Transcription
Assessing modelling and visualisationcapabilities of modelling tools: limitationsand gaps of open-source modelling toolsUniversity of OuluDepartment of InformationProcessing ScienceMaster’s ThesisShikur Henok21.1.2015
2AbstractDue to the increasing number of Information Communication Technology (ICT)environments, security is becoming a concern for many researchers and organisations.Organisations have implemented different security measures to protect their assets.Different industries—such as power plants and water, oil, and gas utilities—are adaptingdifferent network modelling tools for guarding their assets and are preparing for incidentsthat might occur in the future. Modelling tools are very important for the visualisation ofcomputer networks. There are currently many modelling tools with different modellingand visualisation capabilities for computer networks.The aim of this research is to make a thorough assessment of the different modellingtools’ capabilities of modelling computer networks and visualising computer networkcommunication. Furthermore, it hopes to show areas for improvement in order to increasethe quality of modelling tools based on industry requirements.The research methodology of this research takes the form of a case study. First, the studyanalyses previous research in order to illustrate gaps in the literature, as well as identifyingthe strengths and weaknesses of existing network modelling tools.The empirical part of the research includes first, studying and evaluating seven opensource modelling tools based on different types of capabilities, this may limit thegeneralisability of the findings to some extent; and second, selecting four modelling toolsfor further study. Once four modelling tools were evaluated based on literature reviewsand the requirements set in this study, the top two open-source (OSS) modelling toolpackages were selected, downloaded, installed, and evaluated further.The criteria set to evaluate the four modelling tools in this research are based on therequirements provided by the European company nSense, which provides differentvulnerability assessments, security consulting, and training, and the existing literature.The evaluation of the tools resulted in the screens that were copied and presented in thisdocument for verification. Finally, the one tool which was the most suitable for furtherstudies, and which fulfilled most of the requirements set in this research, wasrecommended for further research.In total, four modelling tools were chosen for the evaluation, using different literaturereviews based on the requirements (see Appendix A) in this research. The results showedthat the two top modelling tools were OMNeT and IMUNES. After practical analysisof these tools, OMNeT was found to be the best tool based on the aims andrequirements of this research. Further, the study found that usability problems played alarge part in evaluating different modelling tools, which might have changed theoutcomes of the result. It can therefore be concluded that this type of evaluation is highlydependent on the evaluator’s knowledge and skill, as well as the usability of the tool.KeywordsModelling tools, visualisation, simulation, evaluation, usability, modelling capability,open-source software, computer networks
3ForewordI would like to thank my thesis supervisor MSc Sanja Aaramaa, and Professor SeppoPahnila, for their guidance and advice during this process. I would also like to thank PatrikAjalin and Teemu Mäkelä for their support during this thesis work. Last but not least, Iwould like to thank my family and friends for their unconditional support throughout mystudy.Shikur HenokOulu, Finland, 21 January 2015
4AbbreviationsACLAccess ListARPANETAdvanced Research Project Agency NetworkCORECommon Open Research EmulatorCSSClosed-Source SoftwareDARPADefense Advance Research Project AgencyDMLDomain Modelling LanguageDOSDenial-of-ServiceGMPLSGeneralised Multi-Protocol SystemGNU GPLGNU General Public LicenseGUIGraphical User InterfaceICTInformation Communication TechnologyIDEIntegrated Development EnvironmentIMUNESIntegrated Multiprotocol Network Emulator/SimulatorIPInternet ProtocolITInformation TechnologyJNIJava Native InterfaceLANLocal Area NetworksMACMedia Access ControlMiXiMMixed SimulatorNEDNetwork DescriptionNSNNokia Solutions and NetworksNS-3Network Simulator 3OMNeT Objective Modular Network Test bed in C OSPFOpen Shortest Path FirstOSIOpen System InterconnectionOSSOpen-source Software
5SNMPSimple Network Management ProtocolSSFNeTScalable Simulation FrameworkTCPTransmission Control ProtocolUDPUser Data ProtocolVLANVirtual Local Area NetworksVPNVirtual Private NetworkWANWide Area Networks
6ContentsAbstract . 2Foreword . 3Abbreviations . 4Contents . 61. Introduction . 71.1 Objective . 81.2 Problem motivation . 81.3 Research questions and methodology . 91.3.1 Case study research . 91.4 Research process . 101.5 Structure of the thesis . 122. Background . 122.1 Computer network visualisation . 132.2 An overview of models and modelling tools . 142.2.1 Modelling methods . 152.2.2 Modelling techniques and modelling tools . 162.3 Modelling tools in network communication . 162.3.1 Simulation and modelling . 182.3.2 Network simulators . 193. OMNeT . 203.1 Modelling capability . 213.2 Usability and cost of the license. 224. Network Simulator 3 (NS-3) . 224.1 Modelling capability . 234.2 Usability and cost of the license. 245. SSFNeT (Scalable Simulation Framework) . 245.1 Modelling capability . 245.2 Usability and cost of the license. 256. IMUNES . 256.1 Modelling capability . 266.2 Usability and cost of the license. 267. Evaluation . 277.1 Modelling capabilities . 277.2 Evaluation of modelling tools . 277.2.1 OMNeT : Modelling capability . 287.2.2 Network Simulator 3 (NS-3) . 317.2.3 SSFNeT . 337.2.4 IMUNES . 357.3 Comparison . 378. Modelling using case computer network model . 398.1 Modelling in OMNET . 418.2 Modelling in IMUNES. 468.3 Findings . 509. Discussion . 5210. Conclusion and limitations. 55References . 57Appendix A . 64Requirement template . 64Requirement list . 64
71. IntroductionToday’s organisations depend on ever-increasing amounts of information, which must becommunicated accurately, securely, and quickly. Due to the increasing number ofInformation Communication Technology (ICT) environments, security is becoming aconcern for many researchers and organisations. Organisations have had to implementdifferent security measures to protect their assets. Security is an architectural concern thatuniquely cuts across all levels of the system (application, middleware, operating systems,and hardware), requiring intra- and inter-level validation of security (Hansson, Feiler, &Morley, 2008). Security also has immediate effects on the runtime behaviour of thesystem: specifically, other dependability attributes, such as creating delays and extraoverhead, might lead to more energy consumption and could potentially affect theperformance of the network. Thus, in many industrial systems, security is a concern evenin everyday tasks. (Kyriazanos, Prasad, & Patrikakis, 2008)Different industries—such as power plants and water, oil, and gas utilities—are adaptingdifferent network modelling tools for guarding their assets. Such modelling tools help tobe prepared for any incident that might occur in the future, such as computer networksecurity breaches or hardware failures in the industry’s computer network. Modellingtools are very important for the visualisation of computer networks. There are currentlymany modelling tools that have different modelling and visualisation capabilities forcomputer networks. Modelling is important in any human constructive work activity. Incomputer communication, visualisation of computer networks allows any user to easilyanalyse and contemplate information about hosts, services, and routing in the network.Thus, modelling tools plays a vital role in designing, simulating, and monitoring thenetwork environment. These modelling tools are used for modelling of different IT(Information Technology) infrastructures based on the available information in thedomain area from entities such as computers, routers, and switch components. Acomputer network is a very complex combination of protocols, applications, andprocesses. The only practical way to handle this kind of complexity is to use modellingtools. (Rahman, Pakštas, & Wang, 2009)Network security consultants use different modelling tools for assessing and consultingdifferent organisations’ computer networks. In addition, they use modelling tools toobtain a model of a computer network before the actual implementation of the network.Modelling tools allow network security consultants to easily construct and viewinformation about the network infrastructure by visualising the computer network. Thereare different network modelling tools in the market today: open-source (OSS),proprietary, and commercial products. These network modelling tools have their ownways of visualising and modelling a network. Visualisation of a network with modellingtools therefore has not been an easy task for network consultants due to the modelling andvisualising capability constraints on the modelling tools. Every modelling tool has adifferent set of rules that allows network security consultants to use their knowledge andperception to model, assess, and consult about a computer network. In addition, eachmodelling tool has its own advantages and disadvantages in its functionality and usability.Models are used for expressing, designing, and understanding existing computernetworks as well as creating new ones. (Börstler, Kuzniarz, Alphonce, Sanders, &Smialek, 2012)The increasing competition between different companies, such as Juniper, Cisco,Ericsson, and NSN (Nokia Solution and Networks), as well as among the open-source
8community, has played a key role in the creation of many open, commercial, andproprietary modelling tools. Modelling tools have different advantages in manyindustries’ daily processes, such as the ability to conduct exercise scenarios, and theability to test system security and performance. These advantages are achieved byvisualisation, monitoring, and modelling of computer network infrastructure. Networksecurity consultants use different modelling tools to gain insight into computer networkbehaviour. So far there has not been one single modelling tool that can fulfill all of themodelling requirements required by industries, such as providing detailed visualisationof a network, visualisation of each communication within a network, and the allowednetwork communication within a network. (Kasch, Ward, & Andrusenko, 2009)1.1 ObjectiveThe main objective of this research is to make assessments of different modelling tools’capabilities of modelling computer networks and visualising computer networkcommunication. Furthermore, this paper will give broader insights into differentmodelling tools that are used for visualisation and modelling of computer networkinfrastructure. In this research, a case study research method was conducted in which theselected tools were evaluated. The expected outcome is to first identify the capabilitiesand limitations of the modelling tools, and second to suggest a tool that could be furtherdeveloped in order to meet industry requirements based on that assessment.1.2 Problem motivationICT operators face very high management costs; they are forced to use differentmanagement tools to control the working domain area. One of the most commonmanagement tools used by network security consultants is the modelling tool. Modellingtools play an important role by visualising, modelling, and monitoring of the ICTenvironment. The industry currently lacks one single modelling tool which could modeland visualise entire computer networks situation. There are many challenges inheterogeneous management systems, a system that contains hardware and softwareworking together, including design challenges, task acquisition, system development, andmanagement. Even though network operators are adapting different modelling tools forperforming everyday tasks, selecting the appropriate modelling tool based on financialand organisational structure has been difficult for most organisations (Fuggetta, 2003).This research focusses on assessing different modelling tools and selecting the currentbest available modelling tool that can be used to visualise computer communicationsbased on given industry requirements.Starting point for the research is, a European Company called nSense (https:// www.nsense.net/) that was involved in this research, and that provides different vulnerabilityassessments, security consulting, and training, is currently looking for a modelling toolthat the company could use to visualise and generate a real-time computer network model.Based on the decisions with the representatives of nSense in order to assess differentmodelling tools, nSense listed twenty-three requirements that the tool had to include inits functionality. The requirements included twelve compulsory functions and eleven‘nice to have’ functions. In this research, twelve compulsory requirements were chosento analyse the existing tools; this number of requirements was believed to be sufficientenough to differentiate the capabilities of the tools from each other. In this research, ifthere were too many similarities between the tools based on those twelve requirements atthe end of the comparison period, the remaining requirements would have been addedand further studied.
9From the network communication perspective, there are different open-source,proprietary, and commercial network modelling tools to choose from; this researchfocusses on open-source modelling tools. Open-source modelling tools are software thatcan be freely studied and modified, and their source code can be freely distributed (Gupta,Ghonge, Thakare, & Jawandhiya, 2013). This study’s interest in open-source products ismotivated by:1. Most commercial products are expensive, and require specific and costly training. Thusthe costs of tools that have to be purchased to manage and control an organisation is animportant additional cost and burden on the organisation’s business and research. Inaddition, the customisation of commercial products might bring legal issues, which mostof the time prevent the product from being further developed;2. Because the open-source community consists of a vast number and variety of experts,it has strong support and a fast pace of development. (Dooguy Kora & MoindzeSoidridine, 2012)On the other hand, one of the limitations of using open-source tools is that they do notalways provide all the necessary functions. In addition, the complexity of open-sourcetools has always been problematic compared with commercial or proprietary modellingtools (Paulson, Succi, & Eberlein, 2004). To overcome these issues and to select thecurrent best available modelling tool, this study analyses different open-source modellingtools and suggests a single modelling tool for further development. As mentioned earlierby selecting open source tools may limit generalisation of the findings.1.3 Research questions and methodologyIn order to maintain a well-focussed study, a number of research questions were draftedas a guide to the study. Thus, the current study aims to examine different networkmodelling tools with two focussed research questions: ‘What are the limitations inexisting network modelling tools?’ and ‘What are the gaps in open-source modellingtools?’ In this research, answering these two questions will help unveil the areas that needimprovement in the area of computer network modelling tools.To answer the research questions, a case study research methodology was used. First, thisstudy analysed literature with the anticipation of exposing gaps in the literature, as wellas identifying the strengths and weaknesses of existing computer network modellingtools. As a result, the current literature review will give a broader view of modelling toolsin computer networks; this will inform both research communities and practitioners.1.3.1 Case study researchA case study should be used when there are different cases which should be examinedand studied (Verner, Sampson, Tosic, Bakar, & Kitchenham, 2009). Case studies providea way to evaluate different data, information, and systems, and to present the results in asystematic way. In addition, case studies are becoming more popular, not only forassessing different phenomena but also for observing and explaining different cases. Casestudies take different forms, depending on their purpose and strategy; they can bedescriptive, explanatory and exploratory, or evaluatory (Verner et al., 2009).There are different strategies for doing social science research experiments, surveys,archival analyses, histories, and case studies. Each strategy has its own advantages anddisadvantages, depending on the type of research question, the control over the actual
10event being investigated, and the focus on current (as opposed to historical) phenomena.Case studies are preferred when a ‘how’ or ‘why’ question is asked about contemporaryevents, the investigator has little or no control over the events, and/or the research focusis on real-life contemporary phenomenon. This study not only seeks to evaluate ‘why’ or‘how’, but also ‘which is better’. Thus, in this research the study focusses on the ‘which’type of case study. Furthermore, this research studies evidence such as documents,experiments, and observations, which gives case studies a unique strength over othermethodologies. (Yin, 2002) ‘The essence of a case study, the central tendency among alltypes of case study, is that it tries to illuminate a decision or set of decisions: why theywere taken, how they were implemented, and with what result’ (Schramm 1971, emphasisadded).There are three ways to collect data in case study research, as Lethbridge, Sim, and Singer(2005) explain. The degree level can be direct (e.g., interviews, direct contact with thesubject, and collecting data in real time); indirect (e.g., tool instrumentation, which isusually observed through video recording); or independent (e.g., documentationanalysis). Due to the lack of availability of interviewees who are currently using anddeveloping the open-source tools selected in this research, this study will focus mainlyon two methods of data collection: the first (direct) and third (independent) degrees.1.4 Research processFigure 1 shows how the research process was conducted. In this research, currentavailable modelling tools, including both commercial and open-source, were initiallyresearched. The selection criteria were based on the licensing issues of the modellingtools. Because commercial products such as OPNET, XNetMod, NetRule, and othershave commercial licenses, they were not considered for further study (Rahman et al.,2009). The next step was to focus on open-source modelling tools and search currentavailable open-source modelling tools from different databases. The university databasesIEEE Electronic Library, ACM Digital Library, and Scopus were the main databases forthis research; in addition, Google Scholar search engine and other web sources were used.There are many open-source modelling tools currently on the market, but only sevenopen-source modelling tools were considered for this research. Some of the modellingtools are NS-2, NS-3, OMNeT , J-SIM, IMUNES, SSFNeT, Cloonix, CORE (CommonOpen Research Emulator), GNS3, Mrionnet, Mininet, and Psimulator2 (Linkletter, 2015;Puljiz & Mikuc, 2006; Soni & Prakash, 2014). The number of open-source modellingtools chosen is not for any specific reason except that it seemed sufficient enough for thisresearch. Based on the set of requirements (Table 1), four open-source modelling toolswere selected for further study. The next step was to conduct a literature review on eachof the selected modelling tools. Based on the literature review and the requirements set(Appendix A), comparisons were made between the modelling tools. As a result, the toptwo modelling tools were selected (Table 2) for further study using case model (Figure8). The case model, constructed for the modelling tools test, considers and includes thenecessary models and sections that most office computer networks need.
11Figure 1. Research process diagram
121.5 Structure of the thesisBefore continuing to the assessment of the modelling tools, the reader needs to beacquainted with the models, modelling tools, and their uses. This will be followed by thepresentation of the case study and a discussion of how to improve the tools. Chapter 1’sintroduction section includes the objective, the motivation for the problem, and theresearch question, followed by the research methodology and research process. Chapter2 provides background knowledge on network visualisation, models, and modelling tools;it also provides an overview of modelling tools, techniques, methods, and modelling toolsfrom the network communication perspective. Simulation and modelling interrelation arealso discussed in Chapter 3 -6, including different modelling tools, along with a generaloverview of the main functionalities of these tools. The main purposes of these tools andtheir uses are presented afterwards.The evaluation method is presented in Chapter 7. The assessments of the capabilities andshortcomings of these tools are based on this chapter. Chapter 8 shows the evaluation ofthe selected modelling tools, using the case model, and discusses the findings. Theinformation presented here is based on the case model and identifies requirements formodelling tools. Chapter 9 includes a discussion and conclusion of the study’s findings,as well as suggestions for future development.2. BackgroundThe recent increase of Internet networking has created an enormous variety of problemsrelated to security, routing, resource usage, and management. One of the reasons to studydifferent policies and algorithms in network communications is to address such problems.The construction of models of actual computer networks’ infrastructure is one method ofpreventing the security pitfalls that can occur in the computer network domain area. Themain reason to study different computer network modelling tools in computer networksis that computer networks are constantly expanding in size and complexity, and it isexpensive to monitor and manage such complexity without adequate tools. In computernetworks, by using different modelling tools, the efficiency and quick solutions of realtime computer networks can be exploited (Calvert, Doar, & Zegura, 1997).Different modelling tools are available today that may be used to model and visualisedifferent computer network infrastructures. Visualisation improves networkinfrastructure management, therefore visual representation of computer networks playsan important role in computer network monitoring. The increase of computer viruses andattacks against computer systems everywhere illustrates that computer security hasbecome one of the biggest issues facing organisations everywhere. One of the main usesof modelling tools is to model and provide information about the behaviour of the networkinfrastructure. This information helps experts such as computer network securityconsultants to detect and prevent future computer network attacks to the system. Due tothe growth of computer networks, the quantity of data that needs to be analysed isincreasing tremendously, creating a job for security consultants that at times can be vastand incomprehensible. By using modelling tools that provide the visualisation ofcomputer data, security consultants can achieve practical solutions and obtain an easyway to analyse the data within a short amount of time. It is often desirable to display data
13visually, due to the powerful visual capabilities of humans (Savola & Heinonen, 2011).Data can be presented by many methods, but there is no more powerful method thanpresenting data using visual data maps. Thus, the visualisation of computer networksplays a leading role in the monitoring and analysis of data in any organisation.This study focusses on the capabilities and limitations of those modelling tools which canbe used for visualising, modelling, and monitoring computer networks in relation to thespecified requirements. Some of the requirements include the visual representation of theentire computer network, and the display of internal communication on the port andprotocol levels. In addition, these tools have to visualise what would be affected in thecomputer network’s architecture if there were changes made at the protocol level.2.1 Computer network visualizationCommunication network behaviour should be easily understood by operators and users.This understanding should be accurate, efficient, and time-saving, especially when thecomputer network periodically increases in size. The monitoring of computercommunication is a complex task, especially when there are large sets of data that needto be monitored that vary and increase in time. These monitoring operations include faultreports, device status, and utilisation of the resource. There have been different methodsfor analysing and presenting large amounts of data; visualisation is one method ofpresenting large sets of data or complex relationship between de
heterogeneous management systems, a system that contains hardware and software working together, including design challenges, task acquisition, system development, and management. Even though network operators are adapting different modelling tools for performing everyday tasks, selecting the appropriate modelling tool based on financial
