The future of cyber security exercises more than just education? - - PowerPoint PPT Presentation

The future of 
 cyber security exercises 


more than just education?

The Problem:

2

• how can we run large cyber security exercises once a week?

Stepping back

3

• Looking at the configuration management problem, 


e.g., the “gap” between how we talk about network and
 what we need to do to get it really working.

• Goal: Simplify the setup of complex network
• Towards a tool that allows specification of higher-level

network-wide abstractions ?


• “A programming language is low level when its programs

require attention to the irrelevant.”


Epigrams on Programming — Alan J. Perils

1/15/2008 1/15/2008

4

1/15/2008 1/15/2008

5

1/15/2008 1/15/2008

`

6

1/15/2008 1/15/2008

7

Configuration Management Problem

Whiteboard Idea ➠ Network Configuration?

8

interface FastEthernet0/0 description Interface 1b.AS1 -> 1a.AS1 ip address 10.0.0.14 255.255.255.252 ip ospf cost 1 no shutdown duplex auto speed auto inferface FastEthernet0/1 description Interface 1b.AS1 -> 3a.AS3 ip address 10.0.0.9 255.255.255.252

?

9

1. Development of the abstract descriptions of networks and services themselves; 
 2. Building a “compiler” to convert abstractions into real network configurations; 
 3. Extending formal, mathematical methods to provide proofs

• f network properties; and 


4. Test and verification of the above methods. 


Outline

10

Abstract model of: TOPOLOGY

mple subgraphs.

• Fig. 1.

Cartesian product of a path and a single edge forms a ladder networ

• Fig. 2.

Tensor product.

• Fig. 3.

Strong and Lexicographic products give the same result in this

• Fig. 4.

Lexicographic product showing non-commutativity when com with Fig. 3.

– to Hobart, Alice Springs and Darwin.

• Fig. 6.

AARNET router level network 2009.

Matt Roughan et al.

11

Abstract model of: ROUTING

What algebraic properties are associated with global

• ptimality?

Distributivity

L.D : a ⊗ (b ⊕ c) = (a ⊗ b) ⊕ (a ⊗ c), R.D : (a ⊕ b) ⊗ c = (a ⊗ c) ⊕ (b ⊗ c).

What is this in sp = (N∞, min, +)?

L.DIST

: a + (b min c) = (a + b) min (a + c),

R.DIST

: (a min b) + c = (a + c) min (b + c).

• T. Griffin (cl.cam.ac.uk)

Exploring the Stratified Shortest-Paths Problem June 2010 7 / 33

(Left) Local Optimality

Say that L is a left-locally optimal solution when L = (A ⌦ L) I. That is, for i 6= j we have L(i, j) = M

q∈V

A(i, q) ⌦ L(q, j) = M

(i, q)∈E

w(i, q) ⌦ L(q, j), In other words, L(i, j) is the best possible value given the values L(q, j), for all out-neighbors q of source i.

• T. Griffin (cl.cam.ac.uk)

Exploring the Stratified Shortest-Paths Problem June 2010 8 / 33

Tim Griffin et al.

ANK (AutoNetkit): The “Compiler”

12

Compiler Network Model Policy Fragments Netkit Configuration Files Verification

Netkit Host

Network Description Resource Allocation Deployment Plugins Physical & Logical Topologies

Support more Routing Protocols (RIP, IS-IS) Deploy to Cisco and Juniper routers Add GUI, Network Design Formal Methods for Verification New Plugins (Optimisation, Analysis)

Simulated & software routers Emulated Routers (real router code)

13

• Cisco’s CSR1000v


• Juniper’s Junosphere


• NetKit / Quagga (Roma Tre University)
• C-BGP (Bruno Quoitin)
• …. 


Deployment Platforms

Configuration Management Cycle

Networks consist of services and infrastructure.

High-level abstractions


(e.g. SLAs, constraints)

Deploy to real network Model


(e.g. emulated network) 


Measure deployment 14

The Topology Zoo

http://topology-zoo.org/

15

ANK: Explore what matters

Draw, auto-configure, auto-deploy: autonetkit -f bad-gadget.graphml --deploy

16

AS Y AS X

prefix p BR = Border Router RR = Route Reflector = BGP session = Physical link 3 3 3 BR1 RR3 3 3 3 BR3 2 2 2

Applications

17

• Cyber Security Exercises

• Scalability Evaluation (e.g., for the RPKI/BGPsec) 


with “real-world” complexity 


• “Network Flight Simulator” 


for operators to play 


• Later: configure real networks
• But how about: a new paradigm how we view network

and system integration.

Conclusion

18

• Hands-on Cyber Labs are a good learning source for

“students” (or should i say: “blue teams”?).

• Sharpens our perspective of networks as a whole: services,

infrastructure, security.

• But also a good environment to study what “high-level

abstractions” work well?

• In the future this will change how we talk, view and

configure networks — at all levels. 
 


• ( Plus: Cyber Security Labs are good fun. :-) )

Questions?

Thank You!