The future of cyber security exercises more than just education? - PowerPoint PPT Presentation

The future of 
 cyber security exercises 
 more than just education?

The Problem: • how can we run large cyber security exercises once a week? 2

Stepping back • Looking at the configuration management problem, 
 e.g., the “gap” between how we talk about network and 
 what we need to do to get it really working. • Goal: Simplify the setup of complex network • Towards a tool that allows specification of higher-level network-wide abstractions ? 
 • “A programming language is low level when its programs require attention to the irrelevant.” 
 Epigrams on Programming — Alan J. Perils 3

1/15/2008 1/15/2008 4

1/15/2008 1/15/2008 5

` 1/15/2008 1/15/2008 6

1/15/2008 1/15/2008 7

? interface FastEthernet0/0 description Interface 1b.AS1 -> 1a.AS1 ip address 10.0.0.14 255.255.255.252 ip ospf cost 1 no shutdown duplex auto speed auto inferface FastEthernet0/1 description Interface 1b.AS1 -> 3a.AS3 ip address 10.0.0.9 255.255.255.252 Configuration Management Problem Whiteboard Idea ➠ Network Configuration? 8

Outline 1. Development of the abstract descriptions of networks and services themselves; 
 2. Building a “compiler” to convert abstractions into real network configurations; 
 3. Extending formal, mathematical methods to provide proofs of network properties; and 
 4. Test and verification of the above methods. 
 9

Abstract model of: TOPOLOGY mple subgraphs. ��� ��� � � � � ��� ��� � � � – to Hobart, Alice Springs and Darwin. � ����� ��� ��� � � ����� ���������� Fig. 1. Cartesian product of a path and a single edge forms a ladder networ ����������� � ���� � ������� � � ��� ��� � � ������� � � � ������ � ��� ��� � ���� � ������� � ������� � �������� Fig. 2. Tensor product. � ����� � ��� ��� Fig. 6. AARNET router level network 2009. � � � � � � ��� ��� � ��� ��� Fig. 3. Strong and Lexicographic products give the same result in this � � �� � �� � � Matt Roughan et al. � � � � � �� � �� � � � � � � � 10 Fig. 4. Lexicographic product showing non-commutativity when com with Fig. 3.

Abstract model of: ROUTING What algebraic properties are associated with global optimality? Distributivity L.D : a ⊗ ( b ⊕ c ) = ( a ⊗ b ) ⊕ ( a ⊗ c ) , R.D : ( a ⊕ b ) ⊗ c = ( a ⊗ c ) ⊕ ( b ⊗ c ) . (Left) Local Optimality What is this in sp = ( N ∞ , min , +) ? L . DIST : a + ( b min c ) = ( a + b ) min ( a + c ) , R . DIST : ( a min b ) + c = ( a + c ) min ( b + c ) . Say that L is a left-locally optimal solution when L = ( A ⌦ L ) � I . That is, for i 6 = j we have T. Griffin (cl.cam.ac.uk) Exploring the Stratified Shortest-Paths Problem June 2010 7 / 33 M M L ( i , j ) = A ( i , q ) ⌦ L ( q , j ) = w ( i , q ) ⌦ L ( q , j ) , q ∈ V ( i , q ) ∈ E In other words, L ( i , j ) is the best possible value given the values L ( q , j ) , for all out-neighbors q of source i . Tim Griffin et al. T. Griffin (cl.cam.ac.uk) Exploring the Stratified Shortest-Paths Problem June 2010 8 / 33 11

ANK (AutoNetkit): The “Compiler” Add GUI, Network Design Physical & Logical Network Policy Topologies Description Fragments Support more Routing Protocols Resource (RIP, IS-IS) Allocation Netkit Network Model Compiler Configuration Plugins Files Deployment New Plugins (Optimisation, Verification Analysis) Formal Methods for Verification Netkit Host Deploy to Cisco and Juniper routers 12


 
 
 
 Deployment Platforms Emulated Routers (real router code) • Cisco’s CSR1000v 
 • Juniper’s Junosphere 
 Simulated & software routers • NetKit / Quagga (Roma Tre University) • C-BGP (Bruno Quoitin) • …. 
 13


 High-level abstractions 
 (e.g. SLAs, constraints) Measure deployment Model 
 (e.g. emulated network) Deploy to real network Configuration Management Cycle Networks consist of services and infrastructure. 14

The Topology Zoo http://topology-zoo.org/ 15

ANK: Explore what matters AS X RR3 3 2 3 3 3 3 2 2 3 BR3 BR1 BR = Border Router RR = Route Reflector AS Y = BGP session prefix p = Physical link Draw, auto-configure, auto-deploy: autonetkit -f bad-gadget.graphml --deploy 16

Applications • Cyber Security Exercises 
 • Scalability Evaluation (e.g., for the RPKI/BGPsec) 
 with “real-world” complexity 
 • “Network Flight Simulator” 
 for operators to play 
 • Later: configure real networks • But how about: a new paradigm how we view network and system integration. 17


 Conclusion • Hands-on Cyber Labs are a good learning source for “students” (or should i say: “blue teams”?) . • Sharpens our perspective of networks as a whole: services, infrastructure, security. • But also a good environment to study what “high-level abstractions” work well? • In the future this will change how we talk, view and configure networks — at all levels. 
 • ( Plus: Cyber Security Labs are good fun. :-) ) 18

Questions?

Thank You!