"

% $ns run

hello, world

25.01.2008 A. Ojamaa Simulation in Cyber Security 9

Basic ns-2 Simulation

I Create scheduler

I Build network and connections

I Generate traffic

I Analyze traces

25.01.2008 A. Ojamaa Simulation in Cyber Security 10

Ns-2 Script Examples

set n0 [$ns node]

$ns duplex-link $n0 $n1 5Mb 2ms DropTail

set tcp [$ns create-connection

TCP $n0 TCPSink $n1 0]

set ftp [new Application/FTP]

$ftp attach-agent $tcp

25.01.2008 A. Ojamaa Simulation in Cyber Security 11

OPNET R©

I Really fancy: integrated software and hardware appliances

I Graphical user interface

I Tools for various tasks: design and planning, auditing,

monitoring

I Lots of pre-built components

I Really expensive

25.01.2008 A. Ojamaa Simulation in Cyber Security 12

OMNeT++ [3]

25.01.2008 A. Ojamaa Simulation in Cyber Security 13

Rich Components

Rich Components — Concepts of (simulation) domains

I Visual representation for visual programming

I Logical part for abstract properties

I Program component implementing computation algorithms

I Daemon part for interactive properties

25.01.2008 A. Ojamaa Simulation in Cyber Security 14

Rich Component: Example

25.01.2008 A. Ojamaa Simulation in Cyber Security 15

Workflow in CoCoViLa

1. Scheme

2. Textual specification

3. Internal representation

4. Proof = Algorithm

5. Java program

6. Output

25.01.2008 A. Ojamaa Simulation in Cyber Security 16

Interactivity in CoCoViLa Simulations

A programming interface between the generated Java program

and the scheme was needed...

ProgramContext.getFieldValue(objectName,

fieldName);

25.01.2008 A. Ojamaa Simulation in Cyber Security 17

Scheme Editor: Oscillator

25.01.2008 A. Ojamaa Simulation in Cyber Security 18

Oscillator: Textual Representation and Algorithm

25.01.2008 A. Ojamaa Simulation in Cyber Security 19

Oscillator: Simulation Result

Fields k1 and k2 of the Adder were changed.

25.01.2008 A. Ojamaa Simulation in Cyber Security 20

Interactive Rich Component

25.01.2008 A. Ojamaa Simulation in Cyber Security 21

Future Work

I Develop an expert system shell for CoCoViLa

I Implement a simple simulation engine as a rich component

I Build an AS level model of the Estonian Internet

I Collect and accumulate expert knowledge and real data

I Experiments with real data

I Implement interfaces to other simulation packages

25.01.2008 A. Ojamaa Simulation in Cyber Security 22

Summary

25.01.2008 A. Ojamaa Simulation in Cyber Security 23

Thank you for your attention!

Supporters:

I Institute of Cybernetics

I Estonian Information Technology Foundation

I Tiger University

25.01.2008 A. Ojamaa Simulation in Cyber Security 24

References

I CoCoViLa — Compiler Compiler for Visual Languages,

http://www.cs.ioc.ee/~cocovila/

I ns-2 — Network Simulator,

http://www.isi.edu/nsnam/ns/

I OMNeT++ — Discrete event simulator,

http://www.omnetpp.org/

I OPNET R©, http://www.opnet.com/

25.01.2008 A. Ojamaa Simulation in Cyber Security 25