NEWS AT SEI
This article was originally published in News at SEI on: September 1, 2001
Simulation has long been a popular application within many computing environments, mainly because computers are quite good at handling repeating processes, often defined by what programmers or researchers can readily see. The biological sciences have evolution simulators, entertainment software companies sell simulations of the entire planet, computers can simulate other computer platforms. Most of these types of simulations proceed with known, assumed, or hypothesized information. But how do you simulate processes that are unobserved, ill defined, or virtually invisible?
The SEI is developing a general-purpose modeling and simulation language and tool called Easel that can be used to predict behavior in a seemingly uncertain world.
Easel can be used to simulate systems in which there are large numbers of interacting participants. In the real world, our critical infrastructures exhibit such properties: the Internet, electric power grids, telephone systems, the stock market, and emergency response systems all have large numbers of interacting participants that, individually, have limited visibility or knowledge of the larger system that surrounds them. It is often not possible to predict the viability of a system solely on the behavior of its individual participants. Easel helps to predict the interactions of systems, each with many actors.
Traditional security approaches that model systems with a small number of actors are inadequate to protect large scale, highly distributed systems—let alone "systems of systems." Lead developer David Fisher of the SEI says, "There’s a great difference between simulating systems by using 10 or 20 actors and using 100 or more. You need support for a large number of actors to have any relevance or application to the real world." A typical Easel application handles thousands of individual actors—the alpha version supports 75,000 actors, and future releases will support 100,000.
From the start, Easel was designed with flexibility and modularity in mind. Easel allows programmers or researchers to tailor the environment based on the scope of a particular project. The Easel language has been extended to support more commands. Its graphics subsystem supports multiple simultaneous views of the simulation as it plays out, from perspectives defined by the programmer. "This past summer, we set out to improve the alpha version by three measures: robustness, performance, and diagnostics," says Fisher. Plans are also in place to offer Easel to selected customers outside the SEI.
Potential Uses for Easel
At the core of Easel’s design lies the concept of survivability. A survivable system is one that fulfills its mission, in a timely manner, in the presence of attacks, failures, or accidents. At the CERT® Coordination Center, Easel is being used to study the response of networks to attacks and attack mitigation strategies. For example, one Easel demonstration predicts the effectiveness of software patching during a widespread computer virus event. As the simulation proceeds, it is possible to investigate what critical factors determine the outcome.
Easel can also model and monitor processes inherent in software development. The flow of artifacts through the software development cycle, for example, can be readily simulated with ordinary simulation packages. But Easel can simulate processes where interactions between actors have not been specifically defined. An Easel simulation can proceed in the presence of partial and imprecise information. For example, in a hypothetical traffic routing scenario, the researcher may not know exactly how many vehicles a particular road could realistically support in the face of extreme traffic congestion.
Within the Easel environment, such a scenario proceeds, not only providing information about the system, but also arming the researcher with a better hypothesis about the unknown pieces within that system. In this respect, Easel can simulate a larger set of less deterministic processes.
A Real World Application
One of the first complete Easel applications, a simulation for the Defense Advanced Research Projects Agency (DARPA), illustrates an emergent algorithm for location-independent IP routing within a survivable routing infrastructure. Another working demo depicts the coordinated movement of transportation vehicles over the infrastructure of a large city. Yet another simulates an emergency response scenario, in which ambulances carry patients to an array of hospitals.
Easel offers the potential to simulate the complex interdependencies at work in society. The importance to military planners resides in the interdependence of Department of Defense operations with that of private industry and critical infrastructure. By hosting "what-if" simulations and facilitating the study of cascade effects, Easel can expand understanding of information security and survivability for both critical infrastructure providers and the larger community.
Easel developers in the Networked Survivable Systems program welcome interested parties to the Easel project. Those who work in infrastructure assurance, particularly those with extensive knowledge of critical infrastructure systems, are encouraged to collaborate.