Can Network Security be Fun?

Download Report

Transcript Can Network Security be Fun?

Can Network Security be Fun?
An agent-based Simulation Model and
Game Proposal
Frode Gilberg
"A computer lets you make more mistakes faster than any invention in
human history - with the possible exceptions of handguns and tequila“
-Mitch Ratcliffe
Problem






Too often, security topics are learned through
experience (learning by burning)
Large scale attacks are often initiated by computers
in private- and home- networks
Improved awareness is needed
We need a training tool that could motivate people to
learn more about network security
People typically don’t look for litterature to improve
their knowledge
Educational tools are often hard to find
Research Questions



We want to investigate how a game on network
security should look like, and;
how this game can be built using a model (design)
for agent-based simulation, with agents as network
nodes and virtual users, and;
finally, the performance of such a model (scalability –
the number of agents that can be simulated),
alternatively collect feedback to measure the validity
and enjoyment of the game (tool).
What makes things fun to play?

T.W.Malone’s paper from 1980
–
–
–

Challenge (goal, uncertain outcome, self-esteem)
Fantasy (intrinsic and extrinsic fantasies,
emotional aspects of fantasies)
Curiosity (sensory curiosity, cognitive curiosity)
Flow and GameFlow
–
–
Mihaly Csikszentmihalyi (Flow:1990)
P. Sweetser/P. Wyeth (GameFlow:2005)
Flow and GameFlow


“Flow is an experience so gratifying that people are
willing to do it for its own sake, with little concern for
what they will get out of it, even if it is difficult or
dangerous”
GameFlow review criterias to measure flow-ability in
games;
–
–
–
–
–
–
–
–
Concentration (one should be able to concentrate on a task)
Challenge (levels should match skills)
Player Skills (skill development and mastery)
Control (a sense of control over actions)
Clear Goals (clear and presented)
Feedback (appropriate feedback toward the goal)
Immersion (deep and effort less involvemnt, sense of time)
Social Interaction (competition and cooperation)
Simulation Games

The Sim City series
–

The Rollercoaster Tycoon series
–

Play the Theme park manager
CyberCIEGE
–

Play the Mayor and urban-planner of a city
Play the IT manager of an IT-dependent company with
focus on graphics, security policies and instructions.
Our Game
–
Like CyberCIEGE, but with focus on agent-based network
simulation. ”Construction” ideas from Sim City and
RollerCoaster Tycoon.
Sim City Demo
RollerCoaster Tycoon
Agent-based simulation model

Simulating network componets (like rides/buildings)
–
–
–

Model content (agents): Switches, Routers, Clients,
Servers, Firewalls, Processes/Threads, Sockets, TCP
states, Routing, Address resolution
More details => Complex state => More real-life events
Disadvantage: Performance. Scalability is important(!)
Simulating Users
–
–
Different characteristics and preferences
Different awarness, work- and equipment- efficiency
characteristics
We need






Physical communication end-points (hosts)
Logical communication end-points (sockets/processes)
Application protocol logic
A volatile state mechanism (memory)
A non-volatile state mechanism (file system)
Users that create tasks using preferences =>
instantiation of processes => running software
defined logic in threads => directing sockets to
communicate
Queues and packets

Using IP/ARP to address hosts on the same
packets, and IP/Forwarding for cross-net
communication
Hosts, Routers and Firewalls (agents)
Internet and Sites



Player objective is to build and configure networks
with appropriate equipment, applications and service
configurations (public and/or intranet services). The
player controls the local site
Remote users and public services are located at
remote sites (not controlled by player). Remote sites
are simulated in the same way as the local site
(realism)
An Internet-agens is used to transfer packets
between sites. Within sites, IP routing is used
Attacks




Script-kiddie tools targeting public and
private services
Malware and viruses. Built as procedures
and executed as threads in its own process
(malware) or an infected process (virus). Can
change any host-state parameter (both
volatile and non-volatile).
Vulnerabilities and Exploits
Spam
Countermeasures






Design principles including host-hardening
(first line of defence)
Anti-virus software
Backup-tools
Patching
Spam-filters
Routing and Firewall configuration
Features




Modeled using OOAD (object oriented
analysis and design) and pattern techniques
Implemented from scratch using C# and the
Microsoft .NET 2.0 framework
Simulation kernel running multiple threads
Currently running 600+ hosts and routers
with no problem
Contribution





Gaming tool to teach network security topics
Software kernel for application that need to
run network and attack simulations
Can be used to protocol testing
Can be used to create new ideas on easy
user-interface design which could reduce
complexity and improve security
Etc...
Simposter

DEMO