Cyber Analysis System Toolkit: A high-fidelity, virtual cyber test-bed for network modeling and experimentation

There is a growing need to defend networked information systems from cyber-attacks. Cyber security analysis tools are key enablers in analyzing the attacks and developing defenses. In this paper, we present the Cyber Analysis System Toolkit (CAST), a high-fidelity, scalable, virtual test-bed for cyber systems modeling, experimentation and analysis. At the heart of CAST is the Common Open Research Emulator (CORE). CORE uses network emulation techniques that provide a high degree of modeling fidelity while maintaining network scalability. We use CAST to develop network emulations of a representative security model called Virtual Secure Enclaves (VSE). We evaluate different security model implementation options (including defense-in-depth concepts) for this illustrative example. The design options include combinations of firewalls and TLS VPNs, firewalls and IPsec VPNs, and defense-in-depth concepts that use multiple layers of these combinations. We use these models to analyze and quantify network performance metrics such as latency and throughput. For example, by adding two layers of TLS and IPsec VPNs, we see that latencies increase by ~400msecs for representative video traffic. We have also investigated latencies for a variety of traffic types. Our main contribution is a real-time, high-fidelity model of a representative 100-node operational network with embedded security features.