sos engineering: problems, solution and challenges 1400... · •packet encapsulations, route...
TRANSCRIPT
SoS Engineering: Problems, Solution and Challenges:SoS Emulation in Live-Virtual Emulation Environment
Deepinder Sidhu and Chuck BurdickTeleniX Corporation
POC Email: [email protected]
ITEA 2015 System-of-Systems Workshop: "Reducing Risk in 2020"
January 27-30, 2015
1Chuck Burdick is an Innovative Decisions, Inc. subcontractor
System of Systems (SoS)– Integration of component systems – Component systems independently developed and
managed• New or existing systems in various stages of
development/evolution• Have their own purpose• Can dynamically come and go from SoS
– SoS exhibits emergent behavior not otherwise achievable by component systems
– INCOSE Handbook Definition of SoS • Interoperating collection of component systems
that produce results unachievable by the individual systems alone.
2
SoS Cyber Risks
• Emergent behaviors (EBs) or states present unknown security risks
• EBs may present exploitable dynamicvulnerabilities for which there may not be any known defense
SoS Total is bigger than
sum of its parts.
Significant differences between architectural description of a System and of a System of Systems (SoS)
Challenges for Performing Realistic Network SoS Testing– Create realistic environment for SoS E&I, including using realistic
network– Conduct test and evaluation effectively with full-fidelity– Emulate SoS integration and interoperability under real-world
configurations and operational scenarios – Predict emergent behaviors – good and bad– Formulate optimization for SoS with “ill-defined” boundaries– Define robust security for a SoS with independently changing
components and independent security– Demonstrate end-to-end performance, self-stabilization, robustness,
scalability and survivability for SoS with changing boundary (component joining/leaving at any time) and component changing
Current Solution: M&S and Real Network HardwareProblems– Inevitable abstractions with modeling and simulation– Most model V&V problematic – High expense of hardware-based test ranges
Proposed Solution: Live-Virtual Emulation Environment (VEE)
– VEE uses actual Internet Software and Virtualized Hardware3
Realistic Network: clone of an
actual network, including
architectures, protocols,
technologies, configurations,
size, complexity,
speed, security, trust,
policies
1. Manually – Drag/Drop/Connect– Library of pre-config. components
• Hosts, Routers, switches, …
2. Automatically Generate Notional Networks– # nodes - 50– Aver. node degree = 3
3. Reverse Engineer from Network Data Collection– Three data feeds:
• Full capture (top middle rectangle)• Router configs (big circle)• Netflow (left and right vertical)
4
Note: Pre-configured components are clones of vendors networking products. They are created based on publically available information about these products.
VEE is Supporting Major Classified Cyber Projects: Reverse Engineering 1000+ Routers Mission Networks, Creating Cyber Situational
Awareness, Vulnerabilities Assessment, Hardening Networks, Attack Vectors Analysis, Red/Blue Teaming, Cyber Warriors Training, Cyber Command & Control
Clone a network in VEE using: – Automated Reverse Engineering Techniques – Actual protocol implementations & network
configurations with 100’s of servers, 100K devices– With complete interchangeability of code between the
real and virtual environmentsEmulate the network clone in VEE
– Conduct full-fidelity network operations under real-world configurations and operational scenarios
– Produce behaviors that are indistinguishable from the behavior of its real counterpart (confirmed by IC Red Teams) • Packet encapsulations, route tables, link bandwidth
utilization, …VEE on a laptop/server
– Avoid the expense of large-scale hardware and software maintenance/refresh costs, or power, space, & cooling (PSC)
– With minimal personnel support costs– With rapid reconfigurability and easy portability
5VEE uses actual code for all protocols powering the Global Internet
VEE Internet-in-a-Box
VEE Test Advantages
• Realistic Fidelity• Repeatability• Low Cost Test HW• Fast Reconfiguration• Full Data Collection
• Standard Commercial
Laptop Contains All
Necessary Software
• No External Connections
Required
6
Windows
Linux/UNIX
Virtual Router
Virtual Network System 1
Virtual Network System 2
Real Network Systems
Cyber
War
Gaming
Cyber
Mission
Forces
Training
Challenges
Network
RDT&E
Real Router/ Switch
Real Tactical Systems
Configuring network infrastructure– Transport: SDH, GigEthernet– Optical: WDM routing– Circuit switching: PSTN/SS7– Protocols: LANs/MANs/WANs– Addresses: IPv4, IPv6– Dual stack IPv4/IPv6, transition
addressing– IPSec, IKE/ISAKMP– Mobile-IP, NEMO– Tunneling IP6-Over-IPv4– MPLS, RSVP-TE, LDP, …– Routing: RIP, OSPF, BGP, …– Application: clients, servers, …– Services: DNS, DHCP, NTP, …
VEE• Cloned and emulated• Internet routing architectures
(OSPF/BGP)• Internet Protocol (IPSec)
security architecture and IKE/ISAKMP security negotiations
• Securing routing exchanges with IPSec
• Mobile-IP architecture • Complex IT infrastructure
deployment for IC customer• IPv6/IPv4 integration• Joint Chiefs of Staff Criteria #5
for IPv6 readiness• Label -switched path
(MPLS/LDP)• PSTN and SS7 signaling 7
Configuring wireless– IEEE 802.11, …– Tactical links– Atmospheric effects– Terrain location– …
Configuring mobility– Mobile-IP– Network Mobility (NEMO)
• Network on Navy ships– Mobile Ad hoc network (MANET)– …
8
VEE• Emulated IC customer’s
mobile architecture with nested IPSec tunneling and RC4-based WEP security
VEECloned and Emulated IEEE 802.11, Mobile-IP and routing MANETs
Configuring security– Firewalls, – Access control lists (ACLs)– Security policies, – Cross-domains solution (CDS)– IPSec/VPNs– Red/Black Boundary, HAIPE– Encryption/Authentication– Defense-in-depth– Node vulnerabilities from NVD – Malware (virus, trojan, worm,
botnet) propagation– Vendor rules sets(PCI-DSS, DISA
STIG)– Host Based Security System
(HBSS)– Computer network operations
9
VEEOffers unprecedented support to• IA & Security Engineering• Information assurance process
• Risk management• Security Standards
• IA compliance/certification /accreditations• Checking integrity and robustness of security
configurations• Emulate network state-dependent dynamic
vulnerabilities
VEEEmulated Internet security standards and security configuration• IPSec, IKE/ISAKMP, VPNs. Firewalls, ACLs, HAIPEs• Security configurations and vulnerabilities• Compliance to security standards• Attack vectors • Virus propagations
Using realistic data sets:• Of sufficient size
• Proper encapsulations
• Free from legal issues such as USSID 18
• Red teams found VEE generated synthetic data sets indistinguishable from real data
10
VEEUsed to create large (~ 5TB) data sets to support testing and training funded by DoD/IC• proper protocol encapsulations and free from legal
issues (USSID 18) using 20 million synthetic , mobile cyber personas on scale-free network infrastructures communicating using telephone (fixed and mobile) and email
VEECreated synthetic Biometric data (Iris image: 256-bytes) to test Base Access Thread in Joint Biometric architecture• Synthetic Iraqi population: 1,008,000 individuals from 24 major Iraqi cities• Demographics of Iraq with regard to ethnic-religious and occupation/industry distributions• Individuals have unique home/mobile phone numbers, email addresses, and personal data
including age, gender, personality, location, job, and ethnic-religious identity
Due to classified nature recent applications of VEE in support of significant SoSE&I,
– we use an earlier and application of VEE in support of Joint Biometric Architecture Emulation as a SoS deployment and performance analysis funded by CERDEC/CIO G6.
SoS Components of Joint Biometric Architecture are– Three Biometric Databases at Base, Regional, National levels– Three network systems at Base, Regional, National levels– Internet for global connectivity– Distributed base access application involving asynchronous
interactions among various systems across the globe
Details of SoS emulation example used are published in a refereed paper entitled,
“Building Systems with Predictable Performance: A Joint Biometrics Architecture Emulation” by Kristin Giammarco and Deepinder Sidhu, published in Proc. MILCOM 2008.
11
Clone and emulate Joint Biometrics Architecture
– Provide technical insight on systems comprising the planned FOB/AOR-level capability in a system of systems context
– Evaluate performance along some threads in operational environment
Suggested by Army Staff as first application of TeleniX Suite. Performed in support of CECOM.
12
Create a full-fidelity clone of the Joint Biometrics Architecture in VEE without the cost of buying equipment
• Provide quantitative support to acquisition decision process• Demonstrate concept of operations (CONOP)• Support risk reduction/mitigation in As-Is to To-Be
transformation• Predict performance under operational scenarios• Predict threshold and objective values of Key Performance
Parameters (KPPs)• Demonstrate Net-Ready KPPs (NR-KPPs) compliance for GIG• Support building system with predictable performance• Support architecture governance, compliance and oversight
Provide technical insight on systems comprising the planned (FY09) FOB/AOR-level capability in a system of systems context
13
VEE allows integration of existing SoS components to clone of other components in VEE as needed to emulate the entire SoS
Emulate base access thread– Verify/Validate/Enroll
Data Input– Architecture products
• OVs from AIMD, TVs from ASEO CERDEC, SVs
• Information from USCENTCOM – BioAPI
• ISO Biometrics standard– Base Access technical thread
• DoD Biometrics CONOP– Network configuration & BioDBs
synchronization • Communication with USCENTCOM
14
Assumptions (easily changeable)• BioDB sizes (1 million synthetic Iraqis)• Base arrival rate• Base access allow/deny/detain
percentages• Three-tier BioDBs hierarchy
Synthetic Iris Biometric Database– Synthetic Iraqi population of 1,008,000
individuals from 24 major Iraqi cities
– Demographics of Iraq with regard to ethnic-religious and occupation/industry distributions
– Individuals have unique home/mobile phone numbers, email addresses, and personal data including age, gender, location, job, and ethnic-religious identity
– Iris image data (256-bytes)
Biometric Database Implementation– Microsoft SQL Server, Compact Edition
– BioAPI standard15
Synthetic Biometric Database• Free from legal issues• Matches statistical
properties of a real database
• Used to train analysts• Goodfellow Air
Force Base• Tested accuracy of
biometric-based authentication products
• Supported experiments with biometric fusion techniques
16
Biometrics Architecture Emulation
Joint Biometric Architecture Emulation
17
Access Terminal Configuration
Joint Biometric Architecture Emulation
18
Bio-DB Server Configuration
Joint Biometric Architecture Emulation
19
Packets Transmitted on Link to the Base Bio-DB Server
Joint Biometric Architecture Emulation
20
Log of Events Occurring at the Base Bio-DB Server Interface
Joint Biometric Architecture Emulation
21
Access Terminal 4 Request Response time
Joint Biometric Architecture Emulation
Access Terminal 4: Response Time (us) vs. Time
0
1000000
2000000
3000000
4000000
5000000
6000000
7000000
8000000
9000000
10000000
0 2000 4000 6000 8000 10000 12000
Time (seconds)
Res
po
nse
Tim
e (u
s)
22
Access Terminal Delivered Traffic (Kbps)
Joint Biometric Architecture Emulation
A c c e s s T e rm in a l 1 /N E 2 2 : D e liv e re d tra ffic (K b p s ) v s . T im e
0
1
2
3
4
5
6
7
8
9
1 0
0 5 0 0 1 0 0 0 1 5 0 0 2 0 0 0 2 5 0 0 3 0 0 0 3 5 0 0 4 0 0 0
T im e (se c o n d s)
De
liv
ere
d tra
ffic
(K
bp
s)
23
Network Bandwidth Utilization
Joint Biometric Architecture Emulation
24
Base Bio-DB Server Delivered Traffic
Joint Biometric Architecture Emulation
Base Bio-DB Server/NE32: Delivered traffic (Kbps) vs. Time
0
1
2
3
4
5
6
7
8
9
10
0 500 1000 1500 2000 2500 3000 3500 4000
Time (seconds)
Deli
vere
d t
raff
ic (
Kb
ps)
VEE Has Demonstrated Unprecedented Capabilities for SoS Engineering & Integration including:
– Creating high-fidelity (bit-level) clones in a VEE without the high cost of buying equipment
– SoS emulation capability for developing reliable, robust, secure, survivable, and optimized Network Architectures with predictable performance in support of Warfighters
– Capability for risk reduction during As-Is to To-Be transformation– Capability for cloning and testing deployment configurations of SoS
under real-world operational scenarios that can also generate emergent states of a SoS
– Capability to provide deep technical insight about architecture KPPs and NR-KPPs gained from emulation of systems in an SoS context
– Innovative, low cost capability for providing quantitative support to MDPs, AoA, JCIDS process, and architecture governance, compliance, testing, and oversight
Summary & Conclusions
VEE allows integration of real SoS components with clones of other components in VEE to emulate the entire SoS and address
the Cyber security risks of Emergent Behaviors (EBs) 25