Next Generation Command and Control Wind Tunnel for Courses of
Contents
1. Substitute SCPNTOOLS DIR with its actual value from step 4 above Note that is command will append CPNTOOLS DIR to the end of value of the PATH environment variable To use CPNTools for CPN development make sure that 3D acceleration 1s enabled for your Ubuntu Linux environment If your Ubuntu Linux environment is inside of a Virtual Machine then use its Display settings to enable 3D acceleration DO THIS ONLY IF YOU PLAN ON DEVELOPING CPN S USING CPNTools We ve had display problems on Ubuntu VirtualBox VM s that have 3D acceleration enabled Check if CPNTools is correctly installed execute the following commands in a terminal substitute SCPNTOOLS DIR with its actual value from step 4 above cd SCPNTOOLS DIR Jcpntools B 4 11 OMNeT OMNeT is a used for network simulation in the C2 Wind Tunnel The latest version that works with C2WT is 4 2 1 From this point VN will refer to the 4 2 1 version of OMNeT Also OMNeT modules in CASIM work only in Ubuntu Linux so we install it in Ubuntu B 4 11 1 OMNeT Installation To install OMNeT version VN 1 2 3 Using your browser go to http www omnetpp org Click on the big green Download button on the left hand side of the resulting page On the resulting page click on OMNeT VN source IDE tgz If you don t see version VN you want to download A Click on Older versions at the top of the screen 63 4 5 6 T B On the2. 50 e If you don t have Visual Studio select C2WTROOT src c2w models gme hla HLADecorator dll which is a pre compiled dll that comes with the C2 Wind Tunnel D Double click on the HLADecorator dll file or click on the Open button This will install the HLADecorator and close the window E In the original window click the Close button F DO NOT EXIT GME YET Proceed directly to the next section to register the HLA Decorator component B 4 2 2 2 2 Registering the HLAHelper component for CASIM When we are working with CASIM models it is convenient to have the HLADecorator plugin installed as it allows HLA Interaction parameters and Object attributes to be displayed as part of an interaction or object respectively Depending on whether you have Microsoft Visual Studio 2008 or not use the following methods to access the HLADecorator dll file Interactions and Objects in the CASIM paradigm have an inheritance hierarchy As inheritance dictates the parameters and attributes of a base Interaction or Object class are available in a derived class The HLA Helper add on enhances the GME modeling environment for CASIM to visually display inherited parameters in a derived class Do the following to install the HLAHelper component for the CASIM paradigm 1 If you do not have Microsoft Visual Studio 2008 1 e 2008 or later installed proceed to the next step Otherwise open the C2WTROOT src c2w cpp HLAHelper H
3. e Fora Windows OS execute the C Program Files GME Bin GME exe using a command prompt or explorer window 2 Import the CASIM paradigm A From the File menu select Import XML B Select the following file don t actually type C2 WIT ROOT manually substitute it with its value in your Windows environment whether you are using WINE or a Windows OS C2W TROOT src c2w models gme hla CASIM xme Recall that C2WTROOT is going to be on the Z drive for WINE and whatever drive you mapped the Ubuntu share to in a Windows OS C Save the paradigm as CASIM mga 3 Register the CASIM paradigm A Click on the icon that is shaped like a gear or cog that is located on the tool bar near the top of the GME window It 1s on the right hand side of this tool bar The tooltip for this icon which you can see by centering the mouse pointer over the icon is MetaGME interpreter B Save the interpreted CASIM paradigm as CASIM xmp C Press OK in the succeeding windows 49 D When the window appears that has the text Successfully generated C2WTROOT src c2w models gme hla CASIM xmp Would you like to register your new paradigm Click Yes E Accept defaults on any other dialogs F DO NOT EXIT GME YET Proceed directly to the next section to register the HLA Decorator component B 4 2 2 2 Registering the GME Components for CASIM The GME Components for CASIM paradigm make the development and examination of CAS
4. 1 Execute nautilus as in step 1B of section B 2 2 and navigate to the C2WTROOT folder e g home c2wt Projects ngc2wt Then right click on this folder and select Sharing Options Projects Devices Home Projects ngc2wt Computer adii P Open a nome C2WTunnel i P Documents Open in New Window ii Downloads it Open With Files ii Music P Open With Open Folder with Thunar jii Pictures Open With Other Application B Videos Cut File System Copy E Trash Network Make Link Browse Network Rename Copy to gt Move to Moveto Trash Send To Update Commit RabbitVCS SVN gt Revert to Previous Version Compress Sharing Options N Properties Figure B 51 Selecting options to share a folder 2 In the resulting pop up window uncheck the Share this folder checkbox and then click on the Modify Share button 82 D Folder Sharing d this Folder Cancel Modify Share 3 Figure B 52 Selecting to modify share Once you have completed these tasks clone the main VM to create secondary VM s B 6 2 Cloning the VM Once the secondary VM s have been created for the main machine 1 BOOT THE MAIN MACHINE FIRST This should be the case whenever you are booting all of the machines that are going to be used for a simulation in the C2 Wind Tunnel 2 Establish or re establish the share on the main machine by executing step 1 in section B 2 2 of this Appendix
5. 2 Table B 3 Table B 4 Table B 5 Table B 6 Table B 7 Table B 8 Table B 9 Table D 1 IER AES Pa UW RR T Em 113 be ied RR 113 PRU MCI ie RR 114 Help WOM eH EP 115 LIST OF TABLES Environment Variables need to De Sel eto eb Ene hm itt Tesi euius 47 Values tor registering C2W Main Interpreter ese pee nee eret En epi etd tome revenus 54 Values for registering C2W Deployment Interpreter eeeeeeeeeeeeeeeeeeee eene eene 54 Values for registering CPN Import Interpreter oes ere rt heb et oboe Re pna Eee teta karanan 54 Values for registering Fedfile Import Interpreter eeeeeeeeeeeeeeeeeeeeee eene eene nennen 55 Environment variables needed for OMNeTH lusuueeeeeeeeeeeseeeeeeeeeee nenne nennen nennen nennen 64 Environment variable values for OMNeT configuration eeeeeeeeeeeeeee eene 69 Classpath variable values for OMNeT configuration sseeeeeeeeeeeeeeeneeenneeenennennnns 69 Table for values to be used in setting up machine mount eeeeeeeeeeeeeeeeeeeeeeee 81 Elements ofthe Sequence models ooo ie Coe eoe abo coco oe oes tec Cut do ou dues see eet 89 Table F 1 Cyber effects and options in CASIM s OMNeT generic library sssesse 101 10 SUMMARY The increasing complexity and heterogeneity of operat
6. CommandGO or te20secs EL Y 5 E Acor Fun t A22 Ara on P M CX oy Oma ging 85 Action 2 gt Response Response Figure 1 Conceptual Architecture 3 Procedures The procedure to perform a COA evaluation 1s as follows 1 Domain specific simulation models are prepared that model the various subsystems 2 The interactions of these models are designed in the context of a scenario 3 Operational Sequence Models are created for the COA s that are to be evaluated This is performed by an expert 4 The simulation models are integrated and executed in an integrated simulation framework During execution the OSMs initiate specific actions and anticipate responses from the simulation models 5 Data is collected and analyzed to determine the effectiveness of the OSM that was derived from the COA Note the analysis work was performed by BAE Systems and will not be further discussed here Our effort focused on designing and developing the software infrastructure to support the above conceptual architecture For this we have relied on results from a previous project on the Command and Control Wind Tunnel C2WT We have extended these results and added new capabilities specifically for the purposes of CASIM These results are described in the next section 3 4 Objectives To summarize the objectives of the project were as follows 1 Develop technology for the rapid integr
7. Federate Y Integration Layer X Integration Layer Y HLA Bus Mapper Orchestration X Y Engine Scenario Specific Mapping Model Sequence Simulation Engine X and Y For example Model specific X gt Omnettt Network simulator Y gt CPN Tool Colored Petri Net Simulator 121 Omnet Federate gt Simple C2W HLA integration layer gt Support for Interactions Network packets j ij Cyber effects gt Unified FOM ign igi 430 993311 is n j none tum acc ata ACO E 11 NetworkPacket receiverHostApp String receiverApplndex int receiverHost String packetType String senderApplndex int senderHostApp String senderHost i Omnet Cyber effects gt Simulated cyber effects Disable network block network Disable node block node Replay capture packets and replay them Out of order packets scramble packet order Sniffer capture packets in flight Modify route Delay node slow down specific host Network filter block specific packets going through a node Planned not yet implemented effects DNS Poisoning Packet modification Masquerading as another node Data injection inject bogus packets Disable link disable specific link Delay path slow down a specific path 122 CPN Federate gt No predefined FOM for the CPN federate The CPN FOM is simulation model dependent The integration layer is reu
8. Internet C j My Documents amp Mozilla Firefox 22 My Recent Documents gt oc E mail EG MY Tu 3 Microsoft Outlook S My Pictures A x mm NX Client J My Music Q NT voc Remote Desktop Connection pen a My Network Explore Search qu GIMP 2 ite Control Panel Manage ah Notepad Set Program ap Network Drive Defaults Disconnect Network Drive Command Prompt iS Printers and f y Show on Desktop Rename wi Microsoft Word 2010 LUI Hep acd Sup Properties po Search All Programs gt 7 Run Log Off o Shut Down I E aos Figure B 2 Loading System Properties In the resulting System Properties window click on the Advanced tab then click the Environment Variables button 34 System Properties System Restore Automatic Updates Genera Computer Name Hardware You must be logged on as an Administrator to make most of these changes Performance Visual effects processor scheduling memory usage and virtual memory Settings User Profiles Desktop settings related to your logon Settings Startup and Recovery System startup system failure and debugging information Settings Environment Variables Error Reporting Figure B 3 Loading Environment Variables The resulting Environment Variables window shown below allows you to create new or modify existing environment variables It is best to do this for System Variables as it wi
9. Y Engine Scenario Specific Mapping Model Sequence Simulation Engine X and Y Model Specific Figure G 1 Architecture of next generation C2 Wind Tunnel In the above figure we can see that there are two simulation engines X and Y are being used in a sample federation The simulation engine X uses FOM SOM definition A and the simulation engine Y uses the FOM definition B As such the FOM definitions A and B contain quite different interaction models In order for the two simulation engines to understand the interactions of one another there must be a way to translate the interactions according to their own FOM SOM definitions 102 Here we use a novel concept of a Mapper federate that subscribes and publishes interactions from FOMs both A and B The mapper is configured with appropriate mapping definitions Using these mappings it performs the translation of interactions from one FOM to the other G 2 CURRENT STATUS Currently the mapper federate support has been completed in next generation C2 Wind Tunnel A special federate model with a different icon as shown below 1s integrated into the CASIM GME paradigm The logic of the mapper federates is specified using graphical models The mappings are specified as both graphical and textual for complex conversions using Java like syntax The Mapper federate code is automatically generated from the models and is fully compa
10. APPENDIX D CASIM KEY FEATURES This Appendix provides a list of new features added and improvements made to the C2 Wind Tunnel technology during the project The Appendix also lists the range of cyber effects that have been implemented thus far D 1 GENERIC OMNET FOM A FOM for the network simulation OMNET federate that is defined generically in one place as a Static library that can be re used in multiple scenarios without modification customization It describes the generic interactions the OMNeT federate works with The figure below shows the FOM model nodeFullPath String StartOutOfOrderPacketsAttack StopModifyFromHLAPacketsAttack 3 OmnetCommand 4 AttacksNotYetimplemented A uniquecommandiD String 4 Po i AAAAAAAA StartDisableNetworkAttack r StartSnifferAttack networkAddress String listenerinterface ing StopDisableNetworkAttack ActionBase a listenerNodeFullPath String A nodeFullPath String L X networkAddress String StartDNSPoisiningAttack StartDatalnjectionAttack iil StopSnifferAttack affectedHost String packet String StartNodeAttack HT listenerinterface String listenerHost String toNode String nodeFullPath String listenerNodeFullPath String dnsHost String fromNode String lil nodeFullPath String SIoDDNSPoisini k S
11. HOME Variable Value usr lib jvm ava 6 sun B 4 1 2 Installing Java into the Windows environment Java is installed into your Windows in essentially the same way whether you are using WINE or a Windows operating system IMPORTANT Please make sure that no JDK JRE is already installed on your system i e no directory like C Program Files Java should be present If there are please remove them using the Add Remove Programs utility in Windows 46 1 2 3 4 Go to JDK download page If you are using WINE use a browser in your Linux environment If you are using a Windows OS use a browser in the Window OS A Using your browser go to http www oracle com technetwork java javase downloads index html B Click the Download button under JDK in the area titled Java SE 6 Update VN where VN is the latest version of Java 6 31 at time this Appendix was being written After getting to the required download page A Click on the Accept License Agreement radio button B Click on jdk 6uVN windows 1586 exe on the line that starts with Windows x86 32 bit C Click Save File in the resulting pop up window Once jdk 6uVN windows 1586 exe is downloaded execute it AS ADMINISTRATOR IN WINDOWS 7 to install Java Development Kit 6 0 Update VN e For WINE execute the following in a terminal wine PATH where PATH is the path of the jdk 6u V N windows 1586 exe e g home c2wt D
12. Include area code U U U 1 615 343 771 135
13. Modeling the mapper 1 A Mapper federate consists of a set of mappings between interactions n s gt Case 1 Trivial mapping Hello mapsto Bonjour maptlo Direct parameter mapping with no data conversion I 1 e Li a d mupsTo No parameter mapping COwectM scper Parameter mappeng with implied dala conversion im some cases Complex parameter mapping requiring Java code with naming conventions for in bons Case 2 Map the fields SimpleM appingConnection Direct parameter m ing with n nversion Attributes Preferences Properties Mapping SEUDebIBAC debtlnBillionUSDs EUDebtSG debtInBillionUSDs 130 Mapper Modeling the mapper 2 A Mapper federate consists of a set of mappings between interactions No parameter mappeng Conlon parameter agii reauiing ns osas tain ami comes sinises Clase 3 Mapping with implicit conversion Parameter mapping with implied data conversion in some cases FrenchTransferReceipt i i IndianTransferReceipt lt a T 4 USTransterReceipt _ lndianT ransferReceipt id FrenchTransferReceipt id Mapper Modeling the mapper 3 A Mapper federate consists of a set of mappings between interactions No parameter mappeng Case 4 Complex mapping using code NetworkPacket Parameter mapping with imphed Gata cormmeesion n e Complex parameter mapoeg requinng Java code with naming conv
14. SPONSORING MONITORING AGENCY NAME S AND ADDRESS ES 10 SPONSOR MONITOR S ACRONYM S USAF AFMC pene AIR FORCE RESEARCH LABORATORY 11 SPONSORING MONITORING 26 ELECTRONIC PARKWAY AGENCY REPORT NUMBER ROME NY 13441 4514 12 DISTRIBUTION AVAILABILITY STATEMENT Unlimited 13 SUPPLEMENTARY NOTES 14 ABSTRACT The objective of the CASIM program was to develop an integrated composable modeling and simulation environment to create realistic cyber warfare operational scenarios for course of action COA exploration The project has built such using a new generation of the C2 Wind Tunnel software platform that consists of 1 a modeling environment to compose heterogeneous simulations and 2 a model driven run time framework for the coordinated and controlled execution of integrated simulations The platform introduces novel capabilities to enhance usability including reusable simulation interfaces a generic mapper for the syntactical translation of messages between simulators and an orchestration engine that executes operational sequence models The project has evaluated the framework through a set of hypothetical scenarios from the open source Pacifica domain 15 SUBJECT TERMS Modeling and simulation COA analysis integration of heterogeneous simulations workflow model 16 SECURITY CLASSIFICATION OF 17 LIMITATION OF 18 19a NAME OF RESPONSIBLE PERSON Aeon Gabor Karsai a REPORT D ABSTRACT Tc THISPAGE 19b TELEPONE NUMBER
15. Then for each secondary machine 1 After booting the machine change the IP address of the secondary machine please see Ubuntu documentation for how to do this 2 Make any ssh login from the main machine to the secondary machine be completely automatic 1 e with no prompts To do this from the main machine log in to the secondary machine using ssh That is A In a terminal type ssh lt IPADDRESS gt where IPADDRESS is the IP address of the secondary machine B If the ssh command prompts to continue connecting respond with yes C Once you are logged in just enter the exit command and press ENTER 83 D Try logging in again as in A ssh should not give another prompt like that in B when logging in from the main machine to this secondary machine Again once you are logged in just enter exit This completes the process of creating secondary machines 84 APPENDIX C LIST OF SOFTWARE USED IN CASIM In CASIM the main development work is done on a Ubuntu machine or a VM AII of the sources exist here on the main development machine The version we use currently is Ubuntu 12 04 LTS precise 32 bit OS We use GME for modeling and code generation GME is a Windows application We use and support GME under Windows XP and Windows 7 Also we use GME inside the Ubuntu Virtual Machine using wine Windows Emulator In general user should not need a Windows machine for GME use As long the user c
16. To install execute the following command in a terminal see section B 1 2 2 for an explanation of the sudo command sudo apt get install libmysqlcppconn dev 56 66 99 Answer y to any questions posed B 4 6 DbVisualizer DbVisualizer provides a means for visually examining the MySQL database in particular the events that are recorded there during a C2 Wind Tunnel simulation 1 To install DbVisualizer do the following A Download the DbVisualizer setup installer package 1 Using your browser in your Ubuntu Linux environment go to the following URL http www dbvis com products dbvis download 2 On the resulting page click on Download next to Linux x86 setup installer in the Without Java VM column 3 Save the file dbvis_linux_VN sh using the resulting pop up window where VN is the version of DbVisualizer you are downloading B Now we must run dbvis linux VN sh 1 Ina terminal type the following command sudo bash PATH where PATH is the path to the dbvis linux VN sh file 2 In the resulting window click Next In the next window accept the license agreement and click Next 3 We ll install DbVisualizer in the usr local DbVisualizer VN directory so in the next window enter usr local in the Destination directory textbox Then click Next Setup DbVisualizer 8 0 8 Select Destination Directory Where should DbVisualizer be installed
17. US brings several UAVs some for ISR but some are weaponized Nevidah considers a Special Forces mission to attack and disable the Califon Cyber Operations Center and asks the US to provide cyber support to the operation first by providing intelligence and then helping to extract the Special Forces from the target area The US may use UAVs to conduct surveillance but also to support the Nevidah operation The US is able to apply cyber exploits against the military assets of Califon particularly the sensor assets of Califon and the communication links that enable Command and Control Califon has an Integrated Air Defense System IADS that is divided into two sectors the Eastern Sector with the Eastern Sector Operations Center SOC and the Western Sector with Western SOC There is one Air Defense Operations Center ADOC there is one GCI Ground Control Intercept Station and there are Visual Observation Points VOPs The Califon Cyber Ops Center 1s the source of the cyber attacks Washorgon is neutral and is concerned that hostilities between its neighbors are disrupting trade Washorgon decides independently to send a diplomatic flight to Califon in an effort to diffuse the crisis Nevidah and the US are aware of the Washorgon plan Nevidah and the US decide to execute a SOF Mission in which Nevidah will conduct a SOF raid to Califon s Cyber Ops Center The objective of the SOF mission is to penetrate and corrupt the Califon Cyber Ops Cen
18. 0 overruns carrier 0 collisions 0 txqueuelen 1000 RX bytes 1292421953 1 2 GB TX bytes 226108661 226 1 MB Link encap Etheriet HWaddr 08 00 27 7d 25 94 inet addr 192 168 56 101 Bcast 192 168 56 255 Mask 255 255 255 0 UP BROADCAS RUNNMIMC MULTICAST MTU 1500 Metric 1 RX packets 122491 errors 0 dropped 0 overruns 0 frame 0 TX packets 65887 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 1000 RX bytes 96045775 96 0 MB TX bytes 8426147 8 4 MB Link encap Local Loopback inet addr 127 0 0 1 Mask 255 0 0 0 UP LOOPBACK RUNNING MTU 16436 Metric 1 RX packets 75588 errors 0 dropped 0 overruns 0 frame 0 TX packets 75588 errors 0 dropped 0 overruns carrier 0 collisions 0 txqueuelen 0 RX bytes 114903592 114 9 MB TX bytes 114903592 114 9 MB hnineghnine VirtualBox li Figure B 16 Checking IP Address The IP address you use depends on the network to which the Windows environment is 42 connected In this example it is the one circled in red B On the Windows OS specifically Windows XP although Windows 7 is similar open a My Computer window in the explorer This can be done by clicking on the Start button and selecting My Computer Harmon Nine Internet Mozilla Firefox v E mail 4 Microsoft Outlook NX Client f KE My Computer EU Remote Desktop Connection al Notepad auf GIMP 2 EN Command Prompt j Wi Microsoft Word 2010 All Programs D iJ My Documents 2 My R
19. 6 Model 30 Stepping 5 Genuin 6 le05 C Ciwindows Ciwindowsltemp C windows temp C Program Files ISIS Udm Ciwindows Ciwindowslsystem32 hnine VirtualBoHKEY LOCAL MACHINEYlSystemlCurrentControlSetControl Session ManagerlEnvironment A Figure B 10 New registry variable created B 2 SHARING C2WTROOT IN THE UBUNTU LINUX ENVIRONMENT WITH THE WINDOWS ENVIRONMENT Whereas the C2 Wind Tunnel uses the Ubuntu Linux environment to develop and compile code Java and C it uses GME for modeling and code generation and GME only runs in a Window environment Because of this Linux needs to be setup up to share a directory and all file directories under it with the Windows environment The Linux directory to share should be called ngc2wt e g HOME Projects ngc2wt where HOME is your home directory e g home c2wt If this directory does not exist please create it now One means of doing this 1s to enter the following command in a terminal mkdir p directory 38 From this point onward we will refer to this directory as C2WTROOT In fact please create a persistent environment variable C2WTROOT in the Linux environment see section B 1 3 1 that has this directory as its value 1 e export C2WTROOT lt directory gt The means of sharing SC2WTROOT with the Windows environment depends on which environment you are using a Windows OS or WINE B 2 Sharing CZWTROOT with WINE If you are using WI
20. B 51 Selecting options to share a Told ery iiri rica aa da uasa rac td ac auo sa cac ua ao co quaa so i cusa ue cs 82 Fiore B32 6lectie to THOCTES SALE diss atten dit deu daa acad aa da uto act uada dca duouse du mau oe acude 83 Pipu D OMNE THE FOM enel ee 86 Figure D 2 Generic OMNe I Simulator ceeds es A 87 Ejs re D3 COA sequence model example 25 59 1 p stet ee ee 88 Pisur Ded Experiment t omrollepaiu dit i e i odisti te Ri eee a oU I ALII de 92 Figure D 5 BRIT Ne Y CPN Model x ecution s 90 5 visto tego eee 93 Figure G 1 Architecture of next generation C2 Wind Tunnel eerie 102 Fig r G22 Mapper Tederate 16 Oli ccee tnd n E tatiana E aan aie eae 103 Figure G 3 Mappings among interactions with no parameters eese 103 Figure G 4 Mapping among interaction with parameters but with no data conversion 103 Figure G 5 Mapping support with automatic data conversion esee 104 Fieure G 6 Coniplex mappines with USer COdG eio sedo tad wins iot exon dide E ER 105 Figure I 1 Shortcut icon on user s desktop to launch C2WT experiment controller 110 Ereure T 2 Launch Cn01ce 45 969 e iia ta t a iuh data p uns NC EC D C CE ALMAE Lei cce PUEd 110 Figure P 3 C2 Wind Tunnel Experiment Controller 2 2 2 cn aie A aeons cate e taste pia Nea 111 IV Figure I 4 Figure I 5 Figure I 6 Figure I 7 Table B 1 Table B
21. BLC81 RC16 amp COA OutcomeFilters BLC52 RC22 amp COA OutcomeFilters BLC81 RC42 Experiment Started amp COA OutcomeFilters BLC72 RC23 Batch mode is ENABLED amp COA OutcomeFilters BLC52 RC16 amp COA OutcomeFilters BLC72 RC82 Checking java3d installation success amp COA OutcomeFilters BLCS1 RC82 Checking IP address of main machine to see if it conforms to CASIM model success amp COA OutcomeFilters BLC52 RC42 amp COA OutcomeFilters BLC72 RC16 Setting file permissions done COA OutcomeFilters BLCS2_RC23 Checking if federation FOM file is present success amp COA OutcomeFilters BLC52 RC53 Making sure federation Pacifica2 is NOT already running success amp COA OutcomeFilters BLC72 RC42 amp COA OutcomeFilters BLC81 RC23 Checking critical java classes done amp COA OutcomeFilters BLC15 RC82 heddns Federation M COA OutcomeFilters BLC15 RC23 amp COA OutcomeFilters BLC51 RC42 Setting up BRITNeY for CPN federate CPNPacifica visualization success amp COA OutcomeFilters BLC51 RC16 Checking CPNPacifica success amp COA OutcomeFilters BLC81 RC22 Checking Mapper success amp COA OutcomeFilters BLC15 RC16 Checking OmnetFederate success exists andis executable Checking Java components of Pacifica2 Federation success amp COA OutcomeFilters BLC15 RC42 amp COA OutcomeFilters BLC52 RC82 Creating database Pacifica2 ActRespExp1Dep
22. CASIM based COA evaluations The evaluation architecture is captured in the form of graphical models that can be rapidly composed from pre fabricated building blocks The goal of the language 1s 1 to simplify the integration activities and 2 to support the modeling of operational sequences derived from COA specifications by experts 3 Development of software generators for the configuration and deployment of the simulations on a potentially distributed platform the C2 Wind Tunnel software infrastructure 4 Identification and integration of a specific set of simulation and analysis tools for CASIM that are focused on the cyber mission 5 Development of tools for experiment control The goal of this task was to develop the infrastructure to deploy and run CASIM experiments in a highly controlled and repeatable manner The report below summarizes the project activities describes the methods and procedures followed as well as the assumptions made 3 0 METHODS ASSUMPTIONS AND PROCEDURES Our objective with this project was to develop methods and software tools for the evaluation of Courses of Actions COAs Our project was conducted in conjunction with a parallel effort by BAE Systems with responsibilities split up between the two organizations as follows 1 BAE Systems is responsible for 1 the preparatory activities of COA evaluation and 2 the post processing of the raw computational results into a meaningful Measures of Effe
23. COA OutcomeFilters BLC72 RC82 amp COA OutcomeFilters BLC51 RC82 amp COA OutcomeFilters BLC52 RC42 amp COA OutcomeFilters BLC72 RC16 amp COA OutcomeFilters BLC52 RC23 amp COA OutcomeFilters BLC52 RC53 amp COA OutcomeFilters BLC72 RC42 amp COA OutcomeFilters BLC81 RC23 amp COA OutcomeFilters BLC15 RC82 amp COA OutcomeFilters BLC15 RC23 amp COA OutcomeFilters BLC51 RC42 amp COA OutcomeFilters BLC51 RC16 amp COA OutcomeFilters BLC81 RC22 amp COA OutcomeFilters BLC15 RC16 amp COA OutcomeFilters BLC15 RC42 amp COA OutcomeFilters BLC52 RC82 amp COA OutcomeFilters BLC15 RC22 amp COA OutcomeFilters BLC51 RC22 amp COA OutcomeFilters BLC51 RC23 amp COA OutcomeFilters BLC15 RC53 amp COA OutcomeFilters BLC51 RC53 amp COA OutcomeFilters BLC72 RC53 NoCyberDep NoCyberDep 1h ProbChoiceDep ProbChoiceDep 1h RandomDurDep RandomDurDep1h 4 v v v a 4 v v Vw v vw vw wv wv y Experiment Information Scenario Pacifica2 Experiment CyberGamingWithFiltersExp Deployment CyberGamingWithFiltersDep 1h Federates Federation Manager Step size 300 0 seconds Lookahead 60 0 seconds CPNPacifica Step size 3600 0 seconds Lookahead 200 0 seconds Mapper Step size 600 0 seconds Lookahead 100 0 seconds OmnetFederate Step size 300 0 seconds Lookahead 0 2 seconds Experiment mode As Fast As Possible Experiment end time 850000 0 seconds Terminate experiment when all COAs executed false Ex
24. D Sz Ciwindowstltemp H c Memory Man tl sey C Program Files ISIS Udmi vMM32Files Delete Del EUM EE D Sz C windows _ a Windows Rename F2 Binary Value C windows system32 Ez LJ Hardware Profiles DWORD Value E E prs Multi String Value J MountedDevices Copy Key Name Expandable String value CI HKEY LISERS C HKEY CURRENT CONFIG C HKEY DN DATA Find Ctrl F gt Adds a new string value A Figure B 6 Registry Editor 36 A new variable will appear with a generic name e g New Value 1 The new variable should be in a state such that its name is highlighted in blue and is in an editable text field Its name can be changed by typing its new name in this text field and pressing enter If it is not 1n this state you can right click on its name and select rename from the resulting menu Once you have entered the name the variable may change its position in the list This is because the variables are kept in alphabetical order by name Registry Editor Registry Edit View Favorites Help 71 9 My Computer Type Data c HKEY CLASSES ROOT ab Default REG SZ value not set HLA HKEY CURRENT USER ab ComSpec REG EXPAND SZ C windows system32 cmd exe EEA HKEY LOCAL MACHINE ab GME_ROOT REG SZ C Program Files GME HARDWARE ab GREAT 3RDPARTY PATH REG SZ C Program FilesISISYGReAT 3rdparty C software ab GREAT PATH R
25. Eventel T 0 Next Pacifical Network hlalnterfaci Pacifcal callfonNet Msgs created 2153 Msgs present 2153 Pacifical MEAE a i Y zin e PacificaiNetwork Uniteds VOP 14 Basic dpfpplira ng module PacificaiNetwork usMet UnitedStates RDs VOP14 network ayer 1 ng module PacificaiNetwork usNet UnitedStates RDs VOP15 Basiclidphpplina 2 O Dor an Fi amp ajaj H Pacifica OmnetF ederate Pacifical Network PacificalNetwork d 1 ptr xSca0500 Zoom 0 65x iS BODOR NAA O WP i o A Ajj BO oi wes O ri ll Pacitcat Omnetrecerate UnitedStatesNetwork Pacificat Network usNet id 7 ptr x3d16c50 Zoom 0 76x Figure D 2 Generic OMNeT Simulator D 3 FLEXIBLE DETAILED AND EFFICIENT CYBER EFFECTS LIBRARY CASIM comes with a library of cyber effects in the generic OMNeT simulator This library has been written such that it can be easily incorporated in any scenario demonstration It is fairly detailed and uses a number of parameters to configure the effects as needed in a particular scenario Also this has been implemented with efficient code so as to not introduce a significant overhead for the network simulator The efficiency and modularity are the key strengths of this library Before this library the cyber effects were very rudimentary and needed significant effort to make them work for a new scenario and also those were highly computation intensive so much that the en
26. IndianMoneyGram NetworkPacket set_receiverHost MapperE Network ICICIB ank NetworkPacket set data USMoneyGram get_id Gv USMoneyGram get_dollars 50 0 E BankOf amp merica x ICICIBank NetworkPacket set numBytes 1024 Figure G 6 Complex mappings with user code 105 APPENDIX H FAULT MANAGEMENT IN CASIM H 1 INTRODUCTION One of the objectives in the next generation C2 Wind Tunnel is to provide better fault management support in the C2WT infrastructure A wide variety of model integration improvements and customized experimentation support scripts are already provided with the new infrastructure However it is also highly important to provide a better fault handling This not only includes an error handling in the code that 1s exercised at run time but also during modeling and experimentation In this Appendix we attempt to list various fault handling tasks that can be developed in NGC2WT to provide a more robust usage experience H 2 ERROR HANDLING FOR INVALID MODELS Not only do these user errors need to be detected but an appropriate error dialog should be generated that points the user as close as possible to the actual error location in the model H 2 1 Modeling time error handling detection happens during modeling using OCL constraints COA models x An OutcomeFilter can have only 1 outgoing connection D An OutcomeFilter can have only 1 incoming connectio
27. Nevidah and the ability of US to provide assurance to Nevidah by exploiting the dependence of US forces on spectrum amp cyber space Califon with technical support from China has established a Cyber Ops WaSHORGON n t Center on the mountainous northwestern part of the country The Califon oi He tpan Cyber Ops Center CCOC is a secure underground facility in an 1solated Tm area that 1s not easily accessible or targetable from the air The Cyber Ops Center has been conducting operations that are disrupting the economic life of Nevidah disrupting the financial sector disrupting the SCADA systems conducting extensive identity theft Up to this point Califon has not attacked any of the military systems or to be more precise no abnormal behaviors have been identified by Nevidah s Network Operations Center NNOC The Califon Cyber warfare against Nevidah has been accelerating Nevidah in consultation with the US is prepared to take action to persuade the Califon president to cease the 15 cyber attacks and start serious negotiations to resolve the dispute about mineral rights The United Nations has imposed sanctions on Califon in response to Nevidah s protests 5 2 Phasel Deter Califon aggression via cyber operations The Commander s mission can be described as follows US Joint Force Commander will develop full spectrum courses of action COAs in support of Nevidah to cause Califon to cease its cyber campaign and deter it f
28. SOC Califon GCI reports UAV flight to Eastern SOC UAV flight announced by US government Nevidah chooses to use a covert SOF mission Califon president fears attack from US Nevidah coalition US positions forces on Nevidah on disputed region Califon GCI hacked by US and unable to report to SOCs US conducts military exercise with Nevidah forces The TIN model was used to develop and analyze courses of action that were to be used in the computational experiments Once it was determined that the model did express the scenario correctly and had the desired properties it was converted into an executable discrete event model expressed as a Colored Petri Net 8 using the application CPN Tools 5 This is shown in Figure 11 Note the similarity in structure between the TIN and CPN models Figure 11 The Colored Petri Net model of the Phase 1 scenario The red arcs indicate cyber exploits by Nevidah and the US The CPN model interacts with the Pacifica and US networks modeled in OMNeT where the specific exploits network attacks are implemented In implementing the exploits of Phase 2 a more detailed version of the Colored Petri Net model of Phase 1 was developed A segment of the more detailed model is shown in Figure 12 Again red arcs indicate locations where cyber exploits can be applied In addition when red and green nodes are shown side by side they signify that the signal goes to the corresponding OMNeT network mode
29. Select the Folder where you would like DbVisualizer to be installed then click Next Destination directory fusr local DbVisualizer 8 0 8 Browse Required disk space 50 2 MB Free disk space 76 529 MB Back Next gt Cancel Figure B 23 Setting DbVisualizer installation directory 4 In the next window DbVisualizer VN and Database Drivers JDBC should both be selected for installation Then click Next 57 5 In the next window make sure the Create symlinks checkbox is checked and usr local bin is entered in the Destination directory textbox Click Next Setup DbVisualizer 8 0 8 Select Directory for Symlinks m Where should DbVisualizer create symlinks to the executables x Select the folder where you would like DbVisualizer to create symlinks then click Next v Create symlinks Destination directory Jusr local bin Browse Back Next gt Cancel Figure B 24 Setting executable symlinks location for DbVisualizer 6 In the next window there is a checkbox that appears to have no effect whether it is checked or not Click Next 7 The next window will show the progress of installing DbVisualizer 8 In the final window make sure the Run DbVisualizer checkbox is checked and click Finish 2 To configure DbVisualizer for the C2 Wind Tunnel A Run DbVisualizer either via step 1 B 9 above or just type the following in
30. StartDelayNodeAttack sub Omnetederate StanDeayNodeAttack sub OmnetFederate 7 StartDelayNode amp ttack sub Omnetfederate T Max Rows 000 jNetworkPacket sub NetworkPacket sub OmnetFedecate Network acket sub OmnetFederate iStertDelayNodeartack sub Omnetfederate StanDetuyNodeartack sub Omnetf ederate StartDelayNodeAttack sub OmnetFederate PNPacfica pub ESOCReportToADOC X PNPacfica pub ESOCReportToADOC JCPNPacifica pub ESOCRepertToADOC ESOCReponToADOC sub Mapper JESOCReportToADOC sub Mapper ESOCReportToADOC sub Mapper Mapper_pub_NetworkPacket Mapper pub Network acket Mapper pub Networkfacket Mapper pub NetworkPacket _Mapper_pub_NetworkPacket _Mapper_pub_NetworkPacket Mapper pub NetworkPacket Mapper pub Network aciet Mapper pub NetworkPacket Mapper pub Network acker Mapper pub NetworkPacket Mapper pub NetworkPacket NetworkPacket sub OmnetFedecate lNetworkPacket_sub_OmnetFederate jNetworkPacket sub Omnetrederate NetworkPacket sub OmnetFederate OmnetFederate NetworkPacket sub OmnetFederate Max Chars 1 amp mnSm sS a Liberation Sans c2 132015 Pacifica CyberC OA2 Deployment 1Hosi 2011 10 26 132545 Pacifica NoCyber Effects Deployme nt 1Host 2011 10 26 131632 Blocked comms T time 3620 000 3620 000 3620 000 3620 000 3420 000 3620 000 7220 000 7220 000 7220 000 7220 000 16220 000 16220 006 16220 000 16220 000 16220 009 16220 000 16220 000 16220 0
31. String NORMAL 0 Mapper String NORMAL 0 CPNPacifica String NORMAL 0 ESOCReportToADOC String NORMAL 0 Pacifical Network califonNet CalifoniADs ESOC String NORMAL 0 BasicUdpAppWrapper String NORMAL 0 0 int NORMAL 0 1024 int NORMAL 0 COA Test String NORMAL 0 Pacifical Network califonNet CalifonlIADs ADOC String NORMAL O BasicUdpAppWrapper String NORMAL 0 0 int NORMAL 0 etho String NORMAL O COA Test String NORMAL 4 1024 int NORMAL 4 CPNPacifica String NORMAL 4 ESOCReportToADOC String NORMAL 4 0 int NORMAL 4 etho String NORMAL 4 PacificalNetwork califonNet CalifonlADs ADOC String NORMAL 4 BasicUdpAppWrapper String NORMAL 4 0 016 0 019 sec 84 7 1 47 Figure 8 Example SQL database showing experiment results 14 5 0 THE CASIM PACIFICA SCENARIO In order to test and demonstrate the capabilities of the Next Generation C2 Wind Tunnel a scenario was developed based on the unclassified Pacifica scenario 1 Two specific scenarios were developed Scenario 1 was focused on the Deterrence phase Phase 1 and Scenario 2 on Seizing the Initiative Phase 2 5 1 Pacifica Overview The island of Pacifica contains three sovereign countries a The Confederation of Washorgon States b The Republic of Nevidah and c The Peoples Republic of Califon that has unitary system with no defined state administrative boundaries This 1s shown on Figure 9 below The topography trafficability climatology and surface lines of commun
32. These data sets are used for extensive analysis The View list of databases created menu item is used to show the list of databases that were created for the currently selected experiments in the last executed batch of experiments C2 Wind Tunnel creates new databases for each experiment The names of the databases not only use the name of the scenario but also a date and time stamp and the names of the sequence models used in that experiment up to a total of 64 characters as support by MySQL When selected a dialog box is shown with the list of database names which can be copied to the clipboard if user wants to save them as a text file 1 3 3 Run Menu Figure I 6 below shows the Run menu C2 WindEunnel Experiment Controller File View Run Help Interactive Batch Stop Stop All Figure I 6 Run menu Run menu is the key menu for experiment control When a single experiment has been selected the menu item Interactive can be used to run the selected experiment in Interactive mode This mode shows Federation Manager and other simulation tool graphical windows The Federation Manager can be used to terminate the experiment manually Also the menu item Stop of the experiment controller can be used to stop the currently executing experiment IMPORTANT The Stop menu can be used for a currently executing experiment only after the experiment has started executing successfully When this happens the log window show
33. This Appendix lists the planned cyber effect categories that can be supported by the OMNeT federate This list is a list of possible events not a Cyber COA to be integrated as it is into a scenario Consequently in the absence of a cyber COA the scenario will specify when cyber events will occur and how When a network model is created the appropriate simulation modules should be added to the model e g an AttackNode module to a specific host and that simulation module will be activated when the appropriate interaction is sent to the OMNeT federate e g Start AttackNode interaction The same module will be deactivated by a similar interaction e g a Stop AttackNode interaction F 1 LIST OF CYBER EFFECTS IN CASIM Terminology A node below can be a host computer a switch or a router A link is a direct connection between two nodes That is a link can be a specific connection between a router and a switch A network is a graph of interconnected hosts switchers routers It may be the entire network in the simulation or any part of it 1 Attack a node Name AttackNode Description Completely disable a specific node Node does not function Parameters nodeFullPath The full path in the network of the node that will be disabled Status It has been been fully implemented and tested 2 Attack a network Name AttackNetwork Description Change the behavior of a network Parameters network A
34. be opened in the experiment controller to restore the experiment selections During the load time the experiment controller reconstructs the tree view by scanning the users C2WTROOT directory for scenarios deployments and experiments After loading the experiments the experiment controller reads the c2wt experiment selections file to mark the saved selections as checked If any of the saved selections can no longer be found in the directory or they are found non executable due to some errors they are ignored Also the Save Experiments Log menuitem can be used to save the console messages that appear in the bottom right section of the experiment controller The log messages are saved as a text file with log extension 112 File View Run Help ff Open Experiment Selections Experiment Information W Save Experiment Selections Save Experiments Log Scenario Pacifica2 Experiment CyberGamingWithFiltersExp Deployment CybercamingWithFiltersDep1h Select a C2WT experiment selections file to open Y Act gc L 4 imic2wt Projects ngc2wt Act v g Act Places Name v Size Modified gc Q search ii 3rdParty 04 06 2012 n Cyb Recently Used imi build 04 26 2012 O Ob ugcowt ami Contrib 10 29 2012 g En E Desktop widoc 07 11 2012 Li File System imi ExecutionDirectory 04 06 2012 wi VBOXADDITIO generated 08 24 2012 amp C E Documents log 10 29 2012 SC li Music imi logs 08 01 2012 amp C ji Pi
35. browser go to http escher isis vanderbilt edu downloads If you are using WINE use a browser in your Linux environment If you are using a Windows OS use a browser in the Window OS Click on GME which is to the left of the words Generic Modeling Environment GME Enter your company name click on I accept the agreement and then click on the Submit button Click on GME VN msi where VN is the most recent version of GME Save GME VN msi to your disk by clicking Save in the resulting pop up window Once GME VN msi is downloaded execute it AS ADMINISTRATOR IN WINDOWS 7 to install GME e For WINE execute the following command in a terminal winefile and navigate to PATH where PATH is the path of GME VN msi e g home c2wt Downloads GME V N msi Double click on GME V N msi in the winefile window and the GME installation process should commence 48 e Ina Windows OS execute the GME VN msi using a command prompt or explorer window B 4 2 2GME Configuration There are several steps involved in configuring GME for the C2 Wind Tunnel registering the CASIM paradigm registering components for this paradigm and registering interpreters for this paradigm B 4 2 2 1 Registering the CASIM paradigm Here are the steps to register CASIM paradigm Execute GME e For WINE execute the following command in a terminal the single quotes are very important wine C Program Files GME Bin GME exe
36. disable network disable a specific node on the network replay capture packets and replay them scramble the order of packets flowing through a node sniffer capture packets in flight modify route delay node slow down specific host network filter block specific packets going through a node These cyber effects are available as a simulation module that can be activated by an appropriate message sent to the simulator 4 5 Mode of operation Once the C2WT models for the integrated federate of the simulations are created including the models for the Mapper the collection of Sequence Models have to be prepared using the modeling approach briefly described above As the Sequence Models can represent the COAs of multiple participants typically blue and red and there could be many variants of them we have built support for modeling such variability Using the same simulation models e g CPN models and OMNeT models one can create several variants of Sequence Models representing the operations of various parties e g red and blue and group them together in experiment models Note that COA evaluation may require the execution of various operational sequences of different participants and all the possible combinations of those A graphical modeling language is available to model such combinations in a compact form these models are then translated into scripts that perform the complete sequence of experiments in a
37. ipv6 conf lo disable_ipv6 1 This is shown below using the vi editor in a terminal window i e the command to edit the etc sysctl conf file is sudo vi etc sysctl conf ONCE YOU HAVE MADE THIS EDIT TO etc sysctl conf REBOOT YOUR SYSTEM The most recent version of portico known to work with the C2 Wind Tunnel is version 1 0 2 From this point onward VN in reference to Portico will mean 1 0 2 To install portico so the following 1 Using your browser go to http sourceforge net projects portico files Portico 2 Click on portico VN 3 On the resulting page scroll down and click on portico VN linux tar gz 4 In the resulting window select to save it and press the OK or Save button 5 Extract the contents of portico V N linux tar gz at an install location e g opt portico and give read and execute permissions to everyone This can be done by entering the following commands cd opt sudo mkdir portico cd opt portico sudo tar xf PATH sudo chmod R ugo rx where PATH is the path of the portico V N linux tar gz file 1 e where it was saved by your browser THE SPACE AND PERIOD AT THE END OF THE LAST COMMAND ARE VERY IMPORTANT These commands will result 1n the creating of the directory opt portico portico VN which should contain files LICENSE portico and RTLrid 6 Create a persistent environment variable RTI HOME and give it the value opt portico por
38. messages defined in one FOM to messages defined in other FOMs Using this language users can specify in the GME models how the message must be translated in other FOM such that federates using that FOM can interpret the message correctly In addition to simple relations that involve parameter mapping and conversions we also support custom Java code that can be embedded in the models to support highly involved mappings We have created several Mapper federate examples that demonstrate the successful use of the FOM mapping technology The Mapper code is completely automatically generated Please refer to the Appendix G on Mapping Technology for a detailed discussion of mapping capabilities in CASIM D 5 COA SEQUENCE EXECUTION LANGUAGE In CASIM we designed a language for describing Coarse Of Action COA to be used in various scenarios For example COAs are commonly used in creating war gaming scenarios The figure below shows an example COA model AwaitN 1 A110onTimeout duration 1hr SimEnd AwaitN 1 am em um an en en em anes ov gt t 20secs ies STS NS UR j OutcomeFilter1 Exception3a be OutcomeFilter2 Exception2 SimEnd xception3b TerminateCOA Exception3default Figure D 3 COA sequence model example 88 As can be seen in the above figure the COA language supports a number of the COA sequence elements that are used to describe a COA Here are the sequence elemen
39. mounted on the secondary machine l 2 Set up a share on the main machine if you haven t already by executing step 1 of section B 2 2 of this Appendix Obtain the IP address of the main machine as in step 2 A of section B 2 2 of this Appendix Then enter the following commands sudo sh c echo etc fstab sudo sh c echo lt IPADDRESS gt lt SHARENAME gt lt SPACE gt lt C2WTROOT gt lt SPACE gt cifs lt S PACE gt users exec username lt USERNAME gt password lt PASS WORD gt rw lt SPACE gt 0 lt SPACE gt 0 gt gt etc fstab Where the meaning of the words in chevrons lt gt are shown in the table below Table B 9 Table for values to be used in setting up machine mount lt SPACE gt One or more spaces lt IPADDRESS gt _ The IP address of the main machine lt SHARENAME gt The name you gave the share when you created it following setup 1 of section B 2 2 of this Appendix e g ngc2wt lt C2WTROOT gt The value of the C2WTROOT environment variable 1 e the directory that 1s described at the beginning of section B 2 of this Appendix e g home c2wt Projects ngc2wt USERNAME Your user account name e g c2wt Bliss 81 Once you have performed these tasks you can clone the main VM to create secondary VM s B 6 1 3Disable the share on the main VM If you created a share on the main machine i e steps 1 and 2 of section B 2 2 disable the share temporarily as follows
40. portions of the C2 Wind Tunnel Java Project ngc2wt will not build 1 e compile at this time This 1s because necessary code for the project has not yet been generated via GME see section B 5 What will build are the Java based interpreters that GME was configured to use back in section B 4 2 1 3 2 in particular the one that can generate this code 1 To build the ngc2wt project in OMNeT 4 first in a terminal run the following command It will create missing directories whose absence prevent s the project from building bash C2WTROOT src c2w scripts generated_dirs sh 2 Now to build the ngc2wt project select the project 1n the left hand sub window and follow steps 5 6 in section B 4 7 1 as was done for the inetmanet 2 0 project At this point the java based interpreters for the CASIM paradigm in GME should run on a CASIM model in GME B 4 13 2 Registering the C2 Wind Tunnel C projects The C projects for the C2 Wind Tunnel are imported as follows As with portions of the ngc2wt Java project these projects will not build until necessary code 1s generated for them via GME described in the next section 1 Follow steps 1 3 in section B 4 7 1 2 In the resulting Import Projects window type the C2WTROOT src directory into the text field next to Select root directory and then click in the Projects sub window Several projects should appear in this sub window Make sure the checkbox ne
41. resulting page click on OMNeT VN source IDE tgz where VN is the version you wish to download e g 4 2 1 On the resulting page click on OMNeT VN source IDE tgz to download OMNeT version VN In the resulting pop up window select OK or Save to save OMNeT installation package 1 e omnetpp VN src tgz in your Ubuntu Linux environment Extract the contents of omnetpp VN src tgz at an install location e g opt omnetpp and give read write and execute permissions to everyone This can be done by entering the following commands cd opt sudo mkdir omnetpp cd opt omnetpp sudo tar xf PATH sudo chmod R 777 where PATH is the path of the omnetpp VN src tgz file 1 e where it was saved by your browser THE SPACE AND PERIOD AT THE END OF THE LAST COMMAND ARE VERY IMPORTANT These commands will result in the creation of the directory opt omnetpp omnetpp VN From this point forward we will refer to this directory as lt OMNETDIR gt Refer to the installation guide InstallGuide pdf in lt OMNETDIR gt doc directory for installation on the Ubuntu machine In particular follow the instructions in chapter 5 first then chapter 4 Basically it involves the following steps A Run the following commands in a terminal sudo apt get update sudo apt get install build essential gcc g bison flex perl tcl dev tk dev blt libxml2 dev zliblg dev doxygen graphviz openmpi bin libop
42. sub menu should appear under this B Scroll down and click on the checkbox next to Eclipse Java EE Developer Tools C Click Next In the resulting window click Next In the resulting window select the I accept the terms of the license agreement Then click Finish The Java EE Developer toolkit and all packages on which it depends should be installed This could take a while A window should appear indicating that OMNeT needs to restart for the Java EE Developer Tools installation to complete click on Restart Now Setting internal variables for OMNeT To set the internal variables necessary for the C2 Wind Tunnel in OMNeT do the following 1 Execute OMNeT as described in steps 1 3 in the previous section 2 Select Window Preferences 67 Simulation OMNeT IDE Edit Navigate Search Project Run Window Help O Q e Dew EY simulation m Proj 23 mL rojact Explorar Open Perspective Show View Customize Perspective Save Perspective As Reset Perspective Close Perspective Close All Perspectives Navigation Preferences BE Outline 7 Hl v7 ES d Value BL Problems X N i Module Hierarchy 5 NED Parameters fg NED Inheritance ELI O items Description Resource Path Location Type Figure B 33 Opening preferences in OMNeT 3 In the resulting window A Click on the small triangle next to C A sub menu
43. to Folder 1192 168 56 1011ngc2wk w Example server share Reconnect at logon Connect using a different user name Sign up Far online storage or connect Eo a network server Figure B 19 Providing network path for mapped drive E A window may pop up that asks for a username and password to access the Ubuntu share Use the username and password of the account under which the share was created Connect As By default vou will connect to the network Folder as ISISihnine To connect as another user enter their user name and password below User name cut I Browse Figure B 20 Entering username and password for network share 3 Define an environment variable in the Windows operating system see section B 1 3 2 1 called C2WTROOT with the value of the root directory of the drive specified in stop 2E above For example if you chose drive Z set COWTROOT to Z V without the quotes B DOWNLOAD THE C2 WIND TUNNEL SOFTWARE REPOSITORY The C2 Wind Tunnel software 1s currently maintained in a subversion svn software repository So to download the repository into your Linux environment a subversion client must be 44 installed The subversion client we will use in this Appendix included in the subversion package that is provided for Ubuntu To install it in a terminal execute the following command sudo apt get install subversion Enter your password if prompted and answer yes to a
44. 00 16220 000 16220 000 39920 000 39920 000 39920 000 39920 000 39920 000 39320 000 40520 001 40520 001 40520 001 40520 001 40520 001 40520 001 40520 00 40520 00 40520 001 40520 001 40920 001 40520 001 40520 001 40520 001 40520 001 40520 001 40520 001 40520 001 40 20 001 40520 00 129 parameter deiy Mean delaySt dDev nodeFullP ath originFed sourceFed umQuecommandp nodeFullP ach onginFed sourceFed urequecCommandiD nodeFullPath onginFed sourceFed umqueCommandiD dele an deiayStaDev nodeFullP ath onginted sourceFed umqueCommandiD sourceFed ongnfted report sourceFed report ongnfFed sourceFed ongenFed packetType senderHost senderHostApo Sender ppindex numeytes data receiverHost feceiverHostApp receier amp ppindex recemver amp ppinterface data nurmlytes onginFed packetType receiver amp ppindex receverappinterface recewerHost recetverHost np IT voe 5 1 Pacihca Network calfonNet CCOC manager manager Pacfical Network calfonNet CalfoniADs ESOC manager manager string Pacitical Network caMfonNet CalfoniADs WSOC String manager manager 5 1 Pacifica Network calfonNet CalfoniADs GC manager manager CPNPachca CPNP achica COA Test CPNPacca COA Test CPNP acca Mapper CPNPachca ESOCReportToADOC Pacifical Network calfonNet CalfoniaDs ESOC BasicUdpAppwrapper 0 1024 COA Test Pacifical Network caMfonNet CalfoniADs ADOC Baticudpappwrapp
45. 07 gi m 3 WO Dor ur amp So MM a a lele Cacica Comet eerie Pacticai eund Pactica euo det Qebxa0N470 2 ES Do arnt O HESS v 465 Dox and O EF ex Pacca Onn eserate UntndStteiNetuceh Pace aT Netwerh ust eT priat m TE enis eroe Pucca tr nent ft Qoa tem Zoom BEES x B PE ewtegonhwt x l ptrOx3 3400 Zosm 0 7 Disable ESOC Lm D DelayCaldoncCOC EffectCalifonE SOC lr Await Fork tHe Slow down GCI b Case 2 Slow down ESOC PE um nt m a Ls CalifonCommStatus DelayCalfonCCOC CIReportToE Fork Await2 T Mr DelayCalifon L Oa po e wai 2 NEU EffectCalifonGCi GCI Hr Caveat These models are only to show functionality of the tool were not validated with the scenario 127 etwork CPN model executing in sync M As Fast As Possible togh Simulatio es MM X uS rw Sb Registering synchron p Califon Detailed WIE antorgenhiet 4 6 pira 34080 Zoom 07t lation Display ESOCReportTotnQc gt gt gt EffectCalifonwSOc N 8 09 O m 4 O m 5 am TiMr OelayCalfontCOC lt amp PectCalfont SO ine Foch GtimepertToESOC Awwt 0Mins fork Amat CaldonCommtitetus amp DelayCaMfeoGCi lr Legend QB INACTIVE QB ACTIVE n progress EXECUTED X t OCReportt oADQC Executing D T4 mm Ae 5 x tiedcsenmaoc Ei omm TlH Dele CalfoncCCOC Ihr EMectCahfentSOC Ih Fork DCXeportToESOC Amati fork Amat CalfonCom
46. 1h 2012 11 12 131108 COA1 Action Respons to store simulation data done amp COA OutcomeFilters BLC15 RC22 l RORI amp COA OutcomeFilters BLC51 RC22 Waiting for Federation Manager to initialize done v COA OutcomeFilters_BLCS1_RC23 Federation starting amp COA OutcomeFilters BLC15 RC53 Running in batch mode waiting for all processes to finish amp COA OutcomeFilters BLC51 RC53 Starting CPNPacifica federate done amp COA OutcomeFilters BLC72 RCS3 starting Mapper federate done Starting OmnetFederate federate done NoCyberDep gt NoCyberDep1h Experiment Finished ProbChoiceDep eeeem Experiment Started gt ProbChoiceDep1h Batch mode is ENABLED gt RandomDurDep Checking java3d installation success gt RandomDurDep 1h Checking IP address of main machine to see if it conforms to CASIM model success Setting file permissions done Checking if federation FOM file is present success Making sure federation Pacifica2 is NOT already running success Checking critical java classes done Checking Federation Manager success Setting up BRITNeY for CPN federate CPNPacifica visualization success Checking CPNPacifica success Checking Mapper success Batch mode Running experiment 4 of 32 home c2wt Projects ngc2wt generated Pacifica2 scripts CyberGamingwithFiltersDep 1h Main start_COA OutcomeFilters_BLC72_RC22 sh Figure D 4 E
47. 2 Wind Tunnel To install execute the following command in a terminal see section B 1 2 2 for an explanation of the sudo command sudo apt get install libboost all dev Enter your password if needed and answer yes to any questions posed B 4 4 MYSQL SERVER A MySQL database 1s used to store the event history of a given execution of the C2 Wind Tunnel 1 To install MySQL server in your Ubuntu Linux Environment see section B 1 2 2 for an explanation of the sudo command A Open a terminal and execute sudo apt get install mysql server Answer y to any yes no question posed B The installation process might ask you to specify a password for the root user of the MySQL server Enter c2wt without quotes all lowercase C If the installation process does not ask you to specify a password for the root user execute this command in a terminal sudo dpkg reconfigure mysql server 2 To configure MySQL server two things must be done A First MySQL must be configured to accept connections from any machine To do this 1 Edit the etc mysql my cnf file using your favorite editor e g the vi editor Keep in mind that you must execute the editor as root you can use sudo to do this sudo vi etc mysql my cnf The line containing bind address xxx xxx xxx xxx must be changed to bind address 0 0 0 0 This is shown in the figure below Once this is done save the file and exit the edi
48. 69 Figure B 36 Importing Inetmanet project in OMNeT Eclipse IDE esses 71 Figure B 37 Choosing to import project from existing sources esses eene nnn 71 Figure B 38 Finalizing Inetmanet project import OMNeT Eclipse IDE 72 Figure B 39 Cleaning the Inetmanet project for recompilation esee 72 Figure B 40 Choosing to rebuild the entire project after clean ssseeesesseseseeeeseeesssess 73 Figure B 41 Importing ngc2wt project in OMNeT Eclipse IDE eerie 74 Figure B 42 Imported view of the ngc2wt project in OMNeT Eclipse IDE 75 Figure B 43 Importing other projects in OMNeT Eclipse IDE eee 76 Figure B 44 Opening a project am GWE uode aii eae eq nt E neus 77 Figure B 45 Selecting the project to open dm GM E aacadoao Ca vender g ce vg deir uu amisi eudeeaui a 77 Figure B 46 Importing an XML file for the project to open in GME eerie 78 Figutre B 47 s lectine XME file to open tir GME udi ut eel ae alan 78 Figure B 48 Choosing to create a project file for the opened XME file in GME 78 Figure B 49 Specifying filename to save the project file in GME eee 79 Figure B 50 Interpreter buttons when a project is opened in GME sssessseeeeeeeeeeeees 80 Figure
49. Attack sub OmnetFederate 7220 000 nodeFullPath StartNodeAttack sub OmnetFederate 7220 000 originFed StartNodeAttack sub OmnetFederate 7220 000 sourceFed StartNodeAttack sub OmnetFederate 7220 000 uniqueCommandiD StartNodeAttack sub OmnetFederate 16220 000 nodeFullPath StartNodeAttack sub OmnetFederate 16220 000 originFed StartNodeAttack sub OmnetFederate 16220 000 sourceFed StartNodeAttack sub OmnetFederate 16220 000 uniqueCommandiD StartDelayNodeAttack sub OmnetFederate 16220 000 delayMean StartDelayNodeAttack sub OmnetFederate 16220 000 delayStdDev StartDelayNodeAttack sub OmnetFederate 16220 000 nodeFullPath StartDelayNodeAttack sub OmnetFederate 16220 000 originFed StartDelayNodeAttack sub OmnetFederate 16220 000 sourceFed StartDelayNodeAttack sub OmnetFederate 16220 000 uniqueCommandiD CPNPacifica pub ESOCReportToADOC 39920 000 sourceFed CPNPacifica pub ESOCReportToADOC 39920 000 originFed CPNPacifica pub ESOCReportToADOC 39920 000 report ESOCReportToADOC sub Mapper 39920 000 sourceFed ESOCReportToADOC sub Mapper 39920 000 report ESOCReportToADOC sub Mapper 39920 000 originFed Mapper pub NetworkPacket 40520 001 sourceFed Mapper pub NetworkPacket 40520 001 originFed Mapper pub NetworkPacket 40520 001 packetType Mapper pub NetworkPacket 40520 001 senderHost Mapper pub NetworkPacket 40520 001 senderHostApp Mapper pub NetworkPacket 40520 001 senderAppindex Mapper pub NetworkPacket 40520 001 numBytes Mapper pub NetworkPacket 40520 001 data Mapper p
50. EG SZ C Program Files ISIS GReAT Ei System ab TAES REG SZ T por oim ab NUMBER OF PROCESSORS REG SZ 1 ci Gal Class ablos REG SZ Windows NT AA co mputerName ab PATH REG_EXPAND_SZ Ciwindowslsystem32 C windows C win H ContentIndex ab PATHEXT REG SZ COM EXE BAT CMD VBS VBE 5 JSI Lsa lab PROCESSOR ARCHITECTURE REG SZ x86 Z3 Nis ab PROCESSOR IDENTIFIER REG SZ x86 Family 6 Model 30 Stepping 5 Genuin a Print ab PROCESSOR _LEVEL REG SZ 6 ProductOptions ab PROCESSOR _REYVISION REG 5Z le05 C serviceCurrent lab SystemDrive REG SZ e E Cl Session Manager lab SYSTEMROOT REG SZ Ci windows Environment ab TEMP REG EXPAMD Sz C windows temp Memory Manage ab TMP REG EXPAMD SZ C windows temp Ga vMM32Files ab UDM_PATH REG SZ C Program Files ISIS Udmi _ kl Windows ab windir REG EXPAND SZ CiWwindows J Hardware Profiles ab winsysdir REG SZ Ciwindowslsystem32 C services C MountedDevices H E HKEY LISERS H E HKEY CURRENT CONFIG amp i C HKEY DYN DATA 4 gt w hnine VirtualBo HKEY_LOCAL_MACHINE System CurrentControlSet Control Session ManagerlEnvironment A Figure B 7 Creating a new String variable in Registry Editor To give the variable a value right click on it and select modify from the resulting menu Registry Editor Registry Edit View Favorites Help E My Computer Ga HKEY_CLASSES ROOT CJ HKEY_CURRENT_USER HKEY_LOCAL_MACHINE H E HARDWARE C Software Cd System H E C
51. EUMoneyGram set euros Double parseDouble t nextT oken EUMoneyGram set sender t nextT oken EUMoneyGram set receiver t nextT oken Figure 4 Example for a complex mapping The Mapper models support one to one one to many many to one and many to many translation relationships between messages 4 4 Specific simulation engines integrated In the course of the project we have integrated the following simulation engines 10 1 Colored Petri Net Tools CPNTools We have developed a generic adaptor for CPN Tools and a model driven configuration mechanism to integrate specific CPN models into the new C2WT platform The generic adaptor contains all the code needed to execute CPN models The model driven configuration mechanism provides support as follows a CPN model can be imported into the CZWT modeling tool and if the CPN model followed certain conventions model specific message types and model elements are automatically generated These are then used to configure the integrated simulation scenario including the Mapper and other simulation engines 2 OMNeT 4 a network simulator We have developed a generic adaptor and corresponding Simulation Object Model SOM for the network simulator The SOM supports basic message exchange sending and receiving network datagrams through the simulated network as well as turning on and off various cyber effects We have developed simulation models for these cyber effects in OMNeT
52. IM models easier There are two components HLADecorator and HLAHelper B 4 2 2 2 1 Registering the HLADecorator component for CASIM When we are working with CASIM models it is convenient to have the HLADecorator plugin installed as it allows CASIM Interaction parameters and Object attributes to be displayed as part of an interaction or object respectively Depending on whether you have Microsoft Visual Studio 2008 or not use the following methods to access the HLADecorator dll file 1 If you do not have Microsoft Visual Studio 2008 1 e 2008 or later installed proceed to the next step Otherwise open the C2WTROOT src c2w cpp HLADecorator HLADecorator sln solution file in Visual Studio and build the Release version 2 If you exited GME in the previous section open CASIM mga project in GME before proceeding A Execute GME as in step 1 of section B 4 2 2 1 B The CASIM mga file along with its full path should appear near the bottom of the File menu Select it to open the CASIM mga project 3 Toregister the HLADecorator A Go to Tools Register Components in GME B In the resulting window select Systemwide radio button in Register choices and click on Install New C In the resulting window navigate to and select the HLADecorator dll file e If you built the HLADecorator using Visual Studio in step 1 above select C2WTROOT src c2w cpp HLA Decorator Release HLA Decorator dll
53. IR gt Set a persistent environment variable INET HOME to INETDIR see section B 1 3 1 for how to set a persistent environment variable in the Ubuntu Linux environment B 4 12 2 Configuring INETMANET Following are the steps to configure Inetmanet 1 2 Execute OMNeT as in steps 1 3 in section B 4 6 2 1 Under File select Import 70 Simulation OMNeT IDE File Edit Navigate Search Project Run Window He New t simulation Open File EL E Problems 3 K Module Hierarchy 72 NED Parameters fg NED Inheritance I 0 items Description Resource Path Location Figure B 36 Importing Inetmanet project in OMNeT Eclipse IDE 3 In the resulting window click on the small triangle next to General A sub menu should appear under General Select Existing Projects into Workspace from this sub menu and click Next Select N gt Create new projects from an archive file or directory 55 Select an import source x Y General G Archive File amp Existing Projects into Workspace G File System N EX Preferences gt amp C C gt CVS gt amp EJB gt amp Git gt amp Install gt Ca lava EE Figure B 37 Choosing to import project from existing sources 4 In the resulting window type lt INETDIR gt into the text field next to Select root directory and then click in the Projects subwindow A project should appear in thi
54. In the resulting window in the left hand sub window navigate to HKEY LOCAL MACHINE System CurrentControlSet Control Session Manager Environment In the right hand sub window will appear a list of the names types and values of all of WINE s current System environment variables To create a new variable right click on the Environment folder highlighted in blue below and select New gt String Value Registry Editor Registry Edit View Favorites Help My Computer m HKEY_CLASSES_ROOT ab Default REG SZ value not set C HKEY_CURRENT_USER ab ComSpec REG EXPAND SZ C windows system32 cmd exe LO HKEY_LOCAL_MACHINE ab GME_ROOT REG SZ C Program Files GME H HARDWARE ab GREAT 3RDPARTY PATH REG SZ C Program Files ISIS GReAT 3rdparty E Software ab GREAT_PATH REG SZ C Program Files ISIS GReAT System lab NUMBER _OF_PROCESSORS REG SZ 1 E E LT bjos REG SZ Windows NT H Class ab PATH REG EXPAND SZ Ciwindowslsystem32 C windows Ci win a zi x E Eom ab PROCESSOR IDENTIFIER REG SZ x86 Family 6 Model 30 Stepping 5 Genuin nis ab PROCESSOR LEVEL REG SZ 6 amp Print ab PROCESSOR_REVISION REG SZ le 5 C ProductOptions ab SystemDrive REG SZ C C ServiceCurrent ab SYSTEMROOT REG SZ Ciwindows H E session Manager ab TEMP REG EXPAND SZ C Wwindowsltemp um En K
55. LAHelperComponent sIn solution file in Visual Studio and build the Release version 2 If you exited GME in the previous section open CASIM mga project in GME as in step 2 of section B 4 2 2 2 1 3 To register the HLAHelper A Go to Tools Register Components in GME B In the resulting window select Systemwide radio button in Register choices and click on Install New C In the resulting window navigate to and select the HLAHelperComponent dll file If you built the HLAHelperComponent using Visual Studio in step 1 above select C2WTROOT src c2w cpp HLA Helper Release HLAHelperComponent dll 51 E F If you don t have Visual Studio select C2W TROOT src c2w models gme hla HLAHelperComponent dll which is a pre compiled dll that comes with the C2 Wind Tunnel Double click on the HLAHelperComponent dll file or click on the Open button This will install the HLAHelper and close the window B 4 2 1 3 CASIM generate Java C and other files based on the structure of a given CASIM model In addition to registering these interpreters GME must be configured to look in the necessary directories for needed Java class files so that these interpreters can execute B 4 2 1 3 1 In the original window click the Close button OK now you can exit GME Registering Java based GME interpreters for CASIM The interpreters for Modifying the GME classpath Here
56. LE NAME gt lt VARIABLE VALUE Here VARIABLE NAME is the name of the environment variable and VARIABLE VALUE is the value that will be assigned to the variable Note two important things e export if this isn t used the variable will be ineffective for the C2 Wind Tunnel e There are no spaces to either side of the equals sign Use of spaces on either side of the equals sign will result in an error In the following command the C2WTROOT environment variable is assigned the value home c2wt Projects ngc2wt export CQWTROOT home c2wt Projects ngc2wt Having set this environment variable it will retain this value for the life of the terminal That 1s once the terminal 1s closed the environment variable will no longer exist To make an environment variable persistent 1 e so that it will have a given value in every terminal and every other application the command to set it must be placed in either the HOME bashrc file where HOME is your home directory or the etc bash bashrc file the latter can only be modified by the root user That is at the end of one of these files place the command that sets the environment variable to the desired value as shown below everything above the command was already in the file fe if the command not found package is installed use it if x usr lib command not found o x usr share command not found then function command_not_found_handle check because c n f co
57. NE as your Windows environment please define a CZWTROOT environment variable as described as the end of this section 1 Nothing special need be done to access the C2WTROOT directory from the WINE windows environment To demonstrate this open a terminal and execute the winefile command winefile A window like the one below should appear The root directory of the Ubuntu environment should be mapped to drive Z in the WINE windows environment So for example if C2WTROOT in Ubuntu is home c2wt Projects ngc2wt in WINE it is Z home c2wt Projects ngce2wt This directory is indicated by an arrow the below window Any file in Ubuntu can be accessed this way from WINE Wine File Z home hnine Projects ngc2wt File Disk View Options Window Help Size CDate ADate MDate 0 3 15 2012 4 34 54 PM 3 19 2012 10 54 33 AM 3 15 2012 48 B O 1 9 2012 11 51 18 AM 3 19 2012 12 36 28 PM 1 9 2012 11 3rdParty O 1 9 2012 11 44 32 AM 3 18 2012 3 27 21PM 1 9 2012 11 build O0 1 10 2012 1 30 18 PM 3 18 2012 3 27 21PM 1 10 2012 1 Contrib 0 3 16 2012 12 56 23 PM 3 18 2012 12 56 35 PM 3 16 2012 1 doc 0 3 16 2012 5 16 50 PM 3 18 2012 5 17 03PM 3 16 2012 5 ExecutionDirectory O 1 9 2012 11 44 34 AM 3 18 2012 3 27 21PM 1 9 2012 11 generated O 1 10 2012 1 30 18 PM 3 18 2012 4 02 04 PM 1 10 2012 1 log 0 3 14 2012 4 30 32 PM 3 18 2012 12 53 33 PM 3 14 2012 4 src 0 3 12 2012 2 22 15 PM 3 18 2012 3 56 18PM 3 12 2012 2 src interna
58. S Freure FE Conceptual Arete Or iso sas ueste esos dan ec us enu astu E e Lo eroe a M eee IUD SECO 5 Figure 2 Next Generation C2W T Architecture Example 22 ta reus de Mna thai Healer deca Ba eaio pae ds 8 Figuro ExonnplesSequence miode luoissadiodutdind ren arteritis ener tr tre ti mer er rer renee a 9 Figure 4 Example Tora complex Map pin seerne rise tue keane nee a ee 10 Feur gt Example CPN Mode latest cies cde ove nasal alate suat edite eeu ssiinda lel EE 12 Fisure o Example OMNe L FEMO delice a E E S cessi A 12 Figeure 7 CPIN and OMNeT models executing oiii e iiie a A A E EAA 13 Figure 8 Example SQL database showing experiment results eerie 14 I1sure 9 The bland of Paettea 5 adii a do Ehe ao ae ses teat uL i cen oL ELO 15 Figure 10 The Timed Influence Net model for the Phase 1 scenario sssseeesseeseeesssessss 19 Figure 11 The Colored Petri Net model of the Phase 1 scenario seseeeseseeeeeeeeeeeeeee 21 Diseurce 12 Detailed GDINOdelasisos dee as ate ti gue e oti quiu ik usate eerie 22 Figure B 1 Exporting CZWTROOT environment variable eese 33 Pieure B 2 Loading Systemi Properties iion ea eds Ue aeneae nanus oec deae eE den deasutu ATE eee 34 Figure B 3 Loading Environment Variables eese eene 35 Figure B 4 Editing Environment Variables 1 eicere ta tra titia niani xa id as aa ca cuc ac ana road ue sae
59. SOFTWARE INSTALLATION Please download and install the software listed on the following pages and make sure it 1s working properly This software can easily be obtained from the web and does not require special configuration B 4 1 Java Java 1s used extensively 1n the C2 Wind Tunnel both in the Ubuntu Linux and Windows environments B 4 1 1Installing Java into the Linux environment The C2 Wind Tunnel has not been tested with any Java distribution other than that provided by Oracle so it 1s this distribution that should be installed To do this enter the following command bash C2WTROOT 3rdParty java install oab java sh This will build deb Ubuntu package files for Oracle s Java and make them available for installation Then enter the following command on one line Accept all license agreements and answer yes to any questions posed sudo apt get install sun java6 bin sun java6 fonts sun java6 jdk sun java6 jre sun java6 plugin This will install all necessary java packages into Ubuntu Now importantly enter the following command sudo update java alternatives set java 6 sun This will select Oracle s java as the primary java installation to use in your Ubuntu Linux environment there are other java installations available like openjdk but these have not been tested with the C2 Wind Tunnel Now define the following persistent environment variable see section B 1 3 1 with the value as shown Variable Name JAVA
60. Start up Disk checkbox 1s checked and the radio button Use existing hard disk is selected Next click on the folder icon next to the radio button Use existing hard disk to browse to the VM file with VDI extension to select it Make sure to select the CASIMAlIlInUbuntu32Bit vdi file Click Finish to complete the VM creation wizard Now you should see a CASIMAllIInUbuntu32Bit appear in the Oracle VM VirtualBox Before we can start the VM we must adjust some key VM settings as described in the next section A UPDATING VIRTUAL MACHINE SETTINGS BEFORE RUNNING FOR THE FIRST TIME Most of the settings should already be rightly set when you create the VM However there are certain settings that must be updated before we can start the VM for the first time Listed below are only the settings that must be updated System Motherboard tab In the Extended Features section make sure that Enable IO APIC Hardware clock in UTC time and Enable absolute pointing device is checked and Enable EFI special OSes only is NOT checked System Processor tab 25 It is better to assign 4 processors to the VM Also make sure that in Extended Features Enable PAE NX is NOT checked System Acceleration tab Make sure that both the checkboxes Enable VT x AMD V and Enable Nested Paging are checked Display Video tab Make sure that you assign 64MB of RAM for the VM video memory Make sure that the c
61. T please grant these permissions a Folder Sharing amp Share this Folder Share name ngc2wt Comment Allow others to create and delete files in this folder Guest access For people without a user account Cancel Crea s Share Figure B 14 Creating a folder share E In the original nautilus window that contains SC2WTROOT the folder icon for C2WTROOT should have an overlay indicating that it is shared as highlighted in the below window 41 Projects Computer Home E Desktop i Documents Downloads ii Music m Pictures E Videos File System E Trash Network Browse Network lt Home Projects Q search C2wTunnel ngc2wt ngc2wt selected containing 11 items Figure B 15 Shared folder 2 Now that C2WTROOT has been made a share in the Ubuntu environment to access it from the Windows OS one only need to map it as a network drive A Acquire the IP address of the Ubuntu environment One way to do this 1s in a terminal execute the ifconfig command ifconfig In the resulting output from the command next to inet addr are the IP addresses of the Ubuntu environment hnine hnine VirtualBox ifconfig Ru IT Link encap Ethernet HWaddr 08 00 27 a3 13 af inet addr 129 59 105 24 Bcast 129 59 105 255 Mask 255 255 254 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 7675168 errors 0 dropped 0 overruns 0 frame 0 TX packets 770378 errors 0 dropped
62. University extended the CPN simulation by incorporating a variety of scenebeans animations 93 APPENDIX E INTEGRATING CPN MODELS WITH C2WT The purpose of this Appendix is to describe how we configure a CPN model in GME model and configure it so that it can run as a federate in C2WT It also provides the interface description of CPN federate and HLA This Appendix does not describe installation and configuration of CPNTools BRITNeY software or C2WT User can use Appendix B for the details of installation and configuration of C2WT Below are the steps to configure a CPN model to run as a federate in C2WT Step 1 Design a CPN model for a scenario Create separate input and output places for input to it from HLA and output to HLA Make sure that names of all output places start with Send e g Send Command SendCoordinateMessage and names of all input places start with Receive e g ReceiveOpsFeedback Receive Ops Report Step 2a The output tokens to be sent to HLA must arrive at output places in the following format l InteractionName Comma separated Parameters Timestamp For example 1 Instruction ISRD TET REVISE_ITNL 200 5 Above example shows an interaction Instruction to be sent to HLA with a timestamp of 200 5 This interaction has 3 parameters Name of the organization issuing a command type String Name of the organization receiving a command type String The command string Note The paramete
63. VANDERBILT UNIVERSITY INSTITUTE FOR SOFTWARE INTEGRATED SYSTEMS Institute for Software Integrated Systems Vanderbilt University Nashville Tennessee 37203 NEXT GENERATION COMMAND AND CONTROL WIND TUNNEL FOR COURSES OF ACTION SIMULATION Himanshu Neema Gabor Karsai Alexander Levis TECHNICAL REPORT ISIS 15 119 May 21 2015 TABLE OF CONTENTS Section I3SLODEISITOS coupe birpuseiddbdud pest E dubie alan eee eau IBigogMEI p M IO SUMMARY De mER 20 ZNTIRODUCLEION 558 ot xpi din bed kb eine uttter ined Metti eR eds 30 METHODS ASSUMPTIONS AND PROCEDURES ce 3 1 ASSUMP ONS o5 ito ber oda ise Lp cee ees caus ewe em aa N SER ce eae 3 4 CONCEP Mal ATCIHIOC UTE eesis rosier Ene dene td Vesp betapeti doo So Ker a EN REEMEE 3 3 PPE OCC CINE eS uebsecindiebeuebobenn usu edd eme panel dint le oa DE a RE DAC SU T RUM m MODE CUI eS toteueusede denso tuu ud aii cu chu t DII ME DIU E I M eed 40 RESULTS AND DISCUSSION 5 5 4 rue HdnraR ER EIE Mer No Vea UV dee ES eve Es 4 Method TOF JH e PEAHOTI creer Uo rH ES TRECE p EE PRENM uaa PUPPI DEDI 4 2 Sequence models and the Orchestration Engine ssuueeeeeeeeeeeeeeee 4 3 TEE NDIO NETTES 4 4 Specific simulation enermes Interr ated isses eee en a 4 5 MoOde OT ODetallOfi a eoe dover eoan osinn ESTATE ENEI RT EN EERE 4 6 Experiment execution and analysis cece cece cece ce
64. a file called Pacifica2 CyberGamingDeplh database names txt in directory home c2wt Projects ngc2wt generated Pacifica2 scripts CyberGamingDep h Main directory This file contains the names of the databases that were generated for each of these 30 experiments This file is used by the data collection script to read the MySQL databases and generate an Excel spreadsheet of the results To run the data collection script run the following command bash x src Pacifica2 scripts CollectStats sh The above command should produce a file Pacifica Stats DATE lt TIME gt xls file corresponding to the experiment results If you want the NoCyber experiment results to be also part of the above Excel spreadsheet simply edit the database names file Pacifica2 CyberGamingDeplh database names txt in directory home c2wt Projects ngc2wt generated Pacifica2 scripts CyberGamingDep l h Main directory by adding a new line of text corresponding to the name of the database generated for the NoCyber experiment For example you may want to add a line with text Pacifica NoCyberDeplh 2012 04 26 110422 at the end of the file Now if you run the above command it will also include NoCyber experiment in the data collection A 5 RUNNING EXPERIMENTS USING EXPERIMENT CONTROLLER The CASIM Virtual Machine comes with a tool called Experiment Controller This tool automatically searches for all available scenarios experiments and runs within tho
65. a into command centers and tactical platform computers In response to Nevidah s successful SOF attack Califon use of its primary cyber networks 1s reduced dramatically but there has been minimal detectable impact on its C2 capabilities suggesting that it has shifted to a war reserve capability and or implemented a variety of mission assurance protocols which reduce the demand for information exchange and associated bandwidth The US directs implementation of its plan to deploy additional fighters and ISR RPVs to Nevidah another carrier strike group to the region as well as bombers ISR and C2 BM aircraft and aerial tankers to Gamu but finds that Califon 1s disrupting unclassified deployment systems and impairing even classified networks through attacks on commercial communication routers and switches The US postures forces and declares its intent to implement a full air and naval blockade of Califon until it agrees to negotiations Then it develops defensive options for Counter Counter C2 CC C2 operations to protect routers and switches and Counter Counter Cyber CC Cyber operations to detect and prevent data injection attacks and mitigate Denial of Service DOS attacks against servers and clients The US prepares NW and EW attacks to disable Califon IADS and EW Radars and Counter C2 and Counter Cyber attacks against Califon forces Furthermore the US develops options to employ Cyber IO capabilities in the disputed region to undermine effe
66. ackets along node in the network This can be used for things like slowing down certain routers switches or hosts in the network such that the communication in a specific path in the network gets delayed Parameters nodeFullPath the node to be delayed delayMean mean for the delay in seconds for the node 100 delayStdDev standard deviation for the delay Status It has been fully 1mplemented and tested 14 Delay Path attack Name DelayPathAttack Assumption The network model uses static routes no route modification during execution Description Delay flow of packets along a path in the network This can be used for communication delay along a specific path in the network Parameters firstNodeFullPath first node of the path to be delayed lastNodeFullPath last node of the path to be delayed delayMean mean for the delay in milliseconds at each node along this delayed path delay Variance variance for the delay enabled whether delay 1s enabled or disabled Status It has NOT been implemented but is easy to implement F 2 CYBER EFFECTS AND OPTIONS TO ACHIEVE THEM IN OMNeT LIBRARY Table F 1 Cyber effects and options in CASIM s OMNeT generic library d 1 Timeout in receiving Msgs a StartNodeAttack b StartDisableNetworkAttack c StartDelayNodeAttack d StartNetworkFilterAttack e StartLinkAttack 2 Msgs repeated in a loop Replay a StartReplayAttack a Yes attack than sent
67. activated when such an interaction 1s received by the federation manager 90 D 7 COA SIMULATION DISPLAY The COA Sequence Executor informs about the nodes of then COA models as it executes them in the form of console log messages However we wanted to create a graphical display that replicates the COA model visually and displays the execution of the COA model visually at run time as the COA models are executed Therefore we extended the federation manager to also include a COA simulation display GUI using an open source JGraph library to automatically generate a graphical GUI from the COA data structures and then make it stateful using icons for the three different states of COA nodes viz INACTIVE not yet reached in COA execution ACTIVE currently being executed and EXECUTED already finished executing The result is that the COA simulation can be visually seen and intuitively shows what is happening in the simulation and why D 5 C2WT EXPERIMENT CONTROLLER One of the most requested requirements among users of C2 Wind Tunnel is to create a front end graphical user interface that is easy and intuitive to use The C2 Wind Tunnel Experiment Controller written as a python application serves this purpose It can be used to automatically detect the available experiments for various scenarios users have created and generated and compiled code for It can be used to execute any set of the selected experiments Apart from this basic funct
68. an run the supplied Ubuntu Virtual Machine which contains all necessary software including GME pre installed and pre configured it should be sufficient Windows machine can be used to natively compile a couple of C GME components HLADecorator and HLAHelper the sources for which are supplied with CASIM However for user s convenience pre compiled binaries are also supplied with CASIM so that user can work completely in the Ubuntu Virtual Machine If there are changes user wants to make or want to re compile these GME components for their Windows the following software is needed 1 GME 12 3 13 2 UDM 3 2 10 needed only to convert UDM based script XML file to GME model 3 JDK 1 6 0_37 4 MS Visual Studio 2010 Below are the tools that must be installed on the Ubuntu machine to develop and execute CASIM scenarios 1 JDK 1 6 0_37 2 Java 3D 1 5 2 3 Boost 1 46 0 4 Portico 1 0 2 5 CPN Tools 2 2 0 6 OMNeT 4 2 1 7 MySQL Server 5 5 28 8 MySQL C Connector 1 1 0 9 INETMANET aarizaq inetmanet 2 0 1898946 Commit ID 1898946af9578b4a4858 dcc0d4643d7fb893280 on github for aarizaq inetmanet 2 0 repository Apart from above there are several other third party libraries that come with the CASIM sources when you download the sources from its SVN These are 1 BRITNeY 2 2 0 2 GetOpt 1 0 13 3 JGraphX 1 7 1 10 4 MySQL Java Connector 5 1 14 5 StringTemplate 3 2 which uses ANTLR 3 1 3 6 XOM 1 2 6 85
69. anners However often heterogeneous specialized simulation tools and models need to be integrated in an overarching framework such that meaningful results can be generated For instance in a C2 setting various domains including vehicle dynamics communication networks computing nodes and human organizations and decision making processes need to be co simulated There is no single simulation package that can perform all of the above but there are well developed simulation models for the individual domains The challenge is the semantically correct composition of models in an effective way The talk will present a model based approach developed in the course of the Command and Control Wind Tunnel C2WT project and further developed during the Course of Action Simulation CASIM project that 1s based on the precise modeling of simulation interactions and the mapping between those as well as operational sequences that drive the simulation execution framework The integration models are used to automatically generate the interfaces and translation processes and configure an instance of the C2WT to execute the simulations in a coordinated manner The talk will highlight the technical issues of simulation composition and present our solutions 116 J 2 SLIDES Model based Integration of Heterogeneous Simulations i Gabor Karsai Himanshu Neema Harmon Nine Institute for Software Integrated Systems Vanderbilt University Su
70. are the steps to modify the GME classpath 1 Execute the registry editor for your Windows environment 2 3 4 M M For WINE enter the following command at a terminal the single quotes are very important wine C windows regedit exe For a Windows OS in particular Windows XP where the instructions for Windows 7 are similar A On the Windows desktop click Start gt Run B In the resulting pop up window enter regedt32 in the text field C Click OK to execute regedt32 the registry editor In the registry editor in the left window navigate to select the HKEY_ LOCAL _MACHINE SOFTWARE GME folder In the right window RIGHT click on JavaClassPath and select Modify In the resulting pop up window enter data below in Value data text field PLEASE DO THIS M X Without the newlines Replace JAVA HOME GME ROOT and C2WTROOT with their values Their values can be seen by navigating to HKEY LOCAL _MACHINE System CurrentControlSet Controh Session ManagerNEnvironment in the registry editor Here s the data JAVA_HOME jre lib rt jar JAVA_HOME lib tools jar GME_ROOT SDK Vava gme jar C2W TROOT 3rdParty java britney CPNToolsSimulator jar C2WTROOT 3rdParty java britney Headless jar C2W TROOT 3rdParty java britney NetLoader jar C2WTROOT 3rdParty java britney NetModel jar 52 C2WTROOT 3rdParty java britney Simulation jar C2W TROOT 3rdParty java britney Simul
71. ase you are going to access Information about supported databases and links to download sites for JDBC drivers are available at http www dbvis com C2WindTunnel Enter the connection alias for the new database connection This is the name you will use to refer this database connection throughout the application Figure B 26 Entering database name for the new database connection in DbVisualizer 59 D In the resulting Select Database Driver window select MySQL from the drop down menu Then click Next New Connection Wizard Select Database Driver Informix DataDirect 2 JavaDB Derby server 3 JavaDB Derby embedded JDataStore 3 JOBC ODBC Bridge MaxDB Oracle Thin Oracle OCI Oracle DataDirect Pervasive 4 PostgreSQL Progress Ol ite ba Back Nexi Cancel Figure B 27 Selecting database driver for the new database connection in DbVisualizer E In the final window enter root for the Database Userid and c2wt as the Database Password this will appear as dots when entered Leave everything else as is Click Finish Your new C2WindTunnel database connection should appear under the Connections heading in the left had sub window of the DbVisualizer main window 60 C2WindTunnel MySQL P Database Userid Database Password M J ig Database Server localhost Database Port 3306 Database Auto Commit Iv Save D
72. atabase Password Save Between Sessions Connection Mode Development Buffer All Rows for a Result v a Ping Server Back Finish N Cancel Figure B 28 Entering username and password for the new database connection in DbVisualizer B 4 7 Java3D To install Java3D in your Ubuntu Linux environment type the following command at a terminal sudo apt get install libjava3d java The dependent packages libjava3d jni and libvecmath java should be installed automatically when this command executes B 4 8 Java ProcessId JNI Module The java ProcessId JNI module allows a java process to be managed by the C2 Wind Tunnel it particular so it may be terminated automatically To build this module execute the following command in a terminal bash C2WTROOT src c2w java c2w util process buildProcessIdJNI sh B 4 9 PORTICO Portico provides the RTI functionality of the C2 Wind Tunnel and so a key component of the C2 Wind Tunnel It is installed in the Ubuntu Linux environment 61 VERY IMPORTANT Portico uses IP Multicast for network communication In the versions of Ubuntu we have used for the C2 Wind Tunnel IP Multicast will not work if IP version 6 IPv6 is enabled Therefore IPv6 must be disabled To disable IPv6 in Ubuntu edit the file etc sysctl conf AS ROOT and insert the following 3 lines at the end of the file net ipv6 conf all disable_ipv6 1 net ipv6 conf default disable ipv6 1 net
73. ation of heterogeneous domain specific simulation models i AFOSR PRET Human Centric Design Environments for Command and Control Systems The C2 Wind Tunnel FA9550 06 1 0267 2 Develop technology for the rapid modeling of operational sequences that capture salient aspects of a COA 3 Develop technology for the execution of integrated simulations under the control of and in interaction with the operational sequences 4 Develop technology for the collecting data from the simulation runs and make it available for further analysis The next section summarizes our results 4 0 RESULTS AND DISCUSSION The C2WT has been developed in an AFOSR PRET project of Vanderbilt UC Berkeley and GMU for the rapid evaluation and assessment of C2 concepts and system designs in a human centered environment The key insight of the project has been that integration of heterogeneous multi model simulations can be decomposed into a simulation integration and model integration problem While simulation integration 1s a well understood problem and DoD s High Level Architecture HLA provides a sound framework for composing simulations based on discrete event semantics model integration has not been sufficiently addressed The primary outcome of the C2WT project has been a meta modeling based model integration framework The framework includes a model integration language for capturing the interaction among component models and provides tools for generating glue cod
74. ator jar C2WTROOT 3rdParty java stringtemplate antlr 3 1 3 jar C2W TROOT 3rdParty java stringtemplate stringtemplate 3 2 jar 5 Click OR 6 Exit the registry editor B 4 2 1 3 2 Registering the interpreters To register the interpreters you must execute the JavaCompRegister exe in your Windows environment ta For WINE in your Ubuntu Linux environment enter the following command in a terminal the single quotes are very important wine C Program Files GME SDKVavaVavaCompRegister exe to In a Windows OS execute C Program Files GME SDKVavaVJavaCompRegister exe in a command window or by using the file explorer When JavaCompRegister exe is executed the following window will appear Hame Description FroglD Mga Interpreter GUID 00E 566E 5 9233 48B0 9596 4650C0 66E 745 ClassPath Class Paradigms MenuT ooltip T Fegizter systemwide Cancel Figure B 21 Registering GME components JavaCompRegister exe must be run 4 separated times once for each table below to The tables show the data that should be entered into the JavaCompRegister exe window to After all data has been entered for a particular run click Register button x C2WTROOT should be substituted with its actual value as it was in step 2 of section B 4 2 1 3 1 53 Table B 2 Values for registering C2W Main Interpreter Field Checkbox Name Data Action Name C2W Interpreter Descriptio
75. by the project into the HLA 1 e portico e The C2W Deployment Interpreter will generate shell scripts to allow you to run the Federation modeled by the GME model of the project using the HLA Each interpreter 1s executed by pressing the appropriate button at the top of the GME window The buttons should have the Java logo a steaming cup of coffee on them and there should be four of them circled in the figure below You can determine which 1s which by centering the mouse over them a tooltip will appear indicating which interpreter will be executed by pressing the button 79 CASIM Helloworld File Edit view Tools Help im d cad X14 cld 3 9 gioi m E33 hug BIB Ep dp dp x Be Fart Browser vx GME Browser aw KX Aggregate Inheritance Meta WP Om om n WA doi ow X X X D CRDCENCESP Do Comoe lt e UTI See ie Importing Z home hnine Projects ngc2wtisrc HelloWorld imodels gme HelloWorld xme ard Z home hnine Projects ngc 2wtisrc HelloWorld models gme HelloWorld xme was C successfully imported Hellow orld for Kind Attributes Preferences Properties Ready car NuMjscnL Eprr 1009 cAstM 0 49 am 4 Figure B 50 Interpreter buttons when a project is opened in GME The two of the interpreters you ll be using the most are e The C2W Main Interpreter or C2W Interpreter will generate all code e g Java C needed needed i
76. case by case basis Integration of the specific model involves specifying how to translate messages between simulators This is done with the help of a pseudo simulator an HLA federate that acts as phone exchange between the simulation engines that can translate the messages As an example let s consider two simulators X and Y that need to talk to each other and each has a corresponding model data set A and B respectively Both can produce and consume certain type of messages and the HLA wrapper consumes and produces these messages Now if X wants to exchange messages with Y and these messages may be dependent on the model data i e A and B there has to be a mapper that translates the messages in both directions Note that this translator may have to be configured according to the A and B models However configuring the mapping is much simpler than writing or modifying an HLA wrapper The figure below illustrates the example instantiation of the architecture with the two simulators and the mapper Simulation X Simulation Model Engine FOM A for X Simulation Engine Simulation Y Simulation Model Engine FOM B for Y Simulation Engine Federate X Federate Y Integration Layer X Integration Layer Y HLA Bus METi Orchestration Scenario Specific Mapping Model Sequence Simulation Engine X and Y Model Specific Figure 2 Next Generation C2WT Architecture Example Note that for large configuratio
77. ce eee e eee e eee e ee eee eees 50 THE CASIM PACIFICA SCENARIO sss boire Eu RR PAP RE PIU EE pr etos 5 1 Pae Bu uu d 5 2 Phase 1 Deter Califon aggression via cyber operations sssseesuuuuss 5 3 Phase 2 Serze the Mat ive 25d vo SEEDS OAE 2 4 The Pacifica Scenario Models ssieeoos suse not ote Rhe DEEP VERDI at RR Re nU 9 0 CONC USIONS S Qpustotamidtod M asap aua Di E 20 DRUG U mU e MU DEM MU ariuE PO REFERENCE S Meee ee ee ee rer ee rere E ee ee rer cr Ter ee Tren err a err rer crane tT APPENDIX A INSTALLATION AND CONFIGURATION USING A CASIVE VIR UAL MAC BENE ness nou re neo eiat aedes peus oe sees APPENDIX B INSTALLATION AND CONFIGURATION FROM SOURCES APPENDIX C LIST OF SOFTWARE USED IN CASIM nnn APPENDIX D CASIVIKE Y FEATURE S 2 ooruri Seen US uu Rep d edema Rd erect APPENDIX E INTEGRATING CPN MODELS WITH C2WT ee APPENDIX F CYBER EFFECTS AVAILABLE IN CASIM eee APPENDIX G AUTOMATED MAPPING TECHNOLOGY IN CASIM APPENDIX H FAULT MANAGEMENT IN CASIM mH APPENDIX I C2 WIND TUNNEL EXPERIMENT CONTROLLER APPENDIX J RESEARCH PUBLICATION MODEL BASED INTEGRATION OF HETEROGENEOUS SIMULATIONS eene LIST OF ACRONYMS ABBREVIATIONS AND SYMBOLS eene REPORT DOCUMENTATION PAGE ceceni eere en N E EEE ETEN Page LIST OF FIGURE
78. ceases to conduct cyber exploits The Califon president is deterred from escalation and seeks a diplomatic solution to the mineral fields dispute The situation between Califon and Nevidah is upsetting the world markets and affecting electronics manufacturing because of the disruptions in production at the contested Mineral Fields Many countries are anxious to defuse the situation but do not wish to see the US take unilateral action The UN has already established sanctions on Califon and there is talk of establishing tougher sanction The Califon president is demanding that the UN sanctions put in place at the request of the US be removed The Califon president 1s admired domestically for challenging the US and these factors are influencing the Califon president Washorgon is suffering economically from the Califon Nevidah dispute The government of Washorgon under pressure from its population is considering sending a diplomatic mission to Califon to talk to the president The US considers the use of Information Operations strategic communications to influence world opinion and also the Califon population The US and Nevidah will conduct a combined military exercise called Rising Storm This involved bringing a US Navy carrier strike group 16 in the territorial waters of Nevidah and also the stationing of US Air Force units on Nevidah military airfields especially in the one near the Mineral Field In addition to manned aircraft the
79. ck on the small triangle next to Build Path and another sub menu will be displayed under Build Path C Click on Classpath Variables D Click on the New button for each variable to be input When the variable s information has been entered click on the OK button Ie Classpath Variables gt General A classpath variable can be added to a project s class path It can be used to define the gt Ant location of a JAR file that isn t part of the workspace Non modifiable classpath variables are gt C C set internally for example JRE LIB JRE SRC and JRE SRCROOT depend on the JRE setting Defined classpath variables gt Data Management ECLIPSE HOME non modifiable home c2wt Omnet omnetpp 4 2 1 ide New gt FreeMarker Editor gt Help GME ROOT home c2wt Projects ngc2wt 3rdParty java gme JAVA HOME usr lib jvm java 6 sun gt Install Update Java gt Appearance Build Path Classpath Variables User Libraries Name RTI HOME gt Code Style gt Compiler Path opt portico portico 1 0 2 File Folder gt Debug gt Editor gt Installed JREs i Cancel JUnit Cancel OK F Figure B 35 Adding RTI HOME classpath variable in OMNeT E Enter the variable shown in the table below Substitute SC2WTROOT JAVA HOME and RTI HOME with their actual values as in the initial section on environment variables Table B 8 Classpath variable valu
80. cting the simulated human processes leading to different outcomes 2 0 INTRODUCTION The quantitative analysis and evaluation of COAs is a daunting problem Given the complexity of the operational environment in which the Air Force conducts operations commanders need the capability to consider multiple alternative courses of actions and assess their expected effects in light of the resources needed for their execution An additional complication 1s the challenge of integrated C2 in which the selected COA must work synergistically with the COAs produced by other component commanders Cyber security considerations will also affect the choice of COA The results of the work summarized in this report address the challenge of developing an integrated easily composable modeling and simulation environment to create realistic cyber warfare operational scenarios for course of action COA exploration The approach is based on a new generation C2 Wind Tunnel by enhancing the already existing C2 Wind Tunnel developed under AFOSR funding through the addition of several software tools and a modeling language for operational sequences The project entailed the following activities 1 Analysis of the problem domain 1 e the simulation based evaluation of COAs covering information operations in general and cyber operations specifically 2 Design and implementation of a novel domain specific modeling to allow the rapid integration and configuration of
81. ctiveness MoEs 2 Vanderbilt ISIS is responsible for the modeling and design tools and the run time computational infrastructure for performing the evaluation In this report we focus on the Vanderbilt ISIS activities of the project Based on our studies of the relevant open literature and the communication with experts we have concluded that the problem of evaluating Courses of Action necessitates a human involvement in the process and it cannot be completely automated The reason for this 1s the very high level nature of COAs they do not have the necessary operational details for computational evaluation In fact as far as we understand COAs today are mostly evaluated by human teams relying on human expertise and experience While we had to recognize this admittedly negative observation early in the course of the project we have designed a method for COA evaluation that is not completely automated The method can be summarized as follows Human experts develop operational sequence models OSM based the high level COA s and evaluate these using a set of federated of simulation models OSMS represent specific operational actions to be executed and expected outcomes to be observed 3 1 Assumptions There are several assumptions in this method 1 High quality simulation models are available for the relevant aspects of the systems involved For instance if the objective of a COA evaluation is to gain insight into what will happe
82. ctiveness of the Califon occupation forces and assure Nevidah based entities that help is on the way To that effect the US develops an IO campaign against Califon to counter Califon propaganda among its people and international supporters and induce mistrust in the Califon government although traditional delivery methods are also employed the primary tool is the use of Cyber IO exploits using social media and precision targeting of e mail blog sites and propaganda websites The US implements high mission assurance TTPs tactics techniques and procedures that require very little bandwidth to be effective or employs point point laser 18 communications very difficult to disrupt The US employs military deception Mil Dec in its primary C2 systems to disrupt Califon intelligence and planning 5 4 The Pacifica Scenario Models On the basis of the scenario described a Timed Influence Net TIN model 6 was generated using the software application Pythia 7 One constructs a Pythia model by defining on the right the desired effects and then unfolding backwards towards a set of actionable events that influence the desired effects The Pythia model for the Phase 1 scenario is shown in Figure 10 Figure 10 The Timed Influence Net model for the Phase 1 scenario The desired effects are depicted in the rightmost three nodes in Figure 10 They are Califon president decides to stop aggressive actions against Nevidah and to negotiat
83. ctures a plugin 04 14 2011 amp C ig videos mi STC 04 09 2012 amp C Downloads imi src internal 10 29 2012 gc MyExperimentSelections c2wt 382 bytes 10 29 2012 gc gc gc gc amp c gc gc gc gc sc Files c2wt amp c gc Q cancel gc Figure I 4 File menu The last menu item Exit can be used to close the experiment controller 1 3 2 View Menu Figure I 5 below shows the View menu C2 Windtunnel Experiment Controller View Run Help Refresh Experiment Tree Open Database Viewer Figure I 5 View menu The Refresh Experiment Tree forces the experiment controller to re scan the SCWTROOT directory and recreate the scenarios deployments and experiments tree in the left section This 1s useful if while the experiment controller is loaded user re generates code and deployment scripts of a scenario or has recently added a new scenario in the experiments set Note that refreshing the experiment tree also clears all experiment selections that user might have made in the left tree If these experiment selections are to be preserved user can save them as a file and reload the selections after refreshing the experiment tree The Open Database Viewer menu item is used to launch an external tool named DBVisualizer which is a database client that is pre installed in the virtual machine 113 DB Visualizer is used to view the log of experiment data persisted by the infrastructure during experiment runs
84. d the GME model is located at lt project_root gt src Pacifical models gme Please note however that the name to be specified in the CPNFile attribute of the CPN federate is just the name of the CPN model e g Pacifical cpn without any paths The attribute ConfigFile 1s not used anymore because the configuration file is now generated by the C2W Main Interpreter Step 8 Next we double click the CPNFederate to open the model and then run the CPNImportInterpreter to import the CPN model in GME such that the input and output places become places in the CPN federate model in GME The convention of naming input and output places to begin with Receive and Send respectively helps here because only those places 95 which have their names beginning with Send or Receive are imported as ports of the CPN federate Step 9 Next the publish and subscribe relations of the CPN federate needs to be specified This means connecting the incoming interactions to appropriate input port of the CPN federate beginning with Receive and outgoing interactions to appropriate output port of the CPN federate beginning with Send Step 10 The last step involves running the C2W Main Interpreter which generates all the source code and configuration files needed to run the CPN federate NOTE The CPN configuration file is now automatically generated and no longer needs to be manually created 96 APPENDIX F CYBER EFFECTS AVAILABLE IN CASIM
85. ddress of the network to be attacked type Type of attack from the list completely disable network not traffic reduce the communication bandwidth on each link increase latency on each link increase packet loss on each link Status It has been partially implemented Only first type has been completely implemented which completely disables a given network This first type is also tested 3 Attack a link Name AttackLink 97 Description Change the behavior of a specific network link Parameters from node one endpoint of the link to node other endpoint of the link type Type of attack from the list same as type in AttackNetwork Status It has been NOT been implemented yet 4 Network Filter attack Name NetworkFilterAttack Description Filter 1 e drop transmission of packets flowing between a given network address to another network address via a given node Parameters srcNetworkAddress src network address could be an address of a host or subnet dstNetworkAddress dst network address could be an address of a host or subnet nodeFullPath The full network path of the node where the filter attack 1s deployed Status It has been fully implemented and tested 5 Replay attack Name ReplayAttack Description A malicious node usually a router intercepts and buffers packets for a given duration initiated using RecordPacketsForReplayAttack interaction and when activated u
86. del composability To enable the rapid re configuration of evaluation scenarios To enable the interoperability of models Usability Analysts w o software engineering training must be able to use the system Configuration of evaluation must be as simple as possible Assumptions Simulation models for participant simulations are available COA is defined Notional Architecture 120 Next Generation C2WT Uniform architecture that allows using any simulation engine once it is integrated gt A simulation Simulation Engine Simulation Model Example CPN Engine Pacifica scenario model Once the engine is integrated gt no custom model specific code development the simulation model may have to adjusted Fixed Federation Object Model FOMs for simulation engines Mapper federates translate messages between simulation engines Mapper is generated from models that describe how to map the messages of one simulator into the messages of another one CASIM Design Language models operational sequences derived from COA Sequencing and timing of interactions that are injected into the federation Sequences are executed by the orchestration engine Response messages the in COA orchestration engine waits for during execution Software Infrastructure and Platform Simulation X Simulation Model Simulation t Simulation Model FRETI red Engine FOM B for Y Simulation Engine Simulation Engine Federate X
87. e from the integration model to couple the individual simulation tools to the HLA runtime infrastructure While the C2WT framework described above 1s functional and has been demonstrated in a range of applications for some time several additional features were required to enable its use in large scale COA testing and evaluation These features were based on the objectives described above The extended C2WT framework is called the Next Generation C2WT i e the title of the project 4 1 Method for integration One objective of the project has been to enable the rapid integration of simulation models To support this we developed and tested a method for integration that allows a high degree of reusability and allows quick integration The method works as follows e Each simulation model has a dedicated simulation engine that performs the calculations and the model data itself that determines what those calculations are e Fach simulation engine is integrated strictly once and this integration involves developing the adaptor code modules 1 e the wrappers that connect the engine to the HLA framework This integration means that messages interactions in the HLA can be sent to and received from the simulation engine as it 1s executing These messages are produced and consumed by other simulators in the HLA federation e The model data may change between simulation models even if the same engine is used so that is integrated on a
88. e anticipated interactions that are expected to arrive during the execution of the model Outcome filters evaluate a response and enable disable flow Fork markers Synchronization points Simulation and COA stopping points 124 CASIM Sequence model example m B Simulation Exception SimEnd Stop F AwaitN 1 er t 20secs CommandGO 1 or A t 20 Timing INNS marker TerminateCOA aiai Expected xception E 3default interaction Delay Outcome COA Stop filter ction Injected interaction CASIM Sequence Mogg and C2WT Orchestration Engine executes the Sn enke gt Kodel Sequence Model r 20sec8 fo ni a e 3 pisse 356 L zug cree D go V zJ mb TP Ka 2 z S ce i S 3 ES eue 22 P aA do PE n Sei mma MAS dU aro 13 sce 125 Integration example Pacifica scenario CPN model Organizations and decision making processes Omnett model 3 l national networks links between Integration model CPN Omnett Mapper mapping report messages to network packets and vice versa Generated from a mapping model COA cyber effects on specific node s in a network CPN Model Events of the scenario 126 Network model Ete Eat Gmutete Dace papeci yw Qpbom tp G 75 A aM km 2 ii gt its j z ent Pecaesinewonts ID voile Facil caDtwtunrk ur United Partea Oma edere C Cath Dt Mi recen 5 ie oe RE S I Mri sconce Or Pace catt Ctrl 68
89. e mineral rights Califon president decides to stop cyber attacks against the US and Nevidah and Nevidah SOF team 1s extracted after conducting a successful mission The complete set of nodes 1s shown below they give a sense of how the model has represented the scenario Washorgon announces diplomatic flight Califon president admired domestically for willingness to challenge USA ally UAV flies inadvertently into restricted zone alifon president wants UN sanctions lifted alifon president responds to political pressure US conducts cyber exploits against Califon internet communications alifon radar detects and reports SOF mission up channel to GCI Califon radar detects and reports Washorgon flight up channel to GCI Califon radar detects and reports UAV up channel to GCI Califon VOP forwards report to ADOC Califon GCI reports SOF mission to Eastern SOC Califon GCI reports Washorgon flight to Western SOC Califon GCI reports UAV flight to Eastern SOC UAV flight announced by US government 19 Nevidah chooses to use a covert SOF mission Califon president fears attack from US Nevidah coalition US positions forces on Nevidah on disputed region Califon GCI hacked by US and unable to report to SOCs US conducts military exercise with Nevidah forces Califon president orders heightened military alert Califon SOC reports SOF mission to ADOC Califon SOC reports Washorgon flight to ADOC Califon Eastern SOC repo
90. e omnetpp 2 In the resulting window enter the location i e directory for OMNeT to use as its workspace the default location for the workspace 1 e the workspace directory in your home directory should be fine Also if you don t want to see this window every time you execute OMNeT 4 check the Use this as the default and do not ask again checkbox Click on the OK button Select a workspace OMNeT IDE stores your projects in a folder called a workspace Choose a workspace Folder to use for this session Workspace home c2wt workspace v Browse Use this as the default and do not ask again Figure B 29 Entering a folder for workspace in OMNeT 3 When OMNeT is started for the first time it will display the following window Click on the workbench icon on the right side of the screen 65 Introduction to OMNeT 4 Figure B 309 OMNeT start up screen 4 The main OMNeT window should now be displayed shown below To install the JDT click on Help and select Install new software Simulation OMNeT IDE amp u EY B simulation s Q tv Ov er 2s E Propert XN E Outline 5 pm Properties are not available El Problems 33 N 3 Module Hierarchy NED Parameters f NED Inheritance xr Oitems Description Resource Path Location Type Figure B 31 Instal
91. ecent Documents gt My Pictures e My Music My Network Places i Control Panel Set Program Access and Defaults tan Printers and Faxes 9 Help and Support pP Search 177 Run 93 Log Off shut Down L en in Figure B 17 Opening My Computer C In the window select Tools Map Network Drive T My Computer File Edit View Back o a System Tasks View system information cA Add or remove programs E Change a setting g Eject this disk Other Places J My Network Places A My Documents Favorites Mome Map Network Drive Disconnect Network Drive Synchronize Folder Options Network Drives Figure B 18 Mapping Network Drive 43 D In the resulting window choose the Drive to which to map the Ubuntu share e g Z and enter the share location using the IP address you gleaned from step A and the name of the share you specified in step 1 D above It should be in the form lt ip address gt lt share name gt For our example this would be 192 168 56 101 ngc2wt Also it is a good idea to check the Reconnected at logon checkbox Then click Finish Map Network Drive Windows can help you connect to a shared network Folder and assign a drive letter to the connection so that you can access the Folder using My Computer Specify the drive letter For the connection and the Folder that you want to connect
92. enmpi dev libpcap dev B Detine the following persistent environment variables to have the values shown see section B 1 3 1 on how to do this in the Ubuntu Linux environment Table B 6 Environment variables needed for OMNeT VARIABLE NAME VARIABLE VALUE OMNETPP ROOT lt OMNETDIR gt TCL LIBRARY usr share tcltk tcl8 5 PATH PATH OMNETPP ROOT bin Recall that zOMNETDIR was defined in step 6 of this section Also note that the assignment to the PATH variable appends OMNETPP ROOT bin to its current value C Run the following commands in a terminal cd lt OMNETDIR gt 64 configure make This last command may take some time to complete B 4 11 2 OMNeT configuration Configuration of OMNeT consists of installing the Java Developer Tools and setting some internal variables for OMNeT B 4 11 2 1 Installing Java Developer Tools OMNeT is built on top of the Eclipse IDE Further as it is implemented in C it uses the Eclipse CDT C Development Tools However whereas the C2 Wind Tunnel uses C it also uses Java Because of this OMNeT needs to have the Eclipse JDT Java Development Tools installed as well OMNeT configuration thus consists of installing the Eclipse JDT It also involves defining some variables internal to OMNeT for the C2 Wind Tunnel 1 First we must execute the OMNeT IDE To do this type the following in a terminal lt OMNETDIR gt id
93. ent IndianMoneyGram EUMoneyGram Complex parameter mapping requiring Java code with naming conventions for interactions String data NetworkPacket get data StringT okenizer t new StringT okenizer data EUMoneyGram set id Integer parselnt t nextT oken EUMoneyGram set_euros D ouble parseD ouble t nextT oken EUMoneyGram set sender t nestT oken EUMonepGram set_receiver t nextT oken 131 Architecture Details Recap C2WT Model based Configuration o o nm Based on COA x jes tes ein qu dM mama Orchestrator Engine Control interactions Observed Interactions HLA Bus Message exchange Time synchronization 132 ADOC AFOSR AFRL BM aircraft BPMN CASIM C2 C2WT CAI CC C2 CC Cyber CCOC COA COC CPN Cyber IO DB DNS DoD DOS ELINT EW FOM GB GCI GME GMU GUI HLA IADS IDE IO IP ISIS ISR JDK JDT JNI JRE MB Mil Dec MoE NAT NGC2WT LIST OF ACRONYMS ABBREVIATIONS AND SYMBOLS Air Defense Operations Center Air Force Office of Scientific Research Air Force Research Laboratory Bartel Maryla aircraft Business Process Modeling Notation COA Analysis Simulation Command and Control Command and Control Wind Tunnel Command Control Communications Computers and Intelligence Counter Counter Command and Control Counter Counter Cyber Califon Cyber Ops Center Course of Action Cyber Ops Center Colored P
94. er 0 etho COA Test 1024 CPNPacihca ESOCRepertToADOC o etho Pacifical Network calfonNet CalfoniaDs ADOC SasicUdpApp wrapper type double NORMAL O Tn String HR z i 4 amp amp 5 oo0oocoooooooo0no0nono s S STO N uiuvriuustJsSf NS MRM 9M 99o90039 unng Bring Sting ievel logi O 01G0 019sec 87 1 47 is Rew E a iP DetayNogeE thects Pacifical Network c alifonNe CCOC G3 620 000 Pacifical Network c alifonNet CamtonlA Ds GCi 016220 00 0 Noge tects Pacifi calNetwork califon Net Califont ADs W 0C Q16220 000 Pacifical Network c WifonNet Calfonl A Ds ESOC 7220 0 00 DolayNodet tects Pacifical Network c alifonNet Catton A Ds ESOC 7220 0 00 PacificalNetwork c alitonNet CCOC 3 620 000 NegeEttects Paciti CaiNetwork califon Net CalifontADs W 0C016220 000 Pacifical Network c alifoniNet Caltoni A Ds GC1 16220 00 oj O None Mapper Addressing Integration Issues Assumption Simulation models and their specific interfaces are defined Rapid integration problem Composition of the specific simulation models and joining their interfaces Technical but important detail mapping between the interfaces Preferably no programming experience should be required for building a mapper Simple cases are easy but for complex mappings e g coordinate conversions custom pisos code is needed Mapper message converter Mapper
95. er Environments To run the C2 Wind Tunnel two computer environments are needed Linux and Windows A computer environment allows programs for a particular operating system to be executed Obviously the Windows operating system is also a Windows environment as it allows Windows programs to be executed However WINE which is run in Linux is also a Windows environment for the same reason IMPORTANT In CASIM it is recommended that users use only the Ubuntu Linux computer environments The main reason for this is that OMNeT modules developed in CASIM are supported only under Ubuntu Linux Moreover the third party library used for execution of CPN models viz BRITNeY Java library for CPN Tools works correctly only in Ubuntu Linux environment For the C2 Wind Tunnel the Linux environment is in fact a Linux operating system specifically Ubuntu 10 10 32 bit or later The Windows environment however can either be a Windows operation system Window XP or Windows 7 or WINE run on Ubuntu To reiterate the following computer environments are needed before installing the C2 Wind Tunnel e linux environment Ubuntu Linux 10 10 32 bit or later e Windows environment This can be either o A Windows operating system Windows XP or Windows 7 o WINE running in the Linux environment IMPORTANT In Ubuntu VMs make sure the username you use is c2wt Also on main development VM get all sources in HOME Projects directory such that the d
96. es for OMNeT configuration Variable Name Variable Value GME ROOT C2WTROOT 3rdParty java gme JAVA_HOME JAVA_HOME RTI HOME SRTI HOME B 4 12 INETMANET FRAMEWORK Inetmanet is an add on project to OMNeT that allows computer network simulation within OMNeT Inetmanet must be both installed and configured for the C2 Wind Tunnel in the Ubuntu Linux environment B 4 12 1 Installing INETMANET Following are the steps to install Inetmanet 1 Using your browser go to https github com aarizag inetmanet 2 0 zipball 1898946af9578b4a4858 1dcc0d4643d7fb893280 2 3 4 Select Save File in the resulting pop up window and save aarizaq inetmanet 2 0 1898946 zip to your Ubuntu environment Extract the contents of aarizaq inetmanet 2 0 1898946 zip at an install location e g opt inetmanet and give read write and execute permissions to everyone This can be done by entering the following commands cd opt sudo mkdir inetmanet cd opt inetmanet sudo unzip lt PATH gt mv aarizaq inetmanet 2 0 1898946 inetmanet 2 0 sudo chmod R 777 where PATH is the path of the aarizaq inetmanet 2 0 1898946 zip file 1 e where it was saved by your browser THE SPACE AND PERIOD AT THE END OF THE LAST COMMAND ARE VERY IMPORTANT These commands will result in the creation of the directory opt inetmanet inetmanet 2 0 From this point forward we will refer to this directory as lt INETD
97. etri Net Cyber Information Operations Database Domain Name Service Department of Defense Denial of Service Electronic Intelligence Electronic Warfare Federation Object Model Giga Bytes Ground Control Intercept Generic Modeling Environment George Mason University Graphical User Interface High Level Architecture Integrated Air Defense System Integrated Development Environment Information Operations Intetnet Protocol Institute for Software Integrated Systems Intelligence Surveillance and Reconnaissance Java Development Kit Java Development Tools Java Native Interface Java Runtime Environment Mega Bytes Military Deception Measures of Effectiveness Network Address Translation Next Generation Command and Control Wind Tunnel 133 NNOC NW OCL OE OS OSM PRET RPV SAM SCADA SOC SOF SOM SQL SVN svn TIN TTPs UAV UC VM VOP WINE XML Nevidah Network Operations Center Network Warfare Object Constraint Language Orchestration Engine Operating System Operational Sequence Model Partnership for Research Excellence and Transition Remotely Piloted Vehicle Surface to Air Missile Supervisory Control And Data Acquisition Sector Operations Center Special Operations Forces Simulation Object Model Structured Query Language Subversion Timed Influence Net Tactics Techniques and Procedures Unmanned Aerial Vehicle University of California Virtual Machine Visual Observation Point Windows E
98. gle machine during a simulation Consequently if the simulation uses multiple CPN models each must run on a separate machine The easiest means of creating a secondary machine is provided the main machine is a virtual machine VM to clone the main machine VM 80 B 6 1 Preparing main VM before cloning It is very important that you perform the below tasks before you cloning the main VM to make secondary VM s B 6 1 1 Configuring ssh It is important that the main machine be able to log in to the secondary machines via ssh without being queried for a password The following procedure will make this possible l In a shell execute the following command ssh keygen t dsa e Accept the default for the file in which to save the key e Just press lt ENTER gt when queried for a passphrase i e enter an empty passphrase In the same shell execute the following command cd ssh catid dsa pub gt gt authorized keys In the same shell execute to following command ssh localhost When queried whether to continue connecting respond with yes You will be logged in to the main machine via an ssh session In the resulting shell enter the following command exit B 6 1 2Setting up a mount of the Windows share on the main machine by the secondary machine A secondary machine will need to access the CZWTROOT directory of the primary machine This 1s done by setting up a share on the main machine that is subsequently
99. gotiations with Nevidah and ensure effective Command Control Communications Computers and Intelligence CAI throughout the theater 17 The current situation is that Califon has occupied the disputed mineral fields and accelerated its cyber exploits against Nevidah and US forces The Commander s intent for Phase 2 is as follows Purpose This objective is to seize the initiative from Califon so it ceases cyber exploits against Nevidah and agrees to enter negotiations regarding use of the disputed mineral fields Should this fail US forces will be prepared to conduct major combat operations 1n support of Nevidah to forcibly remove Califon forces End State Nevidah s lines of communication are open and operating free from the threat of cyber exploits Califon ceases to conduct cyber exploits Califon president seeks a diplomatic solution to the mineral fields dispute In Phase 1 the US employed limited cyber exploits against the military assets of Califon primarily against the sensor assets of Califon and the communication links that enable Califon s Command and Control Califon has now moved forces into the disputed areas and has directed all Nevidah based mining concerns to depart the area or face consequences Califon has begun an aggressive cyber campaign to deny US capability to deploy additional forces or respond with existing capabilities in theater to include cyber attacks on communications GPS spoofing and injection of false dat
100. gs of the Command and Control Research and Technology Symposium 7 L W Wagenhals and Levis A H Course of Action Analysis in a Cultural Landscape Using Influence Nets Proceedings of the 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications CISDA 2007 8 K Jensen Coloured Petri Nets and the Invariant Method Theoretical Computer Science 14 1981 North Holland 317 336 24 APPENDIX A INSTALLATION AND CONFIGURATION USING A CASIM VIRTUAL MACHINE This Appendix describes how to setup the Virtual Machine VM and how to run Pacifica2 experiments It also describes how to view MySQL database and collect and view experiment analysis results A 1 SETTING UP THE VIRTUAL MACHINE VM For the VM we prefer to use the player Oracle VM VirtualBox Download the latest VirtualBox and install it on your machine Windows Linux or Mac In VirtualBox create a new VM by pressing the New button It will start a Create New Virtual Machine wizard Click Next on the wizard On the next screen type a suitable name of the VM say CASIMAllInUbuntu32Bit Next on the same screen make sure that Linux is selected as the Operating System and Ubuntu as the Version and click Next One the next screen assign 2048 MB 2GB RAM to the VM Although IGB should be enough you get better performance with 2GB RAM assigned Click Next One next screen Virtual Hard Disk make sure that
101. hat the federation must terminate in entirety even if some exception occurs somewhere or a thread is stuck indefinitely somewhere and federates never receive SimEnd interaction 109 APPENDIX I C2 WIND TUNNEL EXPERIMENT CONTROLLER I 1 INTRODUCTION One of the most requested requirements among users of C2 Wind Tunnel is to create a front end eraphical user interface that 1s easy and intuitive to use The C2 Wind Tunnel Experiment Controller written as a python application serves this purpose It can be used to automatically detect the available experiments for various scenarios users have created and generated and compiled code for It can be used to execute any set of the selected experiments Apart from this basic functionality the C2 Wind Tunnel Experiment Controller supports a number of user friendly features that together provide a very useful tool for experimentation with C2 Wind Tunnel In this Appendix we describe this tool in detail and discuss some future work I 2 TOOL OVERVIEW The experiment controller is started with double clicking a shortcut icon on the supplied virtual machine s desktop This shortcut points to the python script file CZWTExperimentController py located in the C2WT root directory i e C2WTROOT Figure I 1 below shows the shortcut icon located on the desktop As appropriate user can also invoke the python script file directly to launch the experiment controller When the shortcut icon is double clicked a c
102. he user executing the sudo command 1 e not root Consequently they don t need the root password and the root password can be kept secret As well the sudo command can be configured to allow a given user only to execute certain commands as root If sudo is not currently installed in your Linux environment in a terminal execute the following command as Toot apt get install sudo As described above if you are currently using an account other than root you can enter su c apt get install sudo Once sudo is installed can configured it can be used to execute commands as root B 1 3 Setting Environment Variables A very important part of configuring the C2 Wind Tunnel is the setting of environment variables The C2 Wind Tunnel software uses the values of these environment variables to find needed data and generate code in the appropriate directories As a matter of convenience it is a good idea to configure the computer environments so that the environment variables have their correct values every time the environments are used rather than having to reset the environment variables every time the environments are used This section covers how to do this 32 B 1 3 1 Setting persistent environment variables in the Linux computer environment To set or assign an environment variable in the Linux computer environment one only need bring up a terminal and execute a command like the following in a terminal export VARIAB
103. heckboxes Enable 3D Acceleration and Enable 2D Acceleration are NOT checked Network Adapter 1 tab Check the checkbox Enable Network Adapter Next in the Attached to ComboBox select Host only Adapter The default settings that come up with Host only Adapter are fine Network Adapter 2 tab Check the checkbox Enable Network Adapter Next in the Attached to ComboBox select NAT The default settings that come up with NAT are fine as well Also we only need two Network adapter so we do not need to worry about Network Adapters 3 and 4 USB USB tab Make sure that the checkbox Enable USB Controller is checked This should complete the settings of the Virtual Machine Now the VM can be started by selecting it in the Oracle VM VirtualBox and pressing the Start button IMPORTANT Once the VM is started make sure that the VirtualBox Host only adapter has statically assigned IP address 192 168 56 101 as that is used in demos packaged in the Virtual Machine A 3 VIRTUAL MACHINE OVERVIEW When Virtual Machine is started it waits for c2wt user to enter a password The password for c2wt user is C2W Tunnel and is case sensitive Before inputting the password though make sure by pressing the Cog Wheel above the password field that GNOME desktop layout 1s selected Enter the password and press Enter to login as user c2wt There are short cuts for the key applications used in the C2WT o
104. hoice is presented to the user The Run button should be pressed to launch the experiment controller C2WT Experiment Controller Figure I 1 Shortcut icon on user s desktop to launch C2 WT experiment controller Do you want to run C2WT Experiment Controller or display its contents C2WT Experiment Controller is an executable text file Run in Terminal Display cancel Run Figure I 2 Launch choice When the experiment controller is launched the tool scans through the C2WTROOT directory to find out all the experiment scenarios that user has modeled and generated code for This essentially means that after creating the scenario model in GME including the FOM SOM Mapping COAs computation infrastructure and deployment models user must have run the C2WT Main Interpreter to generate the experiment sources and C2WT Deployment Interpreter to generate the deployment scripts and configuration files If this is the case then the scenario 1s loaded properly in the experiment controller where it can be used as part of the experiments If the source code has not been generated or older version of interpreters was used the experiment controller shows appropriate warning messages at load time 110 Once all the scenarios and deployment scripts generated by user for various experiments are loaded by the experiment controller the graphical user interface 1s displayed as shown in Figure I 3 below The main page is divided i
105. i aiu ad ce 35 Figure B 5 Entering value of the Environment Variable eese 36 Ligure Deo Regis Edito update pati EET det E eu escis oett EE 36 Figure B 7 Creating a new String variable in Registry Editor eee 37 Figure B 8 Editing variable value in Registry Editor eese 37 LEisurc B 9 Bntenne New Value 22359 dd ee eee 38 Figure B 10 New registry Variable Created 9 addi dto Mr avendo ee 38 Figure B 11 Windows Explorer like directory browser using WINE esses 39 Fieure B T2 Ubuntu Pile Browser INAUEIUS es eon uas eeu e aunt prt o o eu us etse acude oiu eo S 40 Fieure b 15 5hanng options om a Cire EOD ooo deed d one oss albe dedu edat e eie oae albe eue cusam auge 41 Piste B 14 Credinta orders Ra Coige iste sain dae aad anal eatin daa hae 41 Foue B Yara Bo saw Ws he 6 ll folded tuta Or rer Orrin nr et ny re atout iia iue ner nr er nr re ere Teide rer oer eer dee 42 I39 re Bb T6 Checkin IPAddress nodis rtuc star v teas iau esis aes iene 42 Irure B T7 Opomin NI CODmDUEIGE aote oun E E combed Seer petteceed wed cce 43 Fieure b IS Mapping Network Drive uu e en is eme esee ic ees 43 Figure B 19 Providing network path for mapped drive eens 44 Figure B 20 Entering username and password for network share eeeeeeeeeee 44 FEieure B 2I Resistenne GME ComboOHBehnls 1254 9 1 1339200 sos bata N ates aca itas os a d
106. ication of the countries of Califon Nevidah and Washorgon match those of real world geographic entities Thus the island reflects diverse terrain soil and weather characteristics as well as abundant natural resources In the north and northwest lush mountains and moderate climates are the norm Further south the mountain chain and arid high desert prevail In the southeast the mountains are less extensive but extremely dry conditions limit most forms of agricultural and industrial development The island s population consists of immigrants from North America 35 of the population South America 25 Asia 20 and Europe 15 Five percent are native Pacific Islanders Washorgon and Nevidah are organized as federal systems with states that have defined regional powers and responsibilities Califon 1s a Regional Hegemon in long standing conflict with Nevidah over minerals and other economic issues Nevidah is in mutual defense arrangement with Pacific nations including the USA Washorgon traditionally maintains neutrality with Califon and Nevidah due to trade relationships and access to port facilities in Califon and Nevidah The year is 2022 the Pacifica mineral fields are proving to be a great natural resource of rare minerals the other major source is China Califon has been conducting a campaign against Nevidah to obtain exclusive control of the mineral fields The Hegemonic regional competitor Califon seeks to limit US influence on
107. iment run is selected it can be executed either in Interactive or Batch mode Under Batch mode no GUIs or dialogs are shown during execution When more than 1 experiment is selected in the left tree panel for execution they need to be run in the Batch mode The console messages of the running experiments are captured and presented in the bottom right section Figure I 3 shows the sample log messages of running the selected experiments in Batch mode The log messages do not overwrite experiment by experiment during a batch execution However when a new set of experiments are executed in Batch or Interactive mode old log messages are scratched and new log messages corresponding to the currently selected experiments appear in the section At the bottom of the experiment controller is a status bar The status bar identifies the currently running experiment and a running count of how many experiments from the selected batch have been executed so far Also it provides the path of the executable shell script that the experiment controller is using to run the experiment I 3 MENUS This section describes various menus of the experiment controller and their functions I 3 1 File Menu Figure I 4 below shows the File menu As shown the first two menu items can be used to save and load a set of experiment selections When the currently selected experiments are saved as a file for later use they are saved with a c2wt extension This file can subsequently
108. ing connection from a SyncPoint node representing default handling if no other conditions succeeded 4 For any of the COAFlow COAFlowWithProbability COAException Outcome2Filter and Filter2COA Element connections the source and destination cannot be the same node 1 e no self connections 1n COA models X For any set of two COAFlow COAFlowWithProbability COAException Outcome2Filter or Filter2COAElement connections both source and destination cannot be the same FOM and SOM models D CPNFederate should not directly publish subscribe an interaction only via a port corresponding to output input place 1s supported X Each port of a CPNFederate can have maximum one connection D CPN s port names must start with Send and Receive RI CPNFederate should not allow subscribe connections to ports corresponding to output places RI CPNFederate should not allow publish connections to ports corresponding to input places H 2 2 Modeling time error handling detection happens during model interpretation X Check if user has properly created an environment variable C2WTROOT 4 Check if the interpreters have been configured properly or not gt lt Check whether GME classpath is set right gt lt Check if the required jar files and C2W interpreter classes are found in classpath D Check if name of a federate ends in Mapper reserved for Mapper federates gt lt Check if name of a mapper federate doesn t end i
109. ing such a computational resource on a high performance computing platform 1s a major challenge In the course of the work described in this report our team has devised designed constructed and demonstrated a novel software framework and tool environment to support the evaluation of operational sequences that are prepared by and derived from COA by human experts The framework provides a a model based development environment for rapidly composing and integrating heterogeneous simulation models and constructing models for operational sequences and b a run time execution environment for executing all the simulation models in a coordinated manner while constantly interacting with the operational sequence models This toolsuite provides a novel environment for integrating pre existing models of dynamic systems and performing experiments under the control of various operational sequences The tools have been evaluated using scenarios of events unfolding in the world of Pacifica an island with three nations A Colored Petri Net models have been created that simulated organizational and decision making process followed by the nations and OMNeT models have been created for the interlinked computer networks of the simulated nations The two models interacted with each other human processes relied on networks for communication Operational sequence models represented different cyber operations that interfered with the simulated networks thus impa
110. ionality the C2 Wind Tunnel Experiment Controller supports a number of user friendly features that together provide a very useful tool for experimentation with C2 Wind Tunnel 91 C2 Windtunnel Experiment Controller Help Experiment Information Helloworld d MapperEx Scenario Pacifica2 Pacifica1 Experiment CyberGamingWithFiltersExp Y Pacifica2 Deployment CyberGamingWithFiltersDep 1h Federates gt ActRespExp 1Dep Federation Manager Step size 300 0 seconds Lookahead 60 0 seconds amp ActRespExp1Dep1h CPNPacifica Step size 3600 0 seconds Lookahead 200 0 seconds amp COA1 Action Response Mapper Step size 600 0 seconds Lookahead 100 0 seconds ActRespExp2Dep OmnetFederate Step size 300 0 seconds Lookahead 0 2 seconds Experiment mode As Fast As Possible x ActRespExp2Dep 1h x s p P P Experiment end time 850000 0 seconds g COASACUOn Response Terminate experiment when all COAs executed false gt CyberGamingDep Experiment log level NORMAL gt CyberGamingDep 1h Auto start Federation Manager false CyberGamingWithFiltersDep RNG seed None 8g CyberGamingWithFiltersDep 1h Selected Sequence Models p Sequence Model COA OutcomeFilters in group OutcomeFiltersCOAGroup C4 COA OutcomeFilters_BLC81_RC53 Sequence Model BLC81 in group BlueCOAs amp COA OutcomeFilters BLC72 RC22 Sequence Model RC53 in group RedCOAs amp COA OutcomeFilters BLC81 RC82 amp COA OutcomeFilters
111. ions necessitate the use of sophisticated planning tools and processes that allow the rapid evaluation of alternative Courses of Action COA to give feedback to planners As the domain of Air Force operations extends across air space and cyberspace the performance of existing processes and their supporting computational tools is not meeting the operators needs COA evaluation should be rapid allowing fast planning and change cycles While raw computational power is becoming readily available and connectivity is improving software tools that allow the effective harnessing of that power are lagging behind Simulation based evaluation of COAs is complex as it involves multiple heterogeneous domains each with its own tools and simulations The configuration and integration of these simulations into a coherent framework namely a federation of simulations is a very difficult time consuming labor intensive and error prone task Consequently COA evaluation cannot be done rapidly and in a timely manner to provide answers to the planners Because a COA has to be tested against a number of scenarios and situations at most one COA with some minor variants 1s analyzed The problem becomes more acute as the focus 1s shifting to integrated C2 where several COAs developed by different Command Centers e g the different command centers for Air Space and Cyber Operations have to be integrated and the result evaluated Designing and efficiently deploy
112. irectory home c2wt Projects ngc2wt contains folders src 3rdParty etc Incidentally to use WINE in the Ubuntu Linux environment it must be installed To do this enter the following command in a terminal see section B 1 2 2 for an explanation of the sudo command sudo apt get install wine B 1 2 Executing commands as root In the Ubuntu Linux environment some commands must be executed as root 1 e under the super user account There are two main ways to do this described below 31 B 1 2 1 The su command The first way for a user to execute commands as root is to use the su command That is in a terminal they enter words in italics are printed by the computer don t type them in su c lt command gt Password This command executes command as root However before it does so it prompts for the password of the root account and will not execute the command if this password is not entered So if a user is to be able to execute commands as root using the su command they must know the root password This is of course very insecure as this user will be able to execute any command as root by using the su command B 1 2 2 The sudo command A better means of allowing a user to execute commands as root is by allowing them to use the sudo command sudo command Password This will also execute command as root but the password to be entered 1s the password of t
113. l O 1 9 2012 11 43 11 AM 3 18 2012 3 27 21 PM 1 9 2012 11 BasicUdpAppwWrapper ned 849 2 22 2012 3 35 23PM 3 13 2012 2 41 42PM 2 22 2012 3 readme license txt l 1 9 2012 11 44 34 AM 3 13 2012 2 41 38PM 1 9 2012 11 Name Name rLLLLL j Desktop Documents Downloads IPCompare Music Ontologies Pictures Projects ga C2WTunnel Eg ngc2wt 3rdParty build Contrib doc ExecutionDirectory generated log src src internal metadata settings syn Public T l t6 vr 4 gt m 4 gt 79 3 GB of 94 9 GB free Ej p L EEEBEEBEBEBI UBEEB P ag ig ig EEEBEEBEBEBEBEBB BE JU Figure B 11 Windows Explorer like directory browser using WINE 39 2 Define an environment variable in WINE see section B 1 3 2 2 called CZWTROOT with the value of the C2WTROOT directory in Linux but in the WINE format as described in 1 above B 2 2 Sharing CWTROOT with a Windows OS If you are using Window operating system either Windows XP or Windows 7 as your Windows environment please define a C2WTROOT environment variable as described as the end of this section 1 First a share must be set up in the Ubuntu environment A Make sure the following packages are installed 1 samba 2 nautilus It can be installed using the following command in a terminal sudo apt get install samba nautilus B Once these packages are installed execute nautilus a graphical file browser One way of doing this is to open a termina
114. l and execute the nautilus command nautilus You should see a window like the one below Computer Q search l Home E Desktop adi ES i3 Documents BD i ed bin Desktop Documents ownloads ju Pictures iB Videos Downloads IPCompare Music E Trash ul Network Ontologies Pictures Projects E Browse Network a e Nr Public Templates Videos workspace workspace old Examples Figure B 12 Ubuntu File Browser Nautilus C Navigate the C2WTROOT directory right click on this directory and select Sharing options from the drop down menu 40 Projects Computer P Home Projects liti Home Ei Desktop d E Documents E C2wTunnel Open E Downloads Open in New Tab W Music Open in New Window m Pictures P Open with Files B Videos Open With Open Folder with Thunar File System Open With Other Application G Trash Cut Network Copy lij Browse Network Make Link Rename Copy to Move to Move to Trash Send To Update Commit RabbitVCS SVN Revert to Previous Version Compress Sharing Options Properties Figure B 13 Sharing options on a directory D A window like the one below should appear Be sure to check the Share this folder checkbox fill in the share name e g ngc2wt and check the Allow others to create and delete files in this folder checkbox The click the Create Share button If nautilus asks you to grant more permissions to C2WTROO
115. l for transmission and then comes back to the CPN model 21 Califon Detailed o in X C sesama 07 C temm M iy D Ti seme enini e LL ccc ENTE m F EE M X rur Mee 7 Br QA cC 5 o e ze LIE eL Je Codes f H BE S RA 2i e Po m Ime Figure 12 Detailed CPN model 22 6 0 CONCLUSIONS The Next Generation Command and Control C2 Wind Tunnel project has developed an approach for the simulation based evaluation of Courses of Actions extended the C2WT toolsuite previously developed with new capabilities to model operational sequences and message mappings integrated two simulation engines and developed cyber effects models for a network simulator and demonstrated the use of the tools suite on specific examples The toolsuite is functional documented see Appendices and is available as Linux Virtual Machine The framework is predicated on the assumptions that 1 simulation models for relevant operational scenarios are available and 2 experts are able to derive operational sequence models from COA s that in turn can be executed in the context of the simulation models The key observation here is that the sequence models interact with and perturb the simulation models as they are executing resulting in different and detectable outcomes The need for realistic models is a very strong requirement but it 1s natural without simulation models that reflect our unde
116. lProjecksingc2wtlsrcYatkackkest modelslgmelatbackkest mga 3 MGA CTesterlESM2SFC mga Exit Attributes Preferences Properties Import XML icaP Num IscL Eprr hoo o4 18 PM A Figure B 46 Importing an XML file for the project to open in GME B In the resulting window navigate to and open the file PROJECT NAME gt xme HEES File name Hellow orld xme Files of type awe Exported Files xme xml Cancel Figure B 47 Selecting XME file to open in GME C In the resulting pop up window select Create project file and click Next Create project file P C Create multi user project Back ne Mj Cancel Figure B 48 Choosing to create a project file for the opened XME file in GME 78 D In the resulting window you ll be prompted to save the model as PROJECT NAME gt mga Please do so by clicking Save File name HellotWorld mga Files of type mGa Files mga Cancel Figure B 49 Specifying filename to save the project file in GME From this point onward you can load the PROJECT NAME gt mga file as in steps 1 3 above i e without importing PROJECT NAME gt xme 4 Now that the model 1s loaded and provided GME was configured as in section B 4 2 2 code can be generated for the model This 1s done in two ways e The C2W Main Interpreter will generate all code e g Java C needed to integrate all modeling platforms used
117. lects experiments various scenario models simultaneously A detailed log of currently running experiments is presented and a status bar captures information about currently executing experiment I 5 FUTURE WORK Currently the experiment controller can execute experiments only one at a time In the future we plan to extend experiment controller to support execution of experiments across a computation cluster This will involve executing several experiments in parallel which will greatly reduce the overall computation time for running a large set of C2 experiments In the future we also plan to add new functionality to enhance experiment parameter modification right from within the tool without a need to update the GME model and regenerate the sources and scripts Also we plan to extend the experiment controller with the addition of a timeline view of currently executing experiments which can present message flows up to the level of detail desired in a graphical easy to visualize view 115 APPENDIX J RESEARCH PUBLICATION MODEL BASED INTEGRATION OF HETEROGENEOUS SIMULATIONS Conference Quantitative Methods in Defense and National Security Venue George Mason University Fairfax VA Date May 1 2012 Authors Gabor Karsai Himanshu Neema Harmon Nine Affiliation Institute for Software Integrated Systems Vanderbilt University J 1 ABSTRACT Simulation based evaluation of systems and plans is an essential tool for designers and pl
118. legal host does not see anything from the intercepted traffic Parameters host the malicious host in lieu of host the legal host the packets were meant for Status It has been NOT been implemented yet 11 DNS poisoning attack Name DNSPoisonAttack Description An entry in the Domain Name Service DNS host is modified such that all lookups for the affected host will result in the address of the attacker host As a consequence all subsequent traffic meant for the affected host will be relayed to the attacker host Parameters dns host the host that runs the DNS server affected host whose entry in the DNS database is modified attacker host whose name will replace the affected host in the DNS Status It has been NOT been implemented yet 12 Routing table modification attack Name ModifyRouteAttack Description Change an entry in the routing tables of a node usually a router Subsequent network packets will be mis routed according to the new routing table Parameters NodeFullPath The full network path of the node where the routing table modification attack 1s deployed InterfaceEntry ID of the network interface in the route entry NetworkAddress Network address of the destination in the route entry GatewayAddress Network address of the gateway node in the route entry Status It has been implemented but not tested 13 Delay Node attack Name DelayNodeAttack Description Delay flow of p
119. ling new software in OMNeT 5 In the resulting window in text field labeled Work with enter the following text http download eclipse org releases indigo In the main subwindow will appear a list of categories of add ons that can be installed into OMNeT 66 6 T 8 B 4 11 2 2 Check the items that you wish to install Available Software DEC Work with Indigo http download eclipse org releases indigo M Add Find more software by working with the Available Software Sites preferences Qd Name Version gt j 000 Testing v 8 100 Web XML Java EE and OSGi Enterprise Development Q Apache MyFaces Trinidad Tag Support 2 2 200 v201105111126 20A77w312215172 4 Axis2 Tools 1 1 200 v201 103022333 78 FFODZRDKDDeP amp gt Eclipse Java EE Developer Tools 3 3 2 V201111030500 7b71I1YFSK2WIuUPRDE 4 Eclipse Java Web Developer Tools 3 3 2 v201112072049 7F7AFO7C25Toilbpoit Select All Deselect All 1 item selected Details Eclipse Java EE Developer Tools More Show only the latest versions of available software Hide items that are already installed g clo items by category What is already installed Show only software applicable to target environment amp Contact all update sites during install to find required software Y Figure B 32 JDT installation settings in OMNeT A Scroll down and click on the little triangle next to Web XML Java EE and OSGi Enterprise Development A
120. listener host 5 Msgs routed to a diff host than a Add Drop RouteToRoutingTable intended and not to intended b StartDNSPoisiningAttack host c StartMasqueradingAttack Msgs are corrupted modified a StartModifyPacketsAttack a Yes when received Unintended Faulty Msgs received a StartDataInjectionAttack 101 APPENDIX G AUTOMATED MAPPING TECHNOLOGY IN CASIM G 1 INTRODUCTION One of the core functionality of the next generation of C2 Wind Tunnel is to support easier integration of a variety of simulation tools The aim is to be able to support the tools without user having to write code for encoding decoding message in formats that other simulation tools understand Additionally if a simulation tool has already been federated to work with HLA RTI then the automated mapping technology should enable the use of its proprietary FOM Federation Object Model models and automated message encoding decoding into FOM used by other simulator tools or a particular scenario demo model The figure below illustrates the architecture of next generation C2 Wind Tunnel and how mappers are used in order to support automated message translation among different simulation tools Simulation X Simulation Model Simulation Y Simulation Model Engine FOM A for X Engine FOM B for Y Simulation Engine Simulation Engine Federate X Federate Y Integration Layer X Integration Layer Y HLA Bus METI elig Orchestration X
121. ll make the environment variables you create modify visible for all users In other words perform the following actions in the System variables section of the window To create a new environment variable click the New button To modify an existing variable select it and click the Edit button Environment Variables User variables For hnine Variable Value PT CNM SPORT 11239 System variables variable Value PATHEXT COM EXE BAT CMD VBS VBE J5 PROCESSOR 4 x86 PROCESSOR ID x amp 6 Family 6 Model 30 Stepping 5 Genu PROCESSOR LE 6 PROCESSOR R Les Figure B 4 Editing Environment Variables 35 Enter the variable name and value in the resulting window Then click OK Once you are done creating modifying environment variables click OK in the Environment Variables and System Properties windows New System Variable Variable name C2WTROOT Variable value ra x Cea Figure B 5 Entering value of the Environment Variable B 1 3 2 2 Setting a persistent environment variable in WINE The only way to set a persistent environment variable in the WINE Windows environment to by using WINE s registry editor this same method can used to modify the System variables in a Windows operating system To execute the WINE s registry editor enter the following command in a terminal the single quotes are very important wine C windows regedit exe
122. ly converting data from one type to the other For example Figure F 5 shows that when a FrenchTransferReceipt interaction 1s received by the mapper which has a parameter id of type int it generates an equivalent interaction USTransferReceipt with no data conversion needed for the id parameter and an equivalent interaction IndianTransferReceipt with the value of id converted to a String FrenchTransferReceipt mapsTa IndianTransferReceipt mapsTo mapsTa USTransferReceipt Figure G 5 Mapping support with automatic data conversion When a more complex set of interactions are involved that need a much more complex translation logic than the above three easier mechanisms CASIM supports user defined Java like code in the mapping models The convention is used to denote the interactions mapped using a dollar sign followed by name of the modeling element representing the interaction in the mappings Figure F 6 shows an example of such complex mapping In this example user needs to translate interaction USMoneyGram into a NetworkPacket and vice versa In the object models user has detailed parameter fields of these interactions Creating a NetworkPacket interaction for example requires filling parameters like senderHost receiverHost etc The way to fill these parameter values are completely domain dependent and user is free to write any conversion code as shown in the Figure Note the use of dollar sign
123. mStatue OelayCalfonGCi C2Windtunnel HLA Sased Simulation me 14760 000 sec Status Pa 128 Raw results Message logs slizer Fre File Edit View Database Scripts SQL Tools Window Help HB amp a OO OL M Databases I Scripts 9292 5 connections t M ucc2wT etormation schema iS gt l misa gt ll Pacifical CyberCOA1 Deployment 1Most 2011 10 26 i t El tae C3 aan e 71 VIEW LOCAL TEMPORARY Procedures ll Pactical_CyberCOA2_Depioyment_lriost_2031 10261 D TABLE 1 Experimortinfo C3 SimulationDate View e 1 LOCAL TEMPORARY P Procedures I achical NocyderEtects Deployment 16st 2011 10 Di TABLE C3 Experemertinto 71 SsimulatiorCata e vew CI LOCAL TEMPORARY e Procedures ginto T Columns O ONA i us it t EE Table SimulationData NOCIWTWacfical CyBerCOA Degheyrmsnt Inost 2011 10 2 11201 T ABL PPhumulatanData Data Row Count Primary Key s3 indexes Grants A Rowid References 38 d iStartDelaytiodedttack_sub_OmnetFederate MonDetaytiodeattack sub OmnetFederate StartDelayfodesttack_sub_OmnetFederate MartDelayNodeattack sub Omnetfederate StettDelfNodeattack sub Omnetfedergte StattNodeAtack sub OmnetFederate StartNodezttack sub OmnetFederate Stant NodeMtack sub Omnetlederate Start Nodedtt ack SxatNodeMtack sub OmnetFederate StarttNodeAttack sub OmnetFederate Sub OmnetFederate StartNodeMtark sub Omnetlederate
124. mulator Extensible Markup Language 134 Form Approved REPORT DOCUMENTATION PAGE Public reporting burden for this collection of information is estimated to average 1 hour per response including the time for reviewing instructions searching data sources gathering and maintaining the data needed and completing and reviewing the collection of information Send comments regarding this burden estimate or any other aspect of this collection of information including suggestions for reducing this burden to Washington Headquarters Service Directorate for Information Operations and Reports 1215 Jefferson Davis Highway Suite 1204 Arlington VA 22202 4302 and to the Office of Management and Budget Paperwork Reduction Project 0704 0188 Washington DC 20503 PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS 1 REPORT DATE DD MM YYYY 2 REPORT TYPE 3 DATES COVERED From To 16 01 2013 Final Technical Report 11 22 2010 11 21 2012 4 TITLE AND SUBTITLE 5a CONTRACT NUMBER Next Generation C2WT For COA Simulation FA8750 11 2 0078 5b GRANT NUMBER 5c PROGRAM ELEMENT NUMBER 6 AUTHOR S 5d PROJECT NUMBER Gabor Karsai Alexander Levis 5e TASK NUMBER Himanshu Neema 5f WORK UNIT NUMBER 7 PERFORMING ORGANIZATION NAME S AND ADDRESS ES 8 PERFORMING ORGANIZATION Vanderbilt University REPORT NUMBER 110 21ST AVENUE S STE 937 NASHVILLE TN 37203 2416 George Mason University 4400 University Drive MSN 4CG Fairfax VA 22030 4422 9
125. n Mapper D Check if IP address and credentials of all network nodes have been specified Also make sure that the IP address is syntactically correct x Check if there are null references in the model gt lt Check if the duration and time points are all specified positive DX Check if all of the needed parameters are specified and in syntactically correct way for a injected interactions b action elements of COAs DX Injection time of injected interaction should not be negative X If any interaction in a set of two interactions has some locally declared parameters and there is a mapping between them then it cannot be a direct mapping 1 e mapping specification cannot be empty X A federate in an experiment model should be allowed to be connected to only one computer and it must be connected D A deployment model can have only one experiment reference in it gt lt One of the computers in a deployment must be marked as MAIN machine x All interactions must derive from C2WinteractionRoot 107 D C2WInteractionRoot must derive from InteractionRoot 4 The interaction hierarchy must be rooted no more than 1 root nodes should be found 4 There should not be a cycle in any of the COAs all COAs should be DAGs X Make sure that the time specified for a synchronization point is positive D Make sure that FlowID of any branch doesn t contain any whitespace characters 4 The branchesFinishedCondition must i
126. n C2WiInterpreter ClassPath C2WTROOT build c2w java Class c2w hla gmeinterpreter Interpreter Paradigm CASIM Menu Tooltip C2W Main Interpreter Register systemwide check this checkbox Table B 3 Values for registering C2W Deployment Interpreter Field Checkbox Name Data Action Name C2W DeploymentInterpreter Description C2W DeploymentInterpreter ClassPath C2WTROOT build c2w java Class c2w hla gmeinterpreter DeploymentInterpreter Paradigm CASIM Menu Tooltip C2W DeploymentInterpreter Register systemwide check this checkbox Table B 4 Values for registering CPN Import Interpreter Field Checkbox Name Data Action Name CPNInterpreter Description CPNInterpreter ClassPath C2WTROOT build c2w java Class c2w hla gmeinterpreter CPNImportInterpreter Paradigm CASIM Menu Tooltip CPN Import Interpreter Register systemwide check this checkbox 54 Table B 5 Values for registering Fedfile Import Interpreter Field Checkbox Name Data Action Name C2WFedFileInterpreter Description C2WFedFileInterpreter ClassPath C2WTROOT build c2w java Class c2w hla gmeinterpreter fedfile FEDImportInterpreter Paradigm CASIM Menu Tooltip Fedfile Import Interpreter Register systemwide check this checkbox B 4 3 BOOST Boost is needed in the Ubuntu Linux environment for the C code generation component of C
127. n and that incoming connection must originate from an Outcome type COA element 4 Incoming connection of an OutcomeFilter must be of type Outcome2Filter X Outgoing connection of an OutcomeFilter must be of type Filter2COAElement 4 Outcome2Filter connection can be used only from an Outcome node to an OutcomeFilter node DX Filter2COA Element connection can be used only from an OutcomeFilter node D TerminateCOA cannot have any outgoing connections D All outgoing connections from ProbabilisticChoice node must be of type COAFlowWithProbability Dd COAFlowWithProbability connection can only be used when the source node is of type ProbabilisticChoice gt The minBranchesToA wait must be less than or equal to the no of incoming branches to the AwaitN node D Only 1 outgoing connection of type COAFlow is allowed from a SyncPoint node this represents the successful achievement of the synchronization point D All outgoing connections from a SyncPoint node should be of type COAFlow or COAException 4 COAException type connection can only be added after user has specified the default COAFlow type of connection 4 COAException type connection can only be used when the source node is of type SyncPoint 106 D The minBranchesToS ync must be less than or equal to the no of incoming branches to the SyncPoint node 4 The branchesFinishedCondition can be empty for only 1 COAException outgo
128. n automated mode Having prepared the models for the C2WT software generators produce all the artifacts executable code configuration files scripts etc needed to run the experiments Experiments i e simulation runs under the control of the sequence models can be executed in interactive mode or in batch mode In interactive mode the evaluator starts and controls a single execution of the models potentially interacting with the simulation models as they run In batch mode everything is automatic and no interaction with the evaluator is needed or possible In either case the results are collected in a database in the form of logs of messages produced during execution For this the the C2WT logging facilities are used The figures below illustrate an interactive run of an experiment 11 Califon Detailed neo am 1 m p Padel EUG v atten gres dunt ovterd NS eg doun o SOF NS e A v Sor Soe ee 508 toe AOL pets S Cotton prey Canter preudort race om pe LI Dd Quen SOC vec 54 and LL ki m erveter Worm AOL SOR on SUI mas eS sarten tor SF asiong v 5 pl O sac 7 7 smm sTo STAG H H emu Mastorgen tert Lo male Jie dmm oe is 0 j Cine Caon prevdert aes 10 act on UAV r 1 r t Caton racar petreci a M Caton GO resets Ss Cattos Easter Soc ADOC reports Way e ns n a Rs ie entere Sod del Agra o agre to Catlon pre
129. n order to build the OMNeT projects associated with this model When these projects build successfully they generally produce programs that act as federates in an HLA federation simulation e The C2W Deployment Interpreter will generate shell scripts for the model to allow you to run this HLA federation NOTE If you get an error while saving MGA project files in GME via Wine just export the project as an XME file and re import the new XME file to save the updated MGA project file B 6 CREATING SECONDARY MACHINES FOR THE C2 WIND TUNNEL BY CLONING THE MAIN VIRTUAL MACHINE The C2 Wind Tunnel can use multiple machines usually virtual machines for a given simulation In doing so some federates may run on the main machine 1 e one that 1s set up according to sections B 1 B 4 of this Appendix while other federates run on the secondary machines You may wish to do this if for instance e Having all of the federates run on the main machine overwhelms the processor of this machine or otherwise causes it to run unacceptably slowly In this case some federates are off loaded onto secondary machines so that the processing power needed to run all of the federates 1s distributed amongst multiple machines e The simulation uses multiple CPN federates based on the CPN Tools of section B 4 10 Due to limitations of the software used to integrate CPN models into the C2 Wind Tunnel as federates only one CPN federate can run on a sin
130. n the desktop Once booted you should see an icon bar next to Applications and Places like Xd iz vau 26 Ld The first icon is for Synaptic Package Manager and is used to install remove or update Ubuntu application or library software This is a graphical and user friendly application If you do not plan to install new software or libraries in the Ubuntu VM you should NOT need to use it ET next icon is the Mozilla Firefox Internet Browser Since we added a NAT Adapter in the VMs Network settings if the host machine on which the Oracle VM VirtualBox is installed has an internet connection we should have an internet connection in the VM and Browser should Work just fine 4n next icon is for the Ubuntu Text file editor gedit application It can be used to view and edit textual files gt The next icon is the File Browser This is like Windows Explorer and can be used to navigate inside the folder hierarchy and create rename and delete files and folders T he next icon is for the DBVisualizer This can be used to view the MySQL databases created by C2WT as a result of running an experiment The database names include the name of the demo federation name at the beginning followed by the date and time at which it was created followed by the details of COAs used in that experiment The name in MySQL is limited to 64 characters so if the COA names used are longer they will be truncated when the 64 characte
131. n with the Command and Control C2 system under different operational scenarios then simulation models are needed to represent a the human organizational and decision making processes involved b the computer network that supports those decision making processes c the cyber effects that the network can be subjected to and d the integration of the above 2 The simulation models are capable of reacting to operational actions and generating outcomes as described in the OSM In other words the simulation models have the correct input and output interfaces through which they accept control commands to change behavior and provide status reports to report specific events 3 Operational actions can be mapped into control commands to be sent to the simulation models and expected outcomes can be detected by receiving status reports from the running simulation model 4 The simulation models are dynamic models 1 e they simulate the behavior of some 3 2 system over time Each simulation model must be able to progress forward in time 1 e given the current state of the model and the current input at time t the simulation engine computes the state and the output of the model at some later time t Conceptual Architecture Our conceptual architecture for evaluating COA s through the use of simulation models and operational sequence models is as follows Each model simulates the dynamic behavior of some subsystem in the larger scena
132. nclude space or newline separated flow IDs of only those connections that are the SyncPoint node s incoming connections gt lt COASequencesGroup models must contain at least one reference to a COA gt A COA must be referred in maximum one COASequenceGroup in an experiment model X Make sure no COA reference in a COASequenceGroup is null DX If deployment scripts are to be generated a project must have at least one network model with at least one computer model in it H 2 3 Execution time error handling 4 Check if mappings have been correctly specified provided detailed comments in the generated code so that users can tie compilation errors to invalid mappings in the model X Check if the expression of OutcomeFilter nodes are valid provide detailed comments in the generated code so that users can tie compilation errors to invalid OutcomeFilter expressions in the model 4 Normalize the probabilities on ProbabilisticChoice branches to 1 0 H 3 ERROR HANDLING FOR INVALID EXECUTION EXPERIMENTATION SETUP Not only do these user errors need to be detected but an appropriate error dialog should be generated that points the user as close as possible to the actual error location in the model If the experiment is run in the batch mode non GUL then an appropriate error message should be recorded in the federation manager s log file H 3 1 Initialization time error handling before simulation is launched DX Test if IP address a
133. nd credentials are correct before launching X Test if any federation is already running before launching gt lt Check if Java3D is installed gt lt Check if C and OMNeT federate executable exist D Check if the required Java classes can be loaded using the classpath set in the shell scripts D Check if user has generated code e g whether lt federation name gt fed file exists RI Check if ProcessId project has been built and a shared object has been generated RI Check if Main machine s IP address is same as in the deployment model X Make sure no two federates attempt to join the federation simultaneously problem with portico D If the runAll script is used for an experiment that experiment must specify either an end time or the terminate on coa finish flag X Make sure there are no compilation errors in byte code of the compiled federation and generic C2WT Java classes 108 H 3 2 Execution time error handling after simulation has been launched 4 Detect tight loop in federation caused by very small step sizes and or look ahead values or by generation of too many interactions in a very small time period Ideally RTI is supposed to be able to handle this but Portico doesn t D Handle tight loop and allow user to terminate entire federation from GUI In Non GUI mode just log the warning message and continue running D Terminate the entire federation when user has chosen to terminate it This means t
134. ne to be able to run C2WT experiments D next icon is for the OMNeT 4 IDE Integrated Development Environment This is used to edit C2WT source code and to run and debug C2WT internal applications if needed The GME supplied with the VM already is setup to run the two key interpreters that we use viz C2W MainInterpreter to generate source code and configuration files and C2W DeploymentInterpreter to generate COA scripts and deployment scripts to run the experiments As such the C2WMainlInterpreter is needed to be run on the GME model only if user has added new or updated existing interactions objects or federates or if the user has changed any publish and subscribe relationships If all user does 1s to define new COAs updates existing COAs change deployment settings or define new experiment models ONLY C2W DeploymentInterpreter needs to be run on the updated GME model This is important because if the C2WMainlInterpreter is run the new source code will be generated that might need to be recompiled to execute the experiment So unless user changes any of the FOMs or federates usually only C2WDeploymentInterpreter will need to be run zl next icon is to start a Terminal Command Window This is used to start stop the experiments The command details are listed in the section below A 4 MANUALLY RUNNING EXPERIMENTS USING A BASH SHELL These commands are run from the Terminal Command Window IMPORTANT ALL commands are run fr
135. ninelProjecksingc2wtlsrcyattacktestmodelsygmelatbacktest mga 3 MGA C Tester ESM25FC mga Exit Open an existing project Exe Rue Ecs eer hos n A Figure B 44 Opening a project in GME 3 In the resulting window navigate to and open the file lt PROJECT NAME gt mga e In WINE this file will be in Z C2WTROOT src lt PROJECT NAME gt models gmeWX PROJECT NAME mga see section B 2 1 e Ina Windows OS assuming you have set up a share as described in section B 2 2 the file will be in Z src lt PROJECT NAME gt models gme lt PROJECT NAME gt mga Loak in ame 4 E File name Hello world mga Files of type E Files mga Cancel Figure B 45 Selecting the project to open in GME IF THIS FILE lt PROJECT NAME gt mga DOES NOT CURRENTLY EXIST it will need to be imported from the file lt PROJECT NAME gt xme which should also be in the C2WTROOT src lt PROJECT NAME gt models gme directory 77 A Instead of File Open Project select File Import XML from the top menu bar GME i File Edit View Tools Help New Project Control_l N l2 Open Project Control O GME Browser wx Close Project Aggregate Inheritance Meta wl Save Project Control _ 5 Y Save Project As Abort Project Export XML Update through XML 1 MG4 2 home hnine Projects ngc2wt src c2w models gme hla CASIM mga 2 MGA Z lhomelhnine
136. ns more than 2 simulators there could be multiple mappers Additionally the simulators and the mapper can run on different nodes of a distributed network providing higher performance We claim that the above architecture solves the rapid integration problem because 1 simulation engines are integrated once and for all and 2 1f there are any variations in the model data then those can be handled in the mapper component that handles the message translations 4 2 Sequence models and the Orchestration Engine Note also the component on the right lower side the Orchestration Engine OE This is not a separate federate rather part of the main HLA federate the Federation Manager that controls the overall execution of the federation of simulations The task of the Orchestration Engine is to execute Operational Sequence Models or sequence models for short Sequence models are created using the GME modeling tool using an extended form of the C2WT modeling language In the course of the predecessor AFOSR project we have defined a domain specific modeling language for modeling the C2WT configuration For CASIM we have extended that modeling language with new features for 1 modeling sequences and 2 modeling multiple experiments to be discussed later The figure below shows an example sequence model The language for sequence models is described in detail in the Appendix Expected message Exception if sync a men p
137. nto various sections On the left the tool presents all the scenarios deployments and experiment runs available in a tree form Each of these scenarios deployments and experiment runs are selectable by checking the checkbox that appears in front of them Note that the existence of various COA Groups in a particular deployment may lead to more than 1 experiment run due to selection of 1 COA from each of the COA Groups When a checkbox is checked all elements under that item if any are also automatically selected The aggregate of the selections represents the set of experiments a user wants to run For example in Figure I 3 the 32 experiment runs belonging to the Pacifica2 scenario model have been selected These correspond to three deployments ActRespExpl Deplh ActRespExp2Deplh and CyberGamingWithFilersDeplh of the Pacifica2 scenario C2 Windtunnel Experiment Controller Help Helloworld MapperEx Pacifica1 Pacifica2 gt ActRespExp1Dep Y g ActRespExp1Depth amp COA1 Action Response ActRespExp2Dep ActRespExp2Dep 1h amp COA2 Action Response CyberGamingDep CyberGamingDep 1h CyberGamingWithFiltersDep amp CyberGamingWithFiltersDep1h COA OutcomeFilters BLC81 RC53 amp COA OutcomeFilters BLC72 RC22 amp COA OutcomeFilters BLC81 RC82 amp COA OutcomeFilters BLC81 RC16 amp COA OutcomeFilters BLC52 RC22 amp COA OutcomeFilters BLC81 RC42 amp COA OutcomeFilters BLC72 RC23 amp COA OutcomeFilters BLC52 RC16 amp
138. ny questions posed Recall that in section B 2 we created a C2WTROOT directory and set the COWTROOT environment variable to this directory To make sure this environment variable has the correct value in a terminal enter the following command echo C2WTROOT This command should output the directory you want as CZWTROOT If it doesn t please go back and create this variable as described at the start of section B 2 and exit all terminals Then in a new terminal type the above command again If it still doesn t output the directory ask for help Now in a terminal change to the C2WTROOT directory cd C2WTROOT Next execute the following command the space and dot at the end of the command is very important svn checkout https svn isis vanderbilt edu ngc2wt trunk You may be prompted for the username and password for your account on this repository If you don t currently have an account please contact ISIS to get one At this point if you list the contents of your SC2WTROOT directory using the Is command you should see something like the following gt Is 3rdParty Contrib ExecutionDirectory log SIC build doc generated readme license txt If all you see is gt ls trunk you probably forgot the space and dot at the end of the svn command above Please execute the following command rm rf trunk And re execute the svn command above with the space and dot 45 B 4 C2 WIND TUNNEL
139. ode is ENABLED Checking java3d installation success Checking IP address of main machine to see if it conforms to CASIM model success Setting file permissions done Checking if federation FOM file is present success Making sure federation Pacifica2 is NOT already running success Checking critical java classes done Checking Federation Manager success Setting up BRITNeY for CPN federate CPNPacifica visualization success Checking CPNPacifica success Checking Mapper success Batch mode Running experiment 4 of 32 home c2wt Projects ngc2wt generated Pacifica2 scripts CyberGamingWithFiltersDep 1h Main start COA OutcomeFilters BLC72 RC22 sh Figure I 3 C2 Wind Tunnel Experiment Controller 111 The right section of the display is further divided into two parts The top right section provides information on the selected scenario experiment or the experiment run For example in Figure I 3 when the experiment run COA OutcomeFilters BLCBI RC53 is selected the top right panel shows the detailed information about that experiment It shows the name of the experiment model scenario model and the deployment model for the experiment It shows which federates are being run in this particular experiment including their step size and lookahead values Also it shows all the sequence models used in the experiment and various configuration parameters of the experiment If only a single exper
140. odicoitsd 53 Fisurce B 272 Confie rme Ny SOL Ser yer usi dad odia o t tosta adsense oats 56 Figure B 23 Setting DbVisualizer installation directory eeessesseeseeeseeessseseesserereerererrrrrrrrrrrrrrrrrrrrrrrrene 57 Figure B 24 Setting executable symlinks location for Db Visualizer eects 58 Figure B 25 Setting up new database connection in DbVisualizer eeeeeeeeeeeeeee 59 Figure B 26 Entering database name for the new database connection in DbVisualizer 59 Figure B 27 Selecting database driver for the new database connection in DbVisualizer 60 Figure B 28 Entering username and password for the new database connection in DbVisualizer 61 Figure B 29 Entering a folder for workspace in OMNeT 4 4 eese nennen 65 Ligure B 302 ONING Te Statfeupi ClO e a oid boa dente a detta acca eed ened ea acci Lo me Deu pE ccs 66 Figure B 31 Installing new software in OMNeT eeseesesssssssesseeeeeeeeee nennen nnn nn nnne nnn n nnne 66 Figure B 32 JDT installation settings in OMNeT eene enne nennen nnn nnn nnn nnn nnn nnn 67 Figure B 35 Opening preferences Tm OMINGTST iii cA te en apio cse aeneae deae URE ae Bee iA 68 Figure B 34 Adding CZWTROOT environment variable in OMNeT eeeeeeeeeeeeeene 68 Figure B 35 Adding RTI HOME classpath variable in OMNeT eese
141. oint not rz T a F 3 ir 3 Y G reached in time EXC rerminateCOA AwaitN 1 Fork IRA Success QutcomeFilter2 EndCOA EXC2 rerminateCOA marker RA A3 Go Delay received Outcome filter COA Stop OR 20sec proceed if data elapsed Action passes filter Injected message Figure 3 Example sequence model The sequence model is similar to a workflow model in fact the icons are the same as that of the Business Process Modeling Notation BPMN The figure on Action the side shows the icon palette The black arrows represent the normal flow of AwaitN events while red arrows indicate exceptional cases Note the temporal operators 9 1 Dur ation and 2 Sync hronization Point these can be used to represent the e facts that 1 some time must elapse before proceeding with the workflow and 2 on the execution must reach a certain stage by a certain time from the start 9 otherwise an exception is generated OutcomeFilter The sequence model has a precisely defined executable semantics and it 1s the same as for BPMN with two exceptions 1 Action means Send a message of n a certain type with a specific content to federation of the simulation models 2 Outcome means Wait here for the arrival of a message of a certain type from the simulation models Hence the sequence model can be enacted by an execution engine the Orchestration Engine OE above that interacts with the S
142. oject for recompilation 6 In the resulting window A Select Clean projects selected below B Check the Start a build immediately checkbox C Select Build only the selected projects 72 D Click OR Clean will discard all build problems and built states The next time a build occurs the projects will be rebuilt from scratch Clean all projects Clean projects selected below amp i inetmanet 2 0 Start a build immediately Build the entire workspace Build only the selected projects Figure B 40 Choosing to rebuild the entire project after clean The inetmanet 2 0 project will build this may take a while After hitting OK you might get an error dialog about missing sources This is just due to a bug in OMNeT indexer and is okay Just press OK button to continue building B 4 13 IMPORTING C2 WIND TUNNEL PROJECTS INTO OMNET The C2 Wind Tunnel software consists of both Java and C projects in OMNeT The section covers how to import and compile them in OMNeT B 4 13 1 Importing the C2 Wind Tunnel Java project The Java project in the C2 Wind Tunnel encompasses not only federate code but also code for the GME Java based interpreters of section B 4 2 1 3 2 B 4 13 1 1 Importing the Java project Following are the steps to import the Java project 1 Execute OMNeT and get to the project import window as in steps 1 3 in section B 4 7 1 2 In the resulting Import Project
143. om the ngc2wt project root directory For that change to project root directory by running cd home c2wt Projects ngc2wt To run Pacifica2 NoCyber experiment run bash x generated Pacifica2 scripts NoCyberDep 1 h Main start sh If you do not want see all the command line output you can run the above command without the x option The bash script is needed because the symlink bin sh points to dash shell Apart from NoCyberDeplh deployment there are other deployment called NoCyberDep that can be used if you are using two Virtual Machines to increase the simulation performance If you want to run the above experiment without any GUIs please use the command bash x generated Pacifica2 scripts NoCyberDep 1 h Main start sh batch Pacifica2 experiment comes with a CyberGaming experiment that involves running 5 BLUE COAs against 6 RED COAs a total of 30 experiments CZWT now has the capability to run all 28 of these 30 experiments in batch mode These batch mode 30 experiments can be run by running the following command bash x generated Pacifica2 scripts CyberGamingDep h Main runAllExperimentsInBatchMode sh Above command will run all the 30 experiments in batch mode one by one If you want to run a particular experiment out of these 30 experiments you can do so For example bash x generated Pacifica2 scripts CyberGamingDep 1h Main start RC16 BLCI5 sh When batch mode of experiments are run the scripts create
144. ownloads jdk 6u V N windows 1586 exe e Ina Windows OS execute the jdk 6uVN windows 1586 exe Java installer using a command prompt or explorer window Detine the following persistent environment variables with the values as shown below See section B 1 3 2 1 if you are using a Windows OS or section B 1 3 2 2 if you are using WINE Table B 1 Environment Variables need to be set Variable Name Variable Value JAVA HOME C Program FilesUJavagydk1 6 0 VN JDK PATH JAVA_HOME JDK HOME JAVA_HOME 47 B 4 2 GME GME is used for CASIM model creation and code generation and so is of paramount importance for the C2 Wind Tunnel Currently GME only runs in a Windows environment We recommended you install the latest version of GME particularly if you are using WINE at least version 12 2 7 as it is known to work with WINE B 4 2 1Installation of GME Below are the instructions for installing GME 1 2 3 4 5 6 T Create a C Temp directory in your Windows environment e For WINE this can be done using a terminal in the Ubuntu Linux environment and executing the command mkdir lt HOME gt wine drive_c Temp Where HOME is your home directory Incidentally lt HOME gt wine drive_c 1s the root of the directory structure that WINE uses for drive C e Ina Windows OS use the explorer or a command prompt to create the C Temp directory Using your
145. periment log level NORMAL Auto start Federation Manager false RNG seed None Selected Sequence Models Sequence Model COA OutcomeFilters in group OutcomeFiltersCOAGroup Sequence Model BLC81 in group BlueCOAs Sequence Model RC53 in group RedCOAs w Experiment Started Batch mode is ENABLED Checking java3d installation success Checking IP address of main machine to see if it conforms to CASIM model success Setting file permissions done Checking if federation FOM file is present success Making sure federation Pacifica2 is NOT already running success Checking critical java classes done Checking Federation Manager success Setting up BRITNeY for CPN federate CPNPacifica visualization success Checking CPNPacifica success Checking Mapper success Checking OmnetFederate success exists and is executable Checking Java components of Pacifica2 Federation success Creating database Pacifica2_ActRespExp1Dep1h_2012_11_12_131108_COA1_Action_Respons to store simulation data done Waiting for Federation Manager to initialize done Federation starting Running in batch mode waiting for all processes to finish Starting CPNPacifica federate done Starting Mapper federate done Starting OmnetFederate federate done eaee Experiment Finished dd dede d t A A Experiment Started do d d je jn n 8G Batch m
146. pported by AFRL Cooperative Agreement FA8750 2 0078 117 Challenges for Model and Simulation Integration How can we integrate the models How can we integrate the simulated heterogeneous system components How can we integrate the simulation engines Ts d ee ILLE Data Distribution Network Simulation Interaction Network Architecture Command and Control Wind Tunnel Model based Integration of Dynamic Simulations Domain specific C2W integration models C2W simulation components data flow timing parameters C2W data models Domain specific interaction and object models simulation models 118 C2WT Integration Platform Domain specific Reusable C2W integration models simulators C2WT Lessons Learned gt C2WT must be a robust easy to use software toolsuite that can be used by trained analysts and planners alike to evaluate various COAs in operationally relevant scenarios gt The tool suite must be based on a carefully chosen set of simulation and analysis tools that are of industrial quality and preferably are familiar to the analysts using the system gt The tool suite must be open for integration other future simulation engines can be added to it via a well defined software engineering process based on meta modeling 119 CASIM Motivation Objective Support for COA evaluation through simulation s joint for kinetic and cyber domains Issues Mo
147. r values themselves cannot contain a comma Step 2b The input tokens that come from HLA arrive on the input places in the following format 1 InteractionName Comma separated Parameters Timestamp For example 1 Response TET ISRD true 250 2 Above example shows an interaction Response that arrived from HLA to CPN with a timestamp of 250 2 This interaction has 3 parameters Name of the organization sending the response type String Name of the organization receiving the response type String Flag Indicating command execution success type Boolean Note Again the parameter values themselves can t contain comma 94 IMPORTANT NOTE ABOUT Step 2 and 3 above The time stamp above 1s always in the CPN time By default CPN uses milliseconds but that s modifiable in CPN Whatever unit is chosen in CPN that s what becomes the units of these timestamps This unit needs to be configured in GME model to appropriately generate CPN federate related sources Step 3 Once the places for input and output are marked designed as above the CPN model needs to be annotated so that its clock can be controlled generically by C2WT For this at the top level of the CPN model add a place named null p of type INT e int timed a transition named null t and an arc from the place null p to the transition null t with a label m on the arc Step 4 Once we have a CPN model with input and output places defined as above the nex
148. rio For instance 1 a Colored Petri Net CPN simulation model can simulate how human decision making processes take place how they unfold in time and how they use a computer network while 2 a OMNeT network simulator model simulates how a computer network operates including what information flows are blocked delayed or modified under cyber effects The simulation models interact with each other as the simulated scenario unfolds For example the CPN model sends and receives simulated messages that are processed possibly blocked delayed and modified by the OMNeT model as the simulated time progresses The operational sequence model OSM represents an operational flow that includes actions that for instance instruct the OMNeT model to start blocking a simulated network flow and responses that for instance are generated by the CPN model to indicate that certain decisions have been made The interacting simulation models capture a representative scenario in the lifetime of a system that 1s the target of the COA simulated by the execution of the OSM The OSM does not require a separate simulation engine as it represents COA specific interactions with the simulation models The same simulation models and thus scenario can be used with different OSM s potentially derived from different COA s The figure below illustrates the conceptual architecture quence Model gt NI Gm is Awol 2
149. rom further aggressive actions Should deterrence fail and Califon invades Nevidah to occupy the Mineral Fields region Phase 2 the Joint Force Commander will be a prepared to defend US and Nevidah forces and interests in the Pacifica theater b defeat Califon offensive operations and c ensure effective Command Control Communications Computers and Intelligence C4I throughout the theater On order US and Nevidah forces will repel Califon forces from Nevidah and restore Nevidah s sovereignty The applicable constraints and restraints are that operations should minimize risk to non combatants and must minimize risk to US forces all actions must comply with international law and no actions can infringe upon Washorgon s neutral status The Phase 1 scenario starts with Califon contesting Nevidah mineral rights with cyber warfare As a result Nevidah requests US assistance and the US deploys Air Force aircraft to Nevidah airfields and a carrier strike force in order to conduct a combined exercise Rising Storm The Commander s intent 1s expressed in terms of the purpose and the end state Purpose This operation is to deter Califon from continuing its cyber exploits against of Nevidah as well as to assure Nevidah of US support Should deterrence fail US forces will be prepared to rapidly seize the initiative against Califon End State Nevidah s lines of communication are open and operating free from the threat of cyber exploits Califon
150. rs limit 1s reached For the first time you might have to connect the DB Visualizer with the MySQL To do this right click on C2WTDBConnection and select Reconnect It should already be set with the connection parameters for example the username is root and password is c2wt and is case sensitive DBVisualizer has a database tree browser on the left panel where all the databases are listed You can open the database nodes and then the Tables node to see the Tables created in that particular database Each database should have three Tables in it The first Table 1s called EventLog which records the publish of an interaction by a federate and the time at which it was published EventLog table is very good for debugging purposes and was recently added in C2WT The second table is called ExperimentInfo which records the Publish and Subscribe map in the experiment This describes which federate publishes and subscribes which interactions The third table is called SimulationData is the biggest and records the actual simulation data Based on what was configured in the GME mode to be logged SimulationData can record every single interaction that was exchanged among federates or any object update that was made by any federate 27 u next icon is for the GME application GME is a Windows application but we run GME inside the Ubuntu VM using WINE WINdows Emulator As such we no longer require users to have a Windows machi
151. rstanding and assumptions of the problem and which are predictive in nature one cannot do any sort of computational evaluation The second issue stems from the very high level nature of the COA s while the simulation models are very concrete the COAs cannot be directly interpreted in their context they have to be operationalized by an expert This requires human skills and knowledge but is a feasible task The project s results clearly show the feasibility and the limitation of the approach Together with the other project results from BAE Systems the toolsuite can serve as the foundation for an industry grade tool for the analyst and planner 23 7 0 REFERENCES 1 Pacifica Crisis Scenario January 2002 http www globalsecurity org military library report 1998 ex2 1index html 2 A H Levis Time Sensitive Course of Action Development and Evaluation Proc NATO HFM 202 Symposium on Human Modeling for Military Applications Amsterdam The Netherlands 18 20 October 2010 3 Peter Pachowicz Lee W Wagenhals John Pham and A H Levis Building and Analyzing Timed Influence Net Models with Internet enabled Pythia Proc of SPIE 2007 Defense and Security Symposium Orlando FL April 2007 4 Kurt Jensen and Lars Kristensen Coloured Petri Nets Springer Heidelberg 2009 5 CPN tools http cpntools org 6 Wagenhals L W and Levis A H 2002 Modeling Support of Effect Based Operations in War Games In Proceedin
152. rts UAV flight to ADOC Nevidah starts covert SOF mission Nevidah flies helicopter at night Nevidah picks helicopter extraction for SOF team US military selects cyber options Califon president decides to act on Washorgon flight Califon president decides to act on UAV flight ADOC reports SOF flight to Califon president Califon ADOC reports Washorgon flight to Califon president ADOC reports UAV flight to Califon president SOC orders SAM and fighter to stand down for Washorgon flight Califon president orders weapons hold Califon president orders shooting down of SOF flight World opinion opposed to US unilateral action Califon president decides to stop cyber attacks on US and Nevidah Nevidah SOF mission is a success Califon president s orders passed down through ADOC to SOC on SOF flight Washorgon announces diplomatic flight Califon president admired domestically for willingness to challenge USA ally UAV flies inadvertently into restricted zone Califon president wants UN sanctions lifted Califon president responds to political pressure US conducts cyber exploits against Califon internet communications Califon radar detects and reports SOF mission up channel to GCI Califon radar detects and reports Washorgon flight up channel to GCI Califon radar detects and reports UAV up channel to GCI 20 alifon VOP forwards report to ADOC Califon GCI reports SOF mission to Eastern SOC Califon GCI reports Washorgon flight to Western
153. s window type the C2WTROOT directory into the text field next to Select root directory and then click in the Projects sub window A project should appear in this sub window Make sure the checkbox next to the project is checked and click Finish 73 Import Projects Select a directory to search for existing Eclipse projects Select root directory home c2wt Projects ngc2wt 2 Select archive file Projects amp ngczwt home czwt Projects ngc2wt _ Copy projects into workspace Working sets _ Add project to working sets Working sets Next gt Browse Browse lectAll Se Deselect All Refresh Figure B 41 Importing ngc2wt project in OMNeT Eclipse IDE 74 3 The ngc2wt project should now appear in the main OMNeT window Simulation OMNeT IDE File Edit Navigate Search Project Run Window Help CI m X Q Qv EFP aJ EY simulation ts Navigat H LI gt iS inetmanet 2 0 2 ngc2wt S Propert X BE Outline El rt i Problems C3 Module Hie NED Param fg NED Inherit E Console 52 m ngc2wt CDT Build Console ngc2wt 9 9 EM Gage n eB ne Resource Property Value Vv info derived false editable true last modi March 2 linked false location home c pe E ngc2wt Figure B 42 Imported view of the ngc2wt project in OMNeT Eclipse IDE B 4 13 1 2 Building the Java project Large
154. s Our project did not develop analytical techniques but provided that facilities for raw data collection and archival The figure below illustrates the content of database after an experimental run 13 DbVisualizer Free 8 0 2 Untitled zw gem ot M Databases O Scripts CA JL Sim 9o Connections 9 I NGC2WT gt gj information schema Il mysql Pacifica CyberCOA1 Deployment 1Host 2011 10 26_ 9 EI TABLE 31 Experimentinfo gt 7 view 7 LOCAL TEMPORARY d Procedures iJ Pacifica CyberCOA2 Deployment 1Host 2011 10 26 9 E TABLE 31 Experimentinfo SimulationData gt 1 Ew 7 LOCAL TEMPORARY d Procedures ig Pacifica NoCyberEffects Deployment 1Host 2011 10 9 E TABLE 71 Experimentinfo E SimulationData gt 7 MEW e E o amp LOCAL TEMPORARY Procedures i nun File Edit View Database Scripts SQL Tools Window Help E Table SimulationData NGC2WT Pacifical CyberCOA1 Deployment 1Host 2011 10 25 132015 TABLE SimulationData 9 Indexes P Primary Key BO s9 gt id time parameter StartDelayNodeAttack sub OmnetFederate 3620 000 delayMean StartDelayNodeAttack sub OmnetFederate 3620 000 delayStdDev StartDelayNodeAttack sub OmnetFederate 3620 000 nodeFullPath StartDelayNodeAttack sub OmnetFederate 3620 000 originFed StartDelayNodeAttack sub OmnetFederate 3620 000 sourceFed StartDelayNodeAttack sub OmnetFederate 3620 000 uniqueCommandiD StartNode
155. s subwindow Make sure the checkbox next to the project is checked and click Finish 71 Import Projects Select a directory to search for existing Eclipse projects Select root directory opt inetmanet inetmanet 2 0 Select archive file Projects amp inetmanet 2 0 opt inetmanet inetmanet 2 0 SelectAll Deselect All Refresh _ Copy projects into workspace Working sets Add project to working sets Figure B 38 Finalizing Inetmanet project import OMNeT Eclipse IDE 5 In the main OMNeT window the project inetmanet 2 0 should appear in the upper left hand sub window Click on this project to select it then click on Project Clean from the menu bar Simulation OMNeT IDE e Edit Navigate Search Project Run Window Help ES simulation Close Project m Build All Build Project amp inetmanet 2 0 Build Working Set a N Build Automatically Project Features Generate NED Documentation Clean Up NED Files Properties E Propert X N BE Outline 7 O re NT inetmanet 2 0 Resource Property _Value Y Info i derived false editable ius ff Problems 33 E Module Hierarchy NED Parameters fg NED Inheritance o last mod March 2 items linked false Description Resource Path Location location opt ine name inetman path inetma n i inetmanet 2 0 Figure B 39 Cleaning the Inetmanet pr
156. s eii Y mu eer T cmm oe sedile mem 2 Example CPN Model Pacini Ponco The CPN model above is was developed for one of the scenarios described in the next section File Edit Simulate Trace inspect View Options Help R amp S BH 4 PW AO Sk iE Ls N Next Pacifical Network hlalnterfaci Msgs present 1348 2 89 Joi Ang O Mm 2 4 Ajj Pacifica1 OmnetF ederate CalifonlADsNetwork Pacifical Network califonNet CalifonlADs ide907 ptr Run 0 PacificalNetwork Event 1 T 0 Msgs scheduled 63 Ms is Created 1348 Ewsec a i wa Simsec sec n a Ewsimsec a eae a 3 Be Md 35 L3 Initializing module PacificalNetwork usNet UnitedStatesIADs VOP1 acifica1 OmnetFederate C E Paciicainetwo Initializing nodule PacificalNetuork usNet UnitedStatesIRDs Wei Rosicidpiegia ai pura Pacifical Network califonNet tiini are eri Orn scheduled event PacificaiNetwork PacificaiNetw S S O DOL nam Oi Mim 24 Aj Pacifical OmnetFederate Pacifical Network PacificalNetwork id 1 ptr0xa0abS76 Zoom 0 65x 2 8g DO naw Mim 2a ajg Breen Ounetf siarada NevidehNetwort PacticalNetwor nevidahNet de4 petieatSeck Zoom 07a UE A e e washorgonNet ide6 ptrOxa1 31480 Zoom 0 76 ao st O EU LU vh Q BE E 1t ifical OmnetF ederate UnitedStatesNetwork Pacifical Network usNet d 7 ptrOxat eel Brac Figure 6 Example OMNeT model The above model shows the ne
157. s in the conversion code This is a convention to refer to the participant interactions in the conversion code When the code generator reads this code it automatically replaces the tokens with right calls using appropriate RTI calls 104 ComplexM appingConnection Attributes Preferences Properties Mapping String data NetworkPacket get data StringT okenizer t new StringT okenizer data e USMoneyGram set_id Integer parselnt t nextT oken USMoneyGram set_dollars D ouble parseD ouble t nextT okenf USMoneyGram set_sender t nextT oken USMoneyGram set_receiver t nextT oken NetworkPacket USMoneyGram ComplexM appingConnection Attributes Properties MEM Mapping NetworkPacket set_senderHost MapperExNetwork BankOfamerica NetworkPacket set_senderHost4pp B asicU dp amp ppwrapper NetworkPacket set_receiverHost4pp BasicUdpdpp rapper NetworkPacket set sender amp pplndex U NetworkPacket set receiver amp pplndex 0 NetworkPacket set receiver amp pplnterface eth0 String receiverBank USMoneyGram get_receiverf ifl SocieteGenerale equals receiverB ank NetworkPacket set_packetT ype ELIMoneyGram NetworkPacket set_receiverHost MapperE Network SocieteGenerale ROS MARTIN USMoneyGram get id USMoneyGram get_dollars 0 8 cy Bank f amp merica SocieteGenerale else NetworkPacket set_packetT ype
158. s that the Federation Manager has been successfully initialized and all federates that are part of the federation have started successfully The Batch menu item starts the batch execution of currently selected experiment s Note that when more than one experiment is selected only Batch mode of execution is permitted When a batch of experiments is running user can terminate the currently running experiment using the Stop menu item If the entire batch needs to be terminated user can use the Stop All menu item Again as mentioned above Stop menu item should be used only after the current experiment has started executing successfully 1 3 4 Help Menu Figure I 7 shows the Help menu The menu item About shows a brief information message about the experiment controller The Help Contents menu item opens a help file that contain information about how to use the experiment controller 114 C2 Windtunnel Experiment Controller View Run Help About Hello w d TS eT lacie Mapperb Figure I 7 Help menu I 4 CONCLUSION The experiment controller provides a very user friendly tool for the users of C2 Wind Tunnel It can be used to not only run various experiments in interactive and batch mode but it also provides a rich set of utilities to control their execution The tool provides various measures to save and store useful experiment information A user can also execute a batch of experiments that se
159. sable partially generated from the GME model Integration steps Develop CPN simulation model Identify inputand output places ports in the model where tokens enter and leave the simulation model Define interaction models that match the token colors for those places Import the CPN simulation model into a modeling tool Wire the ports to interaction models CPN Federate Example from simplified Pacifica scenario Input places ESOC receives report ADOC receives report Output places GCl sends report ESOC sends report i Es P CPNPacifica GCIReportToESOC FOORE numMissed int repon String numBlocked int ESOC Reports to ADOC GCI Reports to ESOC Content report text Content report text 123 Mapper The mapper is responsible for translating messages exchanged among simulators It subscribes to and publishes different messages gt Its logic is dependent on the simulation engines used May depend on the simulation models gt The logic can be specified using a graphical model The code of the mapper federate is automatically generated from a model CASIM Sequence model Sequence models capture specific operational scenarios They are derived by human experts from the COA Models represent Actions on a timeline actions are always specific interactions that are injected into the simulation system Timing markers and delays Responses to actions responses ar
160. se experiments depending on all COA combinations possible in them and makes them available in a tree view in a Graphical User Interface GUI User can use this tool to easily select and run experiments in Interactive or Batch mode When run in Interactive mode all GUIs of the simulators used are shown including CASIM s Federation Manager and the COA Simulation Display if the experiment uses any COAs When run in Batch mode no GUIs are shown not even any error or information dialogs During Batch mode of execution multiple experiment runs can be selected to be executed including those from different scenarios demos During execution the experiment controller shows status of experiments being executed and log messages captured on console for execution information and errors if any For more about experiment controller user 1s referred to Appendix I dediicated to the full description of the experiment controller 29 A 6 SOURCES All sources for the Pacifica2 are located in home c2wt Projects ngc2wt src Pacifica2 directory All generated files for the Pacifica2 scenario are located in home c2wt Projects ngc2wt generated Pacifica2 directory 30 APPENDIX B INSTALLATION AND CONFIGURATION FROM SOURCES B l PRELIMINARIES This section lists what is needed before the C2 Wind Tunnel and related software is installed Some steps described in this Appendix require the user performing them has root administrator privileges B 1 1 Comput
161. sing StartReplayAttack interaction it replays them in order until the attack is ceased using CeaseReplayAttack interaction or terminated using TerminateReplayAttack interaction Parameters SrcNetworkAddress Source network address could be an address of a host or subnet from where the packets to be recorded originate from DstNetworkAddress Destination network address could be an address of a host or subnet to where the packets to be recorded are destined RecordingNodeFullPath The full network path of the node where the relay attack 1s deployed RecordDurationInSecs Duration in seconds for which the packets are recorded for the attack Status It has been fully 1mplemented and tested 6 Packet modification attack Name ModifyPackets Description The attacker intercepts inspects modifies and then sends out the packets Parameters 98 router the router where the packet modification happens Status It has been NOT been implemented yet It is trivial to implement in such a way that the network basically corrupts the data 7 Data injection attack Name njectPacket Description A packet 1s injected into a specific link in the network Parameters from node one endpoint of the link to node other endpoint of the link packet the payload that gets injected Status It has been NOT been implemented yet It is trivial to implement in such a way that the network injects dummy data 8 O
162. soon as the fork element is reached A Probabilistic Choice element chooses only a single succeeding branch Different branches have a T probability specified for their selection The Probabilistic Choice probabilities of all branches are normalized to 1 if they already do not add to 1 At run time a random value Synchronization Point and Exceptions timeouts between 0 and 1 is chosen and depending on that value the appropriate branch 1s selected for execution A simple specifier to must wait on a given number of AwaitN incoming branches to finish before letting the COA sequence execution to proceed 89 A duration specifier represents the time the COA sequence executor delays the execution once the Duration duration element is reached This time period is relative to the time when the duration element is reached A duration specifier represents a duration that is randomly distributed using a uniform distribution For uniform distribution a range 1s provided and the orchestrator automatically chooses a value according to a seed value The seed value can be configured for an experiment for repeatability of experiment purpose If no seed is provided a default O is used as the seed value Once a value for the random duration is selected the execution semantics 1s the same as a regular duration This 1s an advanced concept and can be used to filter based on the values of the parameters of the received OutcomeFilter interac
163. t environment variable has been created in the WINE Windows environment Registry Editor Registry Edit View Favorites Help 71 9 My Computer C HKEY CLASSES ROOT C IHKEY CURRENT LISER Ga HKEY LOCAL MACHINE 3 C HARDWARE Cd software C System 3 CurrentControlSet i Control C class ees ComputerName C ContentIndex Isa Nis C Print CJ ProductOptions C ServiceCurrent 1 T T T T C vmM3zFiles C windows zi Hardware Profiles C3 Services C MountedDevices C HKEY LISERS CJ HKEY_CURRENT_CONFIG C HKEY DN DATA CJ Session Manager Environment Gg Memory Manage ab GME_ROOT ab GREAT_3RDPARTY_PATH lab GREAT PATH ab NLIMBER OF PROCESSORS ab PROCESSOR ARCHITECTURE ab PROCESSOR IDENTIFIER ab PROCESSOR LEVEL ab PROCESSOR REVISIOM ab SystemDrive ab SvSTEMROOT ab TEMP ab TMP ab UpM PATH REG EXPAND SZ REG SZ REG SZ REG SZ REG SZ REG SZ REG SZ REG SZ REG EXPAND SZ REG EXPAND SZ REG SZ REG EXPAND SZ value not set Zhomelc2wtiProjecktsingc2wt C windows system32 cmd exe C Program Files GME C Program Files ISIS GReAT 3rdparty C Program Files ISIS GReAT 1 Windows NT Ciwindowslsystem32 C windows C win COM EXE BAT CMD VBS VBE 5 JSI x86 x86 Family
164. t step is to create a CPN FOM using GME i e the corresponding interaction model with parameter types etc For example for above two examples we would create two interactions in GME model for the scenario and define parameters for those two interactions with data type selected as above Step 5 We create a CPNFederate model in GME and define its properties One of the properties is CPNTimeRatio which is the ratio of time units assumed in CPN model over the federate time unit which 1s always 1 second So for example if CPN model assumes time delays in minutes the CPNTimeRatio should be set to 60 On the other hand if the time delays in CPN were assumed to be in hours the CPNTimeRatio should be set to 3600 IMPORTANT The minimum step in CPNTools is 1 so the step size of CPN federate cannot be less than the CPNTimeRatio Step 6 We need to add the step size MaxStep and Lookahead parameters of the CPN federate which are normally set as 1 0 and 0 1 seconds respectively However this can be changed depending on the simulation fidelity requirements Step 7 Next we specify the name of the CPN model file CPN The convention in CASIM is that the CPN model file is located at lt project_root gt src lt demo_name gt models cpn directory and the GME model at lt project_root gt src lt demo_name gt models gme directory For example for Pacifical demo the CPN model is located at directory lt project_root gt src Pacifical models cpn an
165. ter There are two aspects to the operation First 1t 1s to insert in a covert manner the Special Forces team near the Cyber Ops Center and have the team incapacitate the Center by destroying its power sources and its communications lines land lines and satellite links then to extract the SOF team once the mission 1s accomplished Nevidah asks the US for support in conducting the SOF raid by conducting cyber exploits against the Califon COC such as attacking the internal network of the Cyber Ops Center execute sniffer attacks on nodes of the system modify route attacks misdirect exploits by Center and transmit out of order packets to corrupt disable exploits In addition the US plans to conduct Information Operations using social media to stir up Califon population against Califon president s actions The specific cyber actions by the US are establish specific Califon cyber information requirements to defend US military networks and attack Califon IADS deploy ELINT collection to enable EW and NW operations against Califon IADS and special technical operations cyber attacks e g disable routers switches and other key systems 5 3 Phase 2 Seize the Initiative Phase 2 operations begin when Califon invades Nevidah to occupy the Mineral Fields region the Joint Force Commander s objectives are to defend US and Nevidah forces and interests in the Pacifica theater deny objectives of Califon offensive operations compel Califon to resume ne
166. tible with the federation using it Figure G 2 Mapper federate icon G 3 MAPPING TYPES CASIM supports mappings between interactions in a variety of ways The most basic type of mapping involves conversion of those interactions that do not have any parameters Figure F 3 shows an example of mappings for conversion of basic interactions that do not have any parameters Figure G 3 Mappings among interactions with no parameters Another type of mapping involves interactions that contain parameters but in both the interactions the data type and order of these parameters are the same Figure F 4 below shows an example of mapping between interactions EUDebtBAC and EUDebtSG Both these interactions have an integer parameter so the mapper straightforwardly converts one interaction into other type by copying the data value EUDebtBAC mapsTo EUDebtSG mapsTo Figure G 4 Mapping among interaction with parameters but with no data conversion 103 CASIM also supports mapping among interactions that contain parameters with different data type The next such mapping example involves conversion of one interaction into another type such that both interactions contain same number of parameters and also in the same order The mapper in CASIM automatically figures out the data types of the parameters of both interactions and assuming the matching order of parameters in the two interactions mapped it translates one into another by automatical
167. tico VN again VN is the current version of portico e g 1 0 2 See section B 1 3 1 for how to create a persistent environment variable 1n the Ubuntu Linux environment i e put this command at the end of the appropriate file export RTI HOME opt portico portico VN 62 B 4 10 CPNTools CPNTools is a Colored Petri Net CPN development and simulation tool that is used in the C2 Wind Tunnel to model decision making processes CPNTools is installed into the Ubuntu Linux environment The version that works with the C2 Wind Tunnel is 2 2 0 From this point onward VN will be used to refer to this version 1 2 3 4 5 6 7 Using your browser go to http cpntools org download You might need to apply for a license and you may choose to be notified of future release announcements On the resulting page in the Linux Mac OS X section click on Download Linux Version VN Save cpntools VN tar gz to your disk by clicking Save in the resulting pop up window Once cpntools VN tar gz is downloaded extract it to a location on the hard drive e g opt CPNTools From this point forward this directory will be referred to as CPNTOOLS DIR Set the persistent environment variable PATH to the following value 1 e add the following line to the BOTTOM of the appropriate file see section B 1 3 1 for how to set persistent environment variables in the Ubuntu Linux environment export PATH SPATH CPNTOOLS DIR
168. tion as an Outcome Different outgoing branches can be executed based on different values of parameters Terminate COA When reached the COA execution is terminated SimEnd When reached the entire simulation federation 1s ee terminated D 6 COA SEQUENCE EXECUTOR ORCHESTRATOR Random Duration Once a number of COAs are modeled in a scenario depending on the gaming requirements if any we need a COA sequence executor that can parse the COA models and execute them while matching the intended semantics We extended the Federation Manager Java federate in C2 Wind Tunnel to handle this The COA sequence executor parses all of the COA models designed and builds a graph data structure from it with COA sequence elements as nodes of the graph and appropriate dependencies between COA sequence elements as edges of the graph It then executes the graph structures step by step while matching the intended semantics The COA models are first translated in the form of an XML file that can also be manually changed or if needed created using a gaming script for advanced applications and variability This XML file is then parsed to create the graph data structures which are then executed by the COA sequence executor Multiple COA models can be executed in parallel Note As Outcome represents the arrival of a specified type of interaction if multiple COA models are waiting on the same interaction type at the same time all of them will be
169. tion models to communicate This translation process is performed by the Mapper The Mapper federate is specific to an ensemble of simulation models and possibly to a scenario In order to ease the development of the Mapper we created a modeling tool and software generator to model the message translation operations and to generate the complete executable Mapper federate from the models The models simply capture the mapping between message types they are essentially short specifications for transcribing messages from one form to another The models of the mapping range from simple mappings where messages are isomorphic and thus can be directly mapped to more complex cases where custom Java code is needed to transcribe data The Mapper is described in detail in the Appendix Here on the figure below we just give an example for a model of the most complex case where custom code is needed Complex mapping using code Direct parameter mapping with no data conversion NetworkPacket Parameter mapping with implied data conversion in so case Complex parameter mapping requiring Java code with naming conventions fo mapsio apsio E y PT MoneyGram IndianMoneyGram EUMoneyGram Complex parameter mapping requiring Java code with naming conventions for interactions Mapping String data NetworkPacket get data StringT okenizer t new StringT okenizer data EUMoneyGram set id Integer parselnt t nextT oken
170. tire federation simulation was slowed down manifolds during the period of cyber effects With the new design in the Cyber Effects Library those problems have been eliminated The library comes as part of the generic OMNeT simulator a static library Using this library users can use scenario specific network models and simulated networked applications without needing to change the cyber effects implementation As the cyber effects are based on the interaction models defined in OMNeT FOM the cyber effects can be exercised and controlled turned on off varied at run time using appropriate scenario sequence models COAs Please refer to the Appendix F on CyberEffects for a detailed description of the cyber effects that are part of the generic library that comes with CASIM D 4 FOM MAPPING LANGUAGE AND EXAMPLE MAPPER FEDERATES CASIM intends to make use of C2 Wind Tunnel much simpler and flexible It also intends to support external HLA based simulation tools that have pre defined FOMs In order to support 87 federates that have FOM pre defined it is necessary to device mechanisms that can translate messages defined in one FOM to the other If there were such a facility then different federates with their fixed FOMs can be easily integrated and made to work together However this is a non trivial task and 1s an active research area in both industries and academia In CASIM we created a FOM mapping language that can be used to map
171. to a terminal usr local bin dbvis B When initially run with no database connections DbVisualizer should bring up the New Connection Wizard If it doesn t then select Database Create Database Connection and click Use Wizard in the resulting pop up window 58 File Edit View Database Scripts SQL Tools Window Help amp E 6 lj Databases LJ Scripts t 4 Connections Yi P New Connection Wizard This Connection Wizard will guide you through the steps to setup a database connection Make sure you have access to the required JDBC driver file s for the database you are going to access Information about supported databases and links to download sites for JOBC drivers are available at Enter the connection alias for the new database connection This is the name you will use to refer this database connection throughout the application lt Back Next gt Cancel E Select Tools Connection Wizard menu choice to create a database connection C Latest news documentation and FAQs are available at http www dbvis com Figure B 25 Setting up new database connection in DbVisualizer C In the initial New Connection Wizard enter C2WindTunnel into the textbox and click Next New Connection Wizard This Connection Wizard will guide you through the steps to setup a database connection Make sure you have access to the required JDBC driver file s for the datab
172. topNodeAttack StopDatalnjectionAttack nodeFullPath String n DropRouteFromRoutingTable listenerHost String toNode String CommandExecutionStatus gatewayAddress String affectedHost String fromNode String interfaceEntry i dnsHost String RecordPacketsForReplayAttack uniqueCommandlD String a a StartLinkAttack Status int networkAddress dstNetworkAddress String exec a i StartMasqueradingAttack nodeFullPath toHost String SrcN etworkAddress String host String fromHost String recordDurationinSecs double AddRouteToRoutingTable ps NR Shing recordingNodeFullPath String i gatewayAddress String StopLinkAttack i StopMasqueradingAttack StartReplayAttack networkAddress String StopMasqueradingattack fromHost Strin lll li interfaceEntry String host Stin bri Sting srcNetworkAddress String nodeFullPath String dstNetworkAddress String E recordingNodeFullPath String EE StartNetworkFilterAttack CeaseReplayAttack E dstNetworkAddress String srcNetworkAddress String srcNetworkAddress X String nodeFullPath String dstNetworkAddress String il recordingNodeFullPath String StopNetworkFilterAttack TerminateReplayAttack dstNetworkAddress String nodeFullPath String recordingNodeFullPath String srcNetworkAddress String dstNetworkAddress String srcNetworkAddress String mn StartModifyFromHLAPacketsAttack srcNetworkAddress String recordingNodeFullPath S
173. tor 55 mysql var rcun mysqld mysqld sock 3306 usr var lib mysql tmp skip external locking R Instead of skip networking the default is now to listen only on iocathost which is more compatible and is not less secure bind address 127 0 0 1 bind address 0 0 0 0 z Fine Tuning z key buffer max allowed packet thread_stack 192K thread cache size 8 This replaces the startup script and checks MyISAM tables if needed the first time they are touched 16M 16M Figure B 22 Configuring MySQL Server 2 MySQL must now be restarted To do this in a terminal enter the following command sudo restart mysql B Now MySQL must be configured to allow connections from other hosts to have permission to create and manipulate databases To do this first execute the mysql command in a terminal as follows mysql user root password c2wt At the resulting mysql gt prompt enter the following command GRANT ALL PRIVILEGES ON TO root IDENTIFIED BY c2wt WITH GRANT OPTION This should all be typed on one line and all punctuation is very important MySQL should respond with Query OK 0 rows affected 0 00 sec At this point configuration of MySQL is complete so simply quit by entering at the mysql gt prompt quit B 4 5 MySQL C Connector The MySQL C Connector is needed in the Ubuntu Linux environment for the C code generation component of C2 Wind Tunnel
174. tring recordDurationInSecs double H nodeFullPath String dstNetworkAddress String ll StartModifyToHLAP acketsAttack StopOutOfOrderPacketsAttack nodeFullPath String srcNetworkAddress String dstNetworkAddress String T StopModifyT oHLAPacketsAttack recordingNodeFullPath String receiverAppinterface String receiverHostApp String nodeFullPath String StartDelayNodeAttack delayStdDev double delayMean double nodeFullPath String StopDelayNodeAttack nodeFullPath String Figure D 1 OMNeT FOM D 2 GENERIC OMNET SIMULATOR It supplies all C2 Wind Tunnel integration and cyber effects facilities for integrating scenario specific network models The integration hooks enable the network model to run as a C2 Wind Tunnel federate with time synchronization The cyber effects layers provide OMNeT module implementations for a variety of cyber effects as described below The generic simulator 1s supplied as a static library that can be easily incorporated in various scenarios The figure below shows OMNeT simulation for an example scenario 86 Eile Edit Simulate Trace Inspect View Options Help 3 BO Dot ann O EM 4 Ajj si so Oi ana O Mm 2 4 jR hk BE s ww kO Ske MES i18 Bi Pacisicat OmnetF ecerate CalifonNetwork Pacifical Network califonNet id 5 ptrox9d165e8 ll Pacifical OmnetF ederate CalifonlADsNetwork Pacifica Network califonNet CalfonlADs id 907 Run 0 PacificalNetwork
175. ts that are in the COA Sequence Execution Language Table D 1 Elements of the sequence models COA Sequence ICON Description Element This represents the absolute time point from the beginning of the simulation The semantics is that all incoming branches must wait until the time point represented by the synchronization point has been reached If all incoming branches have been finished the success following branch is taken Also depending on the number of incoming branches that have finished till the synchronization point the exception branches can be taken according to the model For example in the figure at synchronization point t 2hrs if both the branches have succeeded then the branch with synchronization point t23hrs 1s activated otherwise Exception branch 1s triggered An action is basically an interaction type of an interaciton that must be sent out by the COA Sequence Action Executor as soon as the action point is reached in COA sequence execution The parameters of the interactions can be specified An outcome basically represents the type of an interaction that the COA sequence executor must wait Duicome for to arrive before it can proceed For example this can represent a planned or expected activity in a scenario that when occurs an interaction of this type is sent to HLA A Fork element is a branching element Its semantics are that all branches following a fork element are Fork l executed in parallel as
176. tworks used in the scenario 12 File Main Time 20880 000 sec Config Status Pa Resume M As Fast As Possible Y atNetwork califonNetCalifoniADs id 907 ptr gt BRITNeY suite I e 9 Wake En gt oS 7 califo 1 Detailed Log l Simulatio Legend INAC J C A TS abc jeu ques ct gent Callen wasser Calon YOR terme aL Er RE AE NEK pet sos i IR peka axes X nse M e Ho temm ACE e rashorgonNet id 6 ptr xa13f460 Zoom 0 7 Figure I 0 Figure 7 CPN and OMNeT models sone The above figure shows the two models executing concurrently 4 6 Experiment execution and analysis As described above the software infrastructure supports the modeling of multiple operational sequences and the execution of the combinations of these sequences To assist with this activity an experiment controller tool has been developed The tool is used after the models were processed by the software generators and the tool shows on a GUI all the possible experiments that were generated from a model and allows the interactive selection and batch mode execution of multiple experiments The results of the experiment are captured in an SQL database The results are message logs selected interactions are logged with content and time stamp in specific tables Any standard SQL tool can be used for post processing and analysi
177. ub NetworkPacket 40520 001 receiverHost Mapper pub NetworkPacket 40520 001 receiverHostApp Mapper pub NetworkPacket 40520 001 receiverAppIndex Mapper pub NetworkPacket 40520 001 receiverAppInterface NetworkPacket sub OmnetFederate 40520 001 data NetworkPacket sub OmnetFederate 40520 001 numBytes NetworkPacket sub OmnetFederate 40520 001 originFed NetworkPacket sub OmnetFederate 40520 001 packetType NetworkPacket sub OmnetFederate 40520 001 receiverAppindex NetworkPacket sub OmnetFederate 40520 001 receiverAppInterface NetworkPacket sub OmnetFederate 40520 001 receiverHost NetworkPacket sub OmnetFederate 40520 001 receiverHostApp MaxRows 5000 _ Max Chars 1 idi Grants P Row id References value pe level logid H 5 double NORMAL 0 1 double NORMAL 0 Pacifical Network califonNet CCOC String NORMAL O manager String NORMAL 0 manager String NORMAL 0 String NORMAL 0 Pacifical Network califonNet CalifonlADs ESOC String NORMAL 1 manager String NORMAL 1 manager String NORMAL 1 String NORMAL 1 Pacifical Network califonNet CalifonlADs WSOC String NORMAL 2 manager String NORMAL 2 manager String NORMAL 2 String NORMAL 2 5 double NORMAL 3 1 double NORMAL 3 Pacifical Network califonNet CalifonlADs GCI String NORMAL 3 manager String NORMAL 3 manager String NORMAL 3 String NORMAL 3 CPNPacifica String NORMAL 0 CPNPacifica String NORMAL 0 COA Test String NORMAL 0 CPNPacifica String NORMAL 0 COA Test String NORMAL 0 CPNPacifica
178. ues federation of simulation models while executing the workflow the engine sends and receives messages as the simulated scenario unfolds Note that the HLA federation has a global simulation clock which is used by the OE to keep track of time wait for events until a timeout and control in general the temporal behavior ProbabilisticChoice SyncPoint 4 3 The Mapper While the sequence models and the OE are essential for performing the evaluation task the Mapper component is also a critical component it acts as the universal translator between the different federates containing the different simulation models In the new Next Generation C2WT a simulation engine is integrated into the framework This means that the adaptor code that connects a simulation engine to the HLA bus is developed once and reused across multiple http www bomn or models without change This is a necessity as adaptor development is a non trivial task and requires effort Each adaptor henceforth defines a set of message interaction types the simulation engine understands and produces this set is independent of the specific model used in the engine and 1s fixed by the adaptor developer As a result each simulation federate has a well defined interface in the form of these messages that they are able to send and receive However in a particular scenario involving multiple federates the messages should undergo a translation process for the simula
179. uld ve been removed in the meantime if x usr lib command not found then usr bin python usr lib command not found 1 return elif x usr share command not found then usr bin python usr share command not found 1 return else return 127 Fi Fi export C2WTROOT home c2wt Projects ngc2wt Figure B 1 Exporting COWTROOT environment variable Once this is done exit all terminals Then execute another terminal and enter the following command for any of the variables you set in the lt HOME gt bashrd or etc bash bashrc files echo SVARIABLE NAME 33 The output of this command should be the value of the VARIABLE NAME environment variable For example for the CZWTROOT environment variable the following should be displayed on your terminal echo C2WTROOT home c2wt Projects ngc2wt B 1 3 2Setting persistent environment variables in the Windows computer environment Setting an environment variable in the Windows computer environment in particular so that it 1s persistent depends on whether the environment is a Windows operating system or WINE B 1 3 2 1 Setting a persistent environment variable in a Windows operating system The following instructions pertain to the Windows XP operating system The instructions for Windows 7 are similar Click the Start button right click on My Computer in the resulting pop up window and select Properties in resulting menu Harmon Nine
180. urrentControlSet control E class fa ComputerMame Cd ContentIndex Lsa CCdNis CJ Print fe ProductOptions C3 ServiceCurrent d session Manager EJ Environment CJ Memory Manage Cg vMM32Files Windows Hardware Profiles H E Services E MountedDevices E E HKEY USERS HKEY_CURRENT_CONFIG EI HKEY_DYN_DATA value not set Ciwindowslsystem32Ylcmd exe C Program FilesVGME C Program Files ISIS GReAT 3rdparty C Program Files ISIS GReAT u REG 1 ab os REG SZ Windows NT ab PATH REG EXPAND SZ Cilwindows system32 C windows C ywin ab PATHEXT REG SZ COM EXE BAT CMD VBS VBE J5 JSI ab PROCESSOR ARCHITECTURE REG SZ x86 ab PROCESSOR IDENTIFIER REG SZ x86 Family 6 Model 30 Stepping 5 Genuini ab PROCESSOR LEVEL REG SZ 6 ab PROCESSOR REVISION REG SZ 1e05 lab systemDrive REG SZ C ab SYSTEMROOT REG SZ Ciwindows ab TEMP REG EXPAND SZ C iwindowsltemp ab TMP REG EXPAND SZ Ciwindowstltemp lab LiDM PATH REG SZ C Program FilesiISIS Udm ab windir REG EXPAND SZ Ciwindows ab winsysdir REG SZ Ciwindowslsystem32 Delete Del Rename oT oR H E Modifies the value s data A Figure B 8 Editing variable value in Registry Editor 37 A new window will appear in which the value for the variable can be entered Press the OK button once this 1s done Value name Cancel Figure B 9 Entering new value A persisten
181. ut of order packets attack Name OutofOrderPackets Description A specific node in the network is buffering and re sequencing packets That is the sending order will be different from the receive order When the attack is launched the node records the packets for the given duration periodically period record duration and replays them in random order Parameters SrcNetworkAddress Source network address could be an address of a host or subnet from where the packets to be recorded originate from DstNetworkAddress Destination network address could be an address of a host or subnet to where the packets to be recorded are destined RecordingNodeFullPath The full network path of the node where the relay attack 1s deployed RecordDurationInSecs Duration in seconds for which the packets are recorded for the attack Status It has been fully implemented but not tested 9 Sniffing attack Name SnifferAttack Description A node relays all messages going through it to another listener host Parameters NodeFullPath The full network path of the node where the sniffer attack is deployed ListenerHostIPAddress Network address of the listener host where packets are duplicated Status It has been fully implemented and tested 99 10 Masquerading attack Name MasqueradeAttack Description A malicious host masquerades as another legal host All packets are intercepted by malicious host and are responded to The
182. will be diplayed under C B Click on the small triangle next to Build and another sub menu will be displayed under Build C Click on Environment D Click on the Add button for each variable to be input When the variable s information has been entered click on the OK button e Environment Qv gt General gt Ant Y C C Variable Value Appearance C2WTROOT i home c2wt Projects ngc2wt M v Build Edit Environment variables to set Build Variables Delete Console Environment Undefine Logging Make Targets PO New variable d Makefile Editor Name RTI HOME Settings Code Analysis gt Code Style gt Debug Editor Append variables to nativeer Cancel N File Types Replace native environment w Indexer Language Mappings Value opt portico portico 1 0 2 Variables Restore Defaults Apply Q Cancel OK Figure B 34 Adding CWTROOT environment variable in OMNeT 68 E Enter the variables shown in the table below Substitute C2WTROOT and RTI HOME with their actual values as in section B 2 and section B 4 4 step 6 respectively Table B 7 Environment variable values for OMNeT configuration Variable Name Variable Value C2WTROOT C2WTROOT RTI HOME SRTI HOME 4 In the same window A Click on the small triangle next to Java A sub menu will be diplayed under Java B Cli
183. xperiment Controller Please see the Appendix I on C2WT Experiment Controller for a detailed user s manual of this tool D 9 BRITNEY CPN MODEL VISUALIZATION BRITNeY Java library is used in C2 Wind Tunnel to connect to the CPN models from Java and execute and control their simulation as a C2WT federate This new feature uses the visualization capabilities of the BRITNeY Java library The default library needed to be extended in house to support this functionality With the visualization support the CPN federate shows the complete state of each of its places and transitions as the simulation is proceeding It shows what tokens are generated at which places and how they move from place to place It also shows the hooks of 92 the CPN model with HLA input and output places and what input tokens come in from HLA and what goes back to HLA This is a major addition to the C2 Wind Tunnel infrastructure A picture of an example scenario with BRITNeY visualization 1s shown below BWP EN ww 3 e eu M ED DS Figure D 5 BRITNeY CPN Model execution D 10 SCENEBEANS ANIMATION FOR CPN MODELS The Scenebeans animations provide an additional and intuitive way of looking into CPN model execution The BRITNeY visualization is highly detailed as it shows the exact CPN model with exactly how and which tokens are flowing from which place to which place However to provide an easier to parse and intuitive display the team at George Mason
184. xt to each 75 project is checked and click Finish 1 i5 um RE T mi de T Figure B 43 Importing other projects in OMNeT Eclipse IDE These projects will appear in the OMNeT main window B 5 GENERATING CODE FOR C2 WIND TUNNEL PROJECTS In OMNeT a given project will not compile unless code has been generated for it in GME in particular from the GME model pertaining to the project This section does not describe how to build a model for a project Rather it explains how to generate code from an already existing model Generally the model for any project should be stored in the file 1n the Ubuntu Linux environment C2WTROOT src PROJECT NAME gt models gme PROJECT NAME gt mga where PROJECT NAME gt is the name of the project for which you wish to generate code To generate code for a project do the following We ll use the HelloWorld project as as example 1 Execute GME in your Windows environment e For WINE execute the following command in a terminal the single quotes are very important wine C Program Files GME Bin GME exe e Fora Windows OS execute the C Program Files GME Bin GME exe using a command prompt or explorer window 2 Select File Open Project from the top menu bar 76 Aggregate Inheritance Meta y Import XML Update through XML 1 MGA Z lhomelhninelProjeckEsingc2wtsrcyc2wYmodelsygmelhlalCASIM mga 2 MGA Z lhomelh
Download Pdf Manuals
Related Search