Security Analyst Dashboard. A dashboard for cyber-physical system design and analysis.
Georgios Bakirtzis, Brandon Simon, Cody Fleming, and Carl Elks, “Looking for a Black Cat in a Dark Room: Security Visualization for Cyber-Physical System Design and Analysis,” IEEE VizSec 2018 [proceedings, preprint, talk]
Rationale. Georgios Bakirtzis, Garrett Ward, Christopher Deloglos, Carl Elks, Barry Horowitz, and Cody Fleming, “Fundamental Challenges of Cyber-Physical Systems Security Modeling” IEEE/IFIP DSN 2020 [proceedings, preprint]
The dashboard works in conjunction with cybok-cli & graphml_export—which produce the data requirements for this project.
The following are required to run the dashboard: Java JDK 8, Python >=3.6.4 and the rest of cybok-cli’s prerequisites.
The following script will automatically initialize
the cybok-cli submodule, compile the code if needed,
and start the security analyst dashboard.
Windows:
$./build_and_run.batGNU/Linux or macOS:
$./build_and_run.shOnce running the dashboard first checks two things: (1) that a correct version
of python is installed and (2) that a correct installation of cybok-cli exists
within the repo.
In the event that either of those checks fail, the dashboard will terminate.
At first launch, the user is prompt to update the data requirements
of cybok-cli.
If the data does not exist, it populates the correct structures
within cybok-cli.
(Unfortunately both these actions take some time at the moment, please be patient.)
Without this step the dashboard will not operate properly.
The dashboard is agnostic to modeling tool as long as a GraphML file is provided. There are two types of models that input into the dashboard: (1) system topology graph and (2) specification graph. The specification is optional; that is, only the system topology graph is necessary.
For the system topology graph model you can look at this paper:
Georgios Bakirtzis, Bryan T. Carter, Carl R. Elks, and Cody H. Fleming, “A Model-Based Approach to Security Analysis for Cyber-Physical Systems,” IEEE SysCon 2018 [preprint, proceedings]
Briefly the following schema is used for the system topology:
| Attribute | Description |
|---|---|
| Entry Points | How external devices interact with the system |
| Software | What software the vertex uses |
| Firmware | What firmware the vertex uses |
| Operating System | What operating system the vertex uses |
| Device | The device name that the vertex is |
| Communication | What protocol is used in an edge |
and this one for the specification graph
| Attribute | Description |
|---|---|
| Type | Type of requirement; Structure, Mission, or Function |
| Description | Description of the requirement |
For specifics on writing such GraphML files you can look in the data folder.
| Button | Description |
|---|---|
Load Topology | File loading dialog to select the topology and (optionally) the system specification file |
Attack Surfaces | Toggles the visibility of attack surfaces on the topology graph |
Analysis | Performs the Attack Vector analysis on the topology graph using cybok-cli |
Show Deleted | Toggles the visibility of deleted attack vectors in the attack vector space and tree views |
Show Hidden | Toggles the visibility of hidden attack vectors in the attack vector space and tree views |
Show CVE | Toggles the visibility of CVE attack vectors in the attack vector space and tree views |
Add to Bucket | Adds all the selected attack vectors to the bucket |
Delete Attacks | Deletes all the selected attack vectors |
| Command | Description |
|---|---|
CTRL+S | save node positions of the selected graph to a file |
CTRL+L | load node positions of the selected graph from file |
CTRL+E | exports the selected graph as a .graphml file |
CTRL+F | freeze/unfreeze auto layout |
CTRL+G | (attack vector space) grows the current selection (selects the nodes related to it) |
CTRL+B | (attack vector space) adds the selected nodes to the bucket |
CTRL+I | (attack vector space) opens a panel with additional information of the selected node |
CTRL+A | (bucket) selects all visible nodes |
DEL | deselects the current selection |
DEL | (bucket) removes all checked entries from the bucket |
Georgios Bakirtzis (bakirtzis@virginia.edu) bakirtzis.net
Brandon Simon (simonbj@vcu.edu)