Network Security Modeling and Simulation, 10-9251Printer Friendly Version
Inclusive Dates: 04/01/01 - 03/31/02
Background - Understanding the security relationships and interactions of computers and networked systems through the use of modeling and simulation is becoming increasingly necessary. As the growth of computer technology allows the connection of ever more diverse systems dispersed literally around the world, the challenge of understanding the security relationships becomes significantly more difficult. Adding the protection systems employed by those charged with computer network defense, or the complexities involved in attacking adversaries' widespread and complex networks, increases the challenge.
Approach - This project conducted research to collect input on computer network modeling and simulation technology requirements from a number of organizations that provide network security functions as their main focus. This input was wedded to results of Internet searches to initiate the design of a simulation prototype. Prototype design considerations included providing the capability to allow analyses to be conducted without perfect network knowledge, portability to allow the simulation to run on a variety of computing platforms and constrained cost of a production class system. The final decision was to implement an event-based simulation in Java. Using Java meshed well with the design goals and provided a very complete, easy to use, and well-thought-out set of data-handling objects and robust user interface components. These capabilities would allow the rapid production of a set of representative network objects that demonstrate a breadth of applicability, provide enough detail to be convincing, and support realistic scenarios of both normal network operation as well as illustrative instances of anomalies and malicious behaviors. Implementation of these capabilities would also provide a solid baseline for development of a production system.
Accomplishments - A prototype system was developed that demonstrates the ability of software to show a networking environment operating under normal and attacked/defensive conditions. To achieve this, the system is comprised of several main elements: the simulation engine, the network entities, simulation scenarios, and graphical user interfaces. The software makes full use of modern design patterns such as Façade, Delegation, and Bridge. The Model-View-Controller pattern was used heavily at all levels of the system, from individual components to the relationship between the graphical user interface and the simulation engine and model. The system was designed to be a basic framework, solidly built, upon which a more fully developed system could be constructed.