Can Network Security be Fun

Document Sample
Can Network Security be Fun Powered By Docstoc
					     Can Network Security be Fun?
     An agent-based Simulation Model and
                         Game Proposal

                                              Frode Gilberg

"A computer lets you make more mistakes faster than any invention in
human history - with the possible exceptions of handguns and tequila“
                                                      -Mitch Ratcliffe

   Too often, security topics are learned through
    experience (learning by burning)
   Large scale attacks are often initiated by computers
    in private- and home- networks
   Improved awareness is needed
   We need a training tool that could motivate people to
    learn more about network security
   People typically don’t look for litterature to improve
    their knowledge
   Educational tools are often hard to find
Research Questions

   We want to investigate how a game on network
    security should look like, and;
   how this game can be built using a model (design)
    for agent-based simulation, with agents as network
    nodes and virtual users, and;
   finally, the performance of such a model (scalability
    – the number of agents that can be simulated),
    alternatively collect feedback to measure the validity
    and enjoyment of the game (tool).
What makes things fun to play?

   T.W.Malone’s paper from 1980
    –   Challenge (goal, uncertain outcome, self-esteem)
    –   Fantasy (intrinsic and extrinsic fantasies,
        emotional aspects of fantasies)
    –   Curiosity (sensory curiosity, cognitive curiosity)
   Flow and GameFlow
    –   Mihaly Csikszentmihalyi (Flow:1990)
    –   P. Sweetser/P. Wyeth (GameFlow:2005)
Flow and GameFlow

   “Flow is an experience so gratifying that people are
    willing to do it for its own sake, with little concern for
    what they will get out of it, even if it is difficult or
   GameFlow review criterias to measure flow-ability in
    –   Concentration (one should be able to concentrate on a task)
    –   Challenge (levels should match skills)
    –   Player Skills (skill development and mastery)
    –   Control (a sense of control over actions)
    –   Clear Goals (clear and presented)
    –   Feedback (appropriate feedback toward the goal)
    –   Immersion (deep and effort less involvemnt, sense of time)
    –   Social Interaction (competition and cooperation)
Simulation Games

   The Sim City series
    –   Play the Mayor and urban-planner of a city
   The Rollercoaster Tycoon series
    –   Play the Theme park manager
   CyberCIEGE
    –   Play the IT manager of an IT-dependent company with
        focus on graphics, security policies and instructions.
   Our Game
    –   Like CyberCIEGE, but with focus on agent-based network
        simulation. ”Construction” ideas from Sim City and
        RollerCoaster Tycoon.
Sim City Demo
RollerCoaster Tycoon
Agent-based simulation model

   Simulating network componets (like rides/buildings)
    –   Model content (agents): Switches, Routers, Clients,
        Servers, Firewalls, Processes/Threads, Sockets, TCP
        states, Routing, Address resolution
    –   More details => Complex state => More real-life events
    –   Disadvantage: Performance. Scalability is important(!)
   Simulating Users
    –   Different characteristics and preferences
    –   Different awarness, work- and equipment- efficiency
We need

   Physical communication end-points (hosts)
   Logical communication end-points (sockets/processes)
   Application protocol logic
   A volatile state mechanism (memory)
   A non-volatile state mechanism (file system)
   Users that create tasks using preferences =>
    instantiation of processes => running software
    defined logic in threads => directing sockets to
Queues and packets

   Using IP/ARP to address hosts on the same
    packets, and IP/Forwarding for cross-net
Hosts, Routers and Firewalls (agents)
Internet and Sites

   Player objective is to build and configure networks
    with appropriate equipment, applications and service
    configurations (public and/or intranet services). The
    player controls the local site
   Remote users and public services are located at
    remote sites (not controlled by player). Remote sites
    are simulated in the same way as the local site
   An Internet-agens is used to transfer packets
    between sites. Within sites, IP routing is used

   Script-kiddie tools targeting public and
    private services
   Malware and viruses. Built as procedures
    and executed as threads in its own process
    (malware) or an infected process (virus). Can
    change any host-state parameter (both
    volatile and non-volatile).
   Vulnerabilities and Exploits
   Spam

   Design principles including host-hardening
    (first line of defence)
   Anti-virus software
   Backup-tools
   Patching
   Spam-filters
   Routing and Firewall configuration

   Modeled using OOAD (object oriented
    analysis and design) and pattern techniques
   Implemented from scratch using C# and the
    Microsoft .NET 2.0 framework
   Simulation kernel running multiple threads
   Currently running 600+ hosts and routers
    with no problem

   Gaming tool to teach network security topics
   Software kernel for application that need to
    run network and attack simulations
   Can be used to protocol testing
   Can be used to create new ideas on easy
    user-interface design which could reduce
    complexity and improve security
   Etc...

   DEMO

Shared By: