Embed Size (px)
Citation preview
Badger:The Networked Security State Estimation Toolkit
Badger42.org
Intros
Badger42.org
• Hindsight is 20/20
• Too much data
• If only . . .
What is the problem?
Badger42.org
• Measurement of the state of security
• Somewhat polarizing
• Take it for what its worth
Networked Security State Estimation
Badger42.org
• An arbiter for core metadata on cyber-physical systems
• A mechanism to share information in a human-readable, machine-actionable manner
What is CPTL?
Badger42.org
• Disparate sources of data
• Ontologies to facilitiate communication
• Data queries via URL
Cyber Physical Topology Language
Badger42.org
Motivation• Machine actionable semantics
• To facilitate communication
• Consistent data operation
Badger42.org
Observation
Researchers and practitioners – through network diagrams, documentation and publications – create domain-specific languages to solve specific problems
OntologyAn ontology is based on four finite sets of signature symbols .
Symbol Sets Description Examples
NC Set of concept names Switch, Relay, Breaker
NR Set of role names hasLine, hasConnection
NI Set of individual names SEL-relay-1a
NF Set of feature names 1,..100 or “control-center”, “springfield substation”
Ref: Krötzsch, Markus, Ian Horrocks, and Frantisek Simancik. A Description Logic Primer. No. arXiv: 1201.4089. 2012.
OntologyAn ontology is based on four finite sets of signature symbols .
The axioms of the ontology are defined using the above sets of concept, role, and individual names.
ABox axioms – properties of individuals e.g., Relay(SEL-relay-1a)
Symbol Sets Description Examples
NC Set of concept names Switch, Relay, Breaker
NR Set of role names hasLine, hasConnection
NI Set of individual names SEL-relay-1a
NF Set of feature names 1,..100 or “control-center”, “springfield substation”
Ref: Krötzsch, Markus, Ian Horrocks, and Frantisek Simancik. A Description Logic Primer. No. arXiv: 1201.4089. 2012.
OntologyAn ontology is based on four finite sets of signature symbols .
The axioms of the ontology are defined using the above sets of concept, role, and individual names.
ABox axioms – properties of individuals e.g., Relay(SEL-relay-1a)
TBox axioms – relationships between concepts e.g., DistanceRelay Relay
Symbol Sets Description Examples
NC Set of concept names Switch, Relay, Breaker
NR Set of role names hasLine, hasConnection
NI Set of individual names SEL-relay-1a
NF Set of feature names 1,..100 or “control-center”, “springfield substation”
Ref: Krötzsch, Markus, Ian Horrocks, and Frantisek Simancik. A Description Logic Primer. No. arXiv: 1201.4089. 2012.
OntologyAn ontology is based on four finite sets of signature symbols .
The axioms of the ontology are defined using the above sets of concept, role, and individual names.ABox axioms – properties of individuals
e.g., Relay(SEL-relay-1a)TBox axioms – relationships between concepts e.g., DistanceRelay RelayRBox axioms – properties of roles e.g., hasLine hasConnection
Ref: Krötzsch, Markus, Ian Horrocks, and Frantisek Simancik. A Description Logic Primer. No. arXiv: 1201.4089. 2012.
Symbol Sets Description Examples
NC Set of concept names Switch, Relay, Breaker
NR Set of role names hasLine, hasConnection
NI Set of individual names SEL-relay-1a
NF Set of feature names 1,..100 or “control-center”, “springfield substation”
Interpretation
The interpretation I maps the elements of the ontology (concepts, roles and individual names) to the domain of discourse.
Interpretationc
c
cc c c
cc c
cc
cc
c
c
c
c c
ccccc
cc
oo
o o
oo
o oo o o
oo oo
o
o o
o
o
o
ooooooo
ooo
1 11
14 2
315
41
915
1111 1
11
50
10
7
8
11
44
4
1015
1213
14 1113
15
1
11
1
1
1
1
1
1
1
1
1
1
1
1
NC – concepts are mapped to vertices; i.e. different iconsNR – roles are mapped to edges; i.e. line widthNI – individual names are mapped to vertices; i.e. different labelsNF – feature names are mapped to vertex attribute(not shown for brevity)
Interpretationc
c
cc c c
cc c
cc
cc
c
c
c
c c
ccccc
cc
oo
o o
oo
o oo o o
oo oo
o
o o
o
o
o
ooooooo
ooo
1 11
14 2
315
41
915
1111 1
11
50
10
7
8
11
44
4
1015
1213
14 1113
15
1
11
1
1
1
1
1
1
1
1
1
1
1
1
I = ( ∆I, ·I)∆I – vertices in graph·I – function mapping all the following:
o concept name (e.g., Bus) to subset of vertices o role names (e.g., hasBreakerConnection) to subset of edgeso individual names (e.g., SEL-relay-1a) to subset of verticeso feature names (e.g., onLocation) to vertex attributes (e.g., c,o)
(not shown in this example)
Bus
Bus
Bus
hasBreakerConnection
SEL-relay-1a
CPTL Core Ontology
ARPA-E Power Ontology
Badger State Estimation Ontology
Blade_1
Blade_2
TORSwitch_1
Blade_3
Blade_4
TORSwitch_2
MainSwitch
urn:cptl:cloud:cloudspace.network
Cloud InfrastructureProvider
(Cloudspace)
Badger42.org
Cloud Service Provider
(Streampics)
VM 3VM 2
VM 1 VM 5VM 6
VM 4
urn:cptl:cloud:streampics.network
Badger42.org
Cloud Service Provider
(Streampics)
Cloud InfrastructureProvider
(Cloudspace)
Blade_1
Blade_2
TORSwitch_1
Blade_3
Blade_4
TORSwitch_2
MainSwitch
urn:cptl:cloud:cloudspace-streampics.network
VM 3VM 2
VM 1 VM 5VM 6
VM 4
Badger42.org
• Red == Bad
• Yellow == Caution
• Green == It’s all goodBadger42.org
CPTL
Construct
Query
Ontology
Diagram renders in application
Construct
Query
Ontology
Capability
Badger
Badger Server
Browser
CPTL
12
Attribute
SecurityEstimator
Baseline
Entropy
Other
3
4
Data
Data
Data
StateData
Process
5 6
7
Construct
Query
Ontology
Capability
BadgerURN
Badger Server
Browser
CPTLURN
12
Attribute
NodeSecurity
State
Baseline
Entropy(Kerf)
Other
3
4
Data
Data
Data
StateData
Process
5 6
78
REQUEST:badger42.org/GETCAPABILITY?source_vertex_attr_type=urn-cptl-HOST-ipv4
RESPONSE: A list of capabilities formatted as text/json
[{ name: "urn:badger:get_hostip_dest_hostnames", description: "Given an IPv4 address, get the destination hostnames", source_vertex_attr_type = "urn-cptl-HOST-ipv4", target_vertex_attr_type = "urn-cptl-HOST-hostname" },
{ name: "urn:badger:get_host_dest_tldcounts", description: "Given an IPv4 address, get the top-level domain counts", source_vertex_attr_type = "urn-cptl-HOST-ipv4", target_vertex_attr_type = "urn-cptl-HOST-hostname" } ]
Badger42.org
CPTL Browser
REQUEST:badger42.com/service?name=urn:badger:get_host_dest_tldcounts_selected_vertex_attr_values =192.168.1.100,192.168.1.120
RESPONSE: A graph of the following format:
{[ {"id": 1, source1_vertex_attr_type: "urn-cptl-HOST-ipv4"} {"id": 2, source2_vertex_attr_type: "urn-cptl-HOST-ipv4" {"id": 3,
target_1_vertex_attr_type: "urn-cptl-HOST-tag-tldcount", target_1_vertex_attr_value: "com,44"}{"id": 4, target_2_vertex_attr_type: "urn-cptl-HOST-tag-tldcount", target_2_vertex_attr_value: "com,44"}],
EDGES: [{"source": 1, "target":4}, {"source":2, "target":4}] }
Badger42.org
CPTL Browser
Demo Time
import skills, sys, time, demofrom luck import *
now = time.time()demo = open(‘badger’ , ‘r’)
for blackhat in demo: print skills.haxor(daycon)else: print ‘WASTED!’
map.network-perception.com
State DATAInformation
BADGER42.ORGThanks
Github.com/bigezy/badger
Github.com/ITI/cptl-power Send your feedback
