Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yuan Xue Vanderbilt University

Similar presentations


Presentation on theme: "Yuan Xue Vanderbilt University"— Presentation transcript:

1 Yuan Xue Vanderbilt University
Integrated Modeling, Simulation and Emulation Environment for Security Assessment of Cyber-Physical Systems Yuan Xue Vanderbilt University

2 Cyber-Physical Systems
Cyber-physical systems (CPS) are tight integrations of communications, computational and physical processes CPS has extraordinary significance for the future of the U.S. industry and military superiority. A 2007 report of the President’s Council of Advisors on Science and Technology highlights CPS as the number one priority for federal investments in networking and information technology. Application Domains Health-Care Automotive Systems Building and Process Controls Defense and Aviation Systems Critical Infrastructure

3 Security Issues of CPS Trustworthiness of cyber‐physical systems is an essential concern Formal analysis of CPS behavior is hard There is a pressing need to evaluate both cyber- and physical systems together and holistically using simulation and/or emulation. Trustworthiness of cyber‐physical systems is an essential concern since such systems are routinely employed in critical settings Many components of CPS are built without sufficiently formalized and analyzed properties and guarantees. Such inadequacies in the system design phase can lead to catastrophic consequences in operations, as they are interconnected to open networks and become increasingly exposed to security attacks. CPS become more complex through distributed architectures and expanded mission capability, it becomes more challenging to formally analyze the performance, stability, safety and security properties of their behaviors. There is a pressing need to evaluate both cyber- and physical systems together and holistically under their realistic running environments using simulation and/or emulation.

4 Need for Security Assessment Tool and Experiment Environment
Evaluation of CPS security requires a sophisticated modeling and simulation, experiment infrastructure Realistic assessment Early assessment Automatic and rapidly configured experiments Support for physical environment simulation Support for convenient system measurement and holistic CPS behavior analysis. 1) Realistic assessment, where CPS work together with security perimeters, such as intrusion detection systems, that are deployed on real distributed networking environments to defend against realistically emulated network attacks; 2) Early assessment, where the security and safety properties of CPS can be evaluated in its early design phase, before a fully implemented system is available; 3) Automatic and rapidly configured experiments, where CPS and security attack behaviors can be quickly specified and woven into the system running environment; 4) Support for physical environment simulation and human behavior simulation; 5) Support for convenient system measurement and holistic CPS behavior analysis.

5 Our Approach Integration at two levels
Run-time: Integration of multiple tools/Environment Simulation, emulation, real testbed so that they can interact in a coordinated way. Modeling-time: Model integration rapid configuration/deployment Step I: Command and Control Wind Tunnel Heterogeneous simulation integration Step II, Integration of DeterLab and C2WT Simulation and emulation integration rapid synthesis of heterogeneous simulation environments using a model-based approach, where an overarching C2 modeling environment is developed based on GME (Generic Modeling Environment) to integrated different platform specific simulation models.

6 C2 Wind Tunnel Integration Framework
Integration of multiple simulation tools Matlab/Simulink, OMNeT++, DEVSJAVA, Delta3D, CPN, etc. Follow HLA standard Coordinate execution of distributed simulations via RTI Run-Time Infrastructure (RTI) C2 Wind Tunnel Integration Framework Passive Federates Data loggers Monitors Analysis Prognostics Projections Live components -UAVs -Command & Control -Live deployment feedback Simulation Tools Simulink Omnet DEVSJAVA OGRE CPN Tools Java/C/C++ etc. Issues encountered in developing this environment relate to the integration of various simulation platforms, each with its own semantics, and integration of the models that execute on the platforms and the interactions between models. Integration frameworks, such as the High-Level Architecture (HLA) ([1], [11], and [25]) provide APIs that have helped to reduce the complexity of developing simulations that span multiple different platforms, but many challenges remain in developing and deploying these simulations. Pervasive use of models and integration at the domain-specific model level can decrease the effort required to integrate multiple platforms and increase the adaptability of the resulting environment, though this approach is still not without its own set of challenges. The HLA provides a standard for a Run-Time Infrastructure (RTI) that supports the coordinated execution of distributed simulations. However, integration of the different platform-specific simulation models remains a challenging problem. Our project introduces a new model-integrated approach for the simulation integration problem. The primary contribution of this effort is the development of an overarching modeling environment, based on GME, and a suite of model transformations to synchronize between multiple platform-specific models.

7 C2 Wind Tunnel Model-integrated approach
Develop an overarching modeling environment based on GME Integrate different platform-specific simulation models The "Command and Control Wind Tunnel (C2W)" tool suite addresses this urgent need and enables rapid synthesis of heterogeneous simulation environments using a model-based approach, where an overarching C2 modeling environment is developed based on GME (Generic Modeling Environment) to integrated different platform specific simulation models. Each simulation platform, when incorporated into the overall simulation environment, requires integration on three levels: on the API level, on the level of interactions, and on the level of model semantics. API level integration provides basic services such as message passing, and shared object management, while interaction level integration addresses the issues of time synchronization and coordination. Semantic integration is more subtle and depends upon the goals and the context of the overall simulation environment. The explicit use of models throughout the simulation environment gives rise to the use of model-based integration techniques. The C2 Wind Tunnel environment uses the metaprogrammable Generic Modeling Environment (GME) [2] engine for a tool chain to integrate the operational semantics of multiple simulation platforms, to manage the configuration and deployment of scenarios in the simulation environment, and to generate the necessary interface code for each integrated simulation platform. GME provides a platform for the graphical development of domain-specific modeling languages (DSML). These languages can capture both the structural and operational semantics of a domain-specific model. The C2 Wind Tunnel project has developed DSMLs that are based on the semantics of each integrated simulation platform and an overarching DSML to model the interactions between simulation models. We have written custom translators (model interpreters) to dynamically import and export platform-native models into the GME DSMLs and to generate HLA configuration files and glue code. These tools allow our environment to be rapidly reconfigured or extended, furthering the goal of rapid evaluation of emerging command and control concepts. The composition and execution of the entire simulation is configured using the central modeling environment. A large set of well-known simulation tools is supported for building heterogeneous simulations. We provide reusable run-time components to execute various domain-specific models. These components are configured from the modeling environment with a set of XML files. In some cases, both glue code and configuration files are generated that configure the simulation tool. Fig. 1 shows the general architecture of the model-based simulation integration approach. As the infrastructure was built for testing C2 concepts and architectures, we call the toolsuite the ‘C2 Wind Tunnel’ (C2W). The virtual component models in the C2 Wind Tunnel are integrated using the GME environment. Model transformations, implemented via custom interpreters, generate the necessary configuration information and glue code. These pieces are incorporated into each of the different simulator platforms. At run-time, the platforms interact using the HLA infrastructure.

8 From Simulation to Emulation
Network components and policies are essential aspects of CPS The impact of network on CPS system need to be accurately characterized Think about the network attacks… Limit of network simulator Protocol implementation details are missing Poor scalability Network simulation is insufficient in providing the level of accuracy required by the evaluation of CPS. Network components and policies (such as security configurations) are essential aspects of C2 systems. Their impact on the performance and the behavior of C2 systems need to be accurately characterized when evaluating C2 systems. However, the current network simulators, which lack the implementation details of network protocols and algorithms, are insufficient in providing the level of accuracy required by the evaluation of C2 systems. This talk will present our work on introducing the network emulation into the C2 Wind Tunnel environment as a solution to this problem. Network emulation environments, such as Emulab, allow the use of real network devices, components and systems, thus providing greater realism in the network experiment. Once integrated into the C2 wind tunnel system, the emulation environment also provides a platform where prototypes of C2 components can also be deployed and interact with other simulated components.

9 From Simulation to Emulation
Benefit of network emulation Greater realism and accuracy with truthful protocol implementation and real network traffic delivery Providing a computing platform where prototypes of software components can be deployed Network emulation platform Emulab DETERNet Tools available for emulate network attacks Network components and policies (such as security configurations) are essential aspects of C2 systems. Their impact on the performance and the behavior of C2 systems need to be accurately characterized when evaluating C2 systems. However, the current network simulators, which lack the implementation details of network protocols and algorithms, are insufficient in providing the level of accuracy required by the evaluation of C2 systems. This talk will present our work on introducing the network emulation into the C2 Wind Tunnel environment as a solution to this problem. Network emulation environments, such as Emulab, allow the use of real network devices, components and systems, thus providing greater realism in the network experiment. Once integrated into the C2 wind tunnel system, the emulation environment also provides a platform where prototypes of C2 components can also be deployed and interact with other simulated components.

10 Architecture Data communication Layer (TCP/IP) Emulab
Experiment Specification Model Integration Layer Network Models Controller Models Organization Models Environment Models Fusion Models Model Run-time Network Applications Emulation Federate Simulink Federate CPN Federate Delta3D Federate DEVS Federate Simulation- Emulation Tunnel Run-Time Infrastructure (RTI) Data communication Layer (TCP/IP) Emulation Platform Simulation Platform Emulab

11 Design Consideration Communication between simulated objects and real network objects Time synchronization between simulated objects and real network objects (1) Being a simulation environment, the C2W system runs under the discrete event-driven time model and uses the RTI time management; on the other hand, the network emulation platform runs in continuous real time. The time synchronization issue between simulation and emulation environment is a non-trivial issue. (2) There is potentially large volume of data communicated between the simulation and emulation environment. Controlling the communication overhead while still ensuring the accuracy of the experiment is also a challenging issue. This talk presents our approaches to these challenging issues and shows our models and algorithms developed for such system integration.

12 Meta-Model and Models Network Topology Model
Network Application Process Deployment and Communication Model Network Interaction Model

13 Meta-Model for Network Topology

14 Topology Model UAV1 11M bps wireless link Control Station Access Point
Capacity: 11Mbps Propagation Model: Free space MAC: IEEE Bandwidth: 10Mbps Delay: 10ms Loss: 0.02 Bandwidth: 11Mbps Loss: 0.01 Delay: 20ms The user first needs to define the network topology in the network model in GME. This describes the underlying network behavior. Figure shows an example topology. In the case of mobile network, the wireless link will be formed dynamically. This model will be translated into topology/scenario script in network simulation tools (ns2, OMNeT++, or Emulab) Bandwidth: 2Mbps Loss: 0.2 Delay: 20ms

15 Deployment MetaModel

16 Deployment Model Example
UAV1 SendImage RecvCommand ControlStation RecvImage SendCommand UAV2 UDP TCP TCP Parameters: Non-periodic Time_to_send; Data = null; Periodic Interval, start_time; Fixed or variable Connected mode UDP: Packet size; s Unconnected mode: required parameter: dest and port

17 Network Interaction MetaModel
ConnectionlessNetwork Interaction

18 RecvCommandFromNetwork
NodeName: TBD (UAV1) ProcName: RecvCommand Timestamp: TBD PeerNodeName: TBD (ControlStation) PeerProcPort: TBD Parameter: Command (String) SendImageToNetwork NodeName: TBD (UAV1) ProcName: SendImage Timestamp: TBD Parameter: ImageURL (String): RecvImageFromNetwork NodeName: TBD (ControlStation) ProcName: RecvImage Timestamp: TBD PeerNodeName: TBD (UAV 1) PeerProcPort:TBD Parameter: PacketDelay(double) SendCommandToNetwork NodeName: TBD (ControalStation) ProcName: SendCommand Timestamp:TBD Parameter: Command (String)

19 … … Model Interpreter Modeling Environment Run-Time Environment
C2WT Simulation Environment RTI Federates Involving network communication Network Interaction Model EmuGateway Federate Simulink Federate Tap Server Tap Client Tap Client Tap Client Deployment Model Host Assignment Network File System Network Application Code Topology Model TCL script Configuration/Control Environment Deterlab Emulation Environment

20 Emulation Host for ControlStation
Emulation Host for UAV1 Emulation Host for ControlStation HostMap TCP HostMap RecvCommand SendCommand UDP SendImage RecvImage Time converter Tap Client Tap Client Time converter Task buffer Task buffer Emulation Env Interaction Delivery Protocol Simulation Env EmuGateway federate UAV federate ControlStation federate HostMap NodeName: HostIP Tap Server How SendImageToNetwork is processed: EmuGateway federate: Upon receiving the network-related interactions (e.g.,SendImageToNetwork in our example), the Interaction Handler will parse the interaction into a task (ProcName (SendImage); Timestamp (when the image data should be sent); parameter (ImageURL); parameter value(“ and pass it along with the NodeName to the Tap Server. The Tap Server will translate the NodeName to the Host IP address and send the task to the corresponding Emulation Host according to the Interaction Delivery Protocol. The Emulation Host for UAV1: The Tap Client receives the task from Tap Server based on Interaction Delivery Protocol, converts the timestamp in the task from simulation time to real time (details in Sec ), preprocess the data if any (e.g., retrieve the data). The task will then wait in the buffer until its execution time indicated by its timestamp. When the task executes, it will pass the parameter (ImageURL) and its parameter (“ value to the ProcName (SendImage) SendImage process will construct UDP packets and send them to RecvImage. Emulation Host for ControlStation When the RecvImage receives the UDP packet, it calculates the packet delay and generates a new task with ProcName (RecvImage); Timestamp (time instance when the packet is received); ParameterName (PacketDelay); ParameterValue (0.03ms). The task is passed to Tap Client, which converts its timestamp to simulation time and send it to Tap Server immediately. At the Simulation Host: The Tap Server gets the task from the Emulation Host and convert the host IP address it to NodeName (ControlStation). The Tap Server constructs a local task using the task information and the NodeName and put it to LocalTask buffer. When the timestamp of this local task is reached, the interaction handler will take the task , generate interaction (RecvImageFromNetwork) and publish it to RTI. Task Class: ProcName (SendImage); Timestamp; ParameterList (ParameterName (ImageURL); ParameterValue) LocalTask Class: NodeName (ControlStation ) ProcName (RecvImage); Timestamp; ParameterList( ParameterName (PacketDelay); ParameterValue) LocalTask buffer Interaction Handler RTI

21

22 Our Experiment Setup Deterlab Simulated Applications Network Object
UAV Sim* Simulink Physics Simulation Delta3D Network Object Network Object Deterlab 22

23 Finally, a short demo

24 Acknowledgement NSF TRUST NSF SDCI C2WT team at Vanderbilt
Gabor Karsai, Janos Sztipanovits, Himanshu Neema Collaborators from AFRL Timothy Busch

25 Thank you Questions?


Download ppt "Yuan Xue Vanderbilt University"

Similar presentations


Ads by Google