Emulation, Modeling, and Analysis
Introduction
The Emulytics™ program at Sandia National Laboratories is focused on the scientific pursuit of the understanding of the behavior of complex, distributed cyber system. Over the last decade, we have developed and has deployed a suite of cyber emulation, modeling, and analysis tools that support uses including predictive simulation, training, test & evaluation, and resilient system design.
The term “Emulytics” was coined by practitioners to capture the intent of these efforts – a holistic approach to system emulation and analytics.
Emulytics™ experiments provide safe and isolated environments to study and test computing and communications systems and to exercise and train cyber staff. Enterprise computing and control systems environments are well supported today and we are developing support for emerging mobile computing and Internet of Things environments. Emulytics environments scale well and can be deployed on systems as small as a laptop and on clusters with hundreds of high performance servers. Our methodologies support the application of the scientific method to the study of cyber systems, and our tools make it easier to design, deploy, and collect data from virtualized experiments rapidly, reliably, and repeatedly.
Capabilities
Performance Analysis: Explore the characteristics of a system of interest, without having to impact actual operations.
Mitigation Analysis: Explore how defensive measures, tactics, techniques, and procedures perform under a wide variety of circumstances, configurations, and environments.
Development Test Bed – Cyber Engineering: Rapidly explore and test system design alternatives using virtualized proofs of concept.
Exercise and Training Support: Create cyber training environments designed to prepare staff to meet specific mission needs.
Deception Networks: Virtualize key components of networks to provide dynamic and/or moving target defense.
Experimentation and Empirical Studies: Run carefully controlled experiments that reveal the behavior of complicated systems under rare or malicious circumstances.
Applications
Sandia’s Emulytics™ efforts focus on using orchestrated virtual machines and networks to enable solutions in three broad application areas:
Human in the Loop
Cyber teams must keep their skills up to date, and bringing new people on board can be an arduous and lengthy process.
There is a clear need for representative and scalable environments in which cyber teams can learn and rehearse in a safe, repeatable setting. Emulytics™ tools provide fast emulation, rapid environment setup and tear-down, and the ability to incorporate people in a natural way. That combination of features enables Emulytics™ to provide a cost effective approach to train cyber teams, test their readiness, and run expansive red/blue team exercises.
Predictive Simulation
How can we answer what-if questions about the behavior and performance of complicated computing and control systems we are interested in?
Emulytics™ tools allow a designer or researcher to create laboratory models of existing or proposed systems on which they can safely perform experiments and observe system behavior. Because these models are automatically instantiated, it is easy to examine many variants of a model by changing one or more parameters and re-running the model as many times as necessary. Experimentation enables one to answer performance questions, evaluate design alternatives, or test security and resilience of complicated and distributed systems under a variety of conditions. Sandia also has experience validating Emulytics™ experimental models. Validation seeks to answer the critical question “how credible is using a model for a particular purpose?
Real Time
Imagine a system that changes dynamically and reacts to an intruders presence, making it difficult for the intruder to navigate and extract information and characteristics of your system.
Sandia National Laboratories is pioneering advances in dynamic and moving target defense, leveraging our Emulytics™ platforms.