Modeling and simulation at the service of cyber security Vahur Kotkas IoC, dept. of Computer Science Security issues Availability Privacy Integrity Maintainability How to defend ourselves Be prepared (planning and built-up): carry out analysis, deploy reasonable equipment purchase special equipment and prepare tools for intrusion detection, data-mining, blacklist management and exchange, filtering, Logging configure the equipment properly reserve some resources for any case, Have trained staff (education) What kind of activities are needed? Educational simulations Network deployment planning Topology, equipment, configuration Usage optimization Resource consumption analysis Protocols, routing algorithms, configurations, ... Hardware, services Attack simulations Malware spread simulation Service availability simulations Do it all on top of a realistic model of Estonian Internet Different levels of activities High-level management Mid-level technical solutions Low-level real life What is available? Number of existing tools for network simulations: OPNET, OMNeT++, NS, Netscale, Netwiser, J-Sim, PARSEC, QualNet, SSF, ... Number of model (network topology) generators BRITE, Inet, Topgen, ReaSE, ... What we do? Modeling and simulation platform – CoCoViLa (http://www.cs.ioc.ee/cocovila) High-level behaviour descriptions Combined simulators Hierarchical visual composition Expert-systems Discrete event based simulation Continuous-time simulation Visualisation Tools for different activity levels DEMO Situation Analysis by Jüri Kivimaa et al. Attack Trees by number of people including Ahto Buldas, Aivo Jürgenson, Jan Willemson etc. HNS (Hybrid Network Simulator) by Andres Ojamaa GrADAR (Graph-based Automated Denial-ofService Attack Response) by Gabriel Klein et al. EIM (Model of Estoian Internet) by Andres Ojamaa et al. Modeling and simulation in the service of cyber security Vahur Kotkas IoC dept. of Computer Science