ADVISE Bank Robbery Tutorial

Introduction

Scenario

Universal Galactic Bank is located in a downtown metropolitan area, nestled among large skyscrapers and office parks. The bank performs the standard banking operations that a modern-day bank provides. It has a drive-through teller, an outdoor ATM machine, an indoor lobby with tellers, safe deposit boxes, a vault, and meeting offices where clients may conduct other business (e.g., arrange loans). The vault is protected by a thick titanium door with a sophisticated electronic combination lock. The combination is known by the head manager for day-to-day operations, and it changes daily. There are security guards who run a front desk at the entrance of the bank. One guard also monitors security cameras from a central film room. The security cameras watch the front door, the main lobby, the tellers, the vault door, and the inside of the vault. Public infrastructure tunnels run underneath the bank. There are roof access points at the stairwells and the HVAC exhaust ducts on the roof. There is also an alarm system to summon the police. Unauthorized access from the roof or through the front door will set it off. The guards may also manually pull the alarm.

Explanation

The above scenario describes a fictitious bank that will be central to this tutorial. You will create an ADVISE model to model adversaries who would like to achieve a variety of goals. The scenario is open-ended to allow you to use your creativity in coming up with ways a robber could attempt to pull off a heist. The tutorial will walk you through the beginning steps of building a model and giving attributes to the adversary, with the end goal of running a simulation of an attack on the bank. The tutorial uses an insider threat (a compromised teller) and a con artist as two adversaries. The first two models deal with the insider threat attack, while the final model incorporates the con-artist attack vector.

Topics Covered

• Creating an attack execution graph.
  • Knowledge.
  • Steps.
  • Goals.
• Defining attack steps.
  • Defining state-dependent attributes on attack steps.
• Defining an adversary.
• Composing the ADVISE model with other atomic models.
• Defining reward variables on an ADVISE model.
• Using a study to create several experiments.
• Simulating an ADVISE model.

Part 1

Prerequisites

Install the Möbius tool by following the instructions in the Installation section of the wiki. To create ADVISE models, you will need Möbius version 2.5 or greater.

Topics Covered

• Adding nodes to the Attack Execution Graph.
• Connecting nodes with arcs.
• Editing node attributes with the Node Details View.
• Defining adversary preferences.
• Defining initial knowledge.
• Defining goals with associated payoffs.
• Defining a reward model for an ADVISE atomic model.
• Defining a study for an ADVISE atomic model.
• Running a simulation for an ADVISE atomic model.

Process

Part A - Defining the Attack Execution Graph

We begin by creating a new project.

1. Launch the Möbius tool.
2. From the Möbius main menu, click on "Project" and select the "New" menu item from the drop-down list.
3. The "Create New Project" dialog box will appear. You can enter the project name, the author(s) working on the project, and a general description of the project. For this tutorial, we will name the project "BankRobbery".
4. Select the "Finish" button to create the project.
5. Note that you can right-click on the "Open Projects" folder in the "Möbius Project Manager" window. A submenu will pop up. You can select "New Project" to get to the same "Create New Project" dialog.
6. You should see a "BankRobbery" folder under the "Open Projects" folder. The "BankRobbery" folder will contain the following subfolders: "Atomic," "Composed," "Reward," "Study," "Transformer," and "Solver."

Defining the attack execution graph.

Checkpoint Diagram 1-1

1. Create a new ADVISE atomic model called "robbery".
   1. Right-click on the "Atomic" folder and select "New". The "Create New Project Component" dialog box will appear.
   2. Select "ADVISE Model" from the list of component types.
   3. Next, move to or select the "Component Name" text box. You can move to the "Component Name" text box by using the tab key.
   4. Enter the name "robbery".
   5. Click "Finish."
2. The ADVISE editor window will pop up. The ADVISE editor consists of two parts: the "Attack Execution Graph" and "Adversary" editors. The different parts are selected by clicking on the tabs at the bottom left corner of the window. The default view is the Attack Execution Graph editor.
3. Along the left side of the Attack Execution Graph editor is a palette of tools used to create the attack execution graph. Note that if you click on the small triangle next to the word "Palette," the palette tool window will shrink to hide itself. You can click on the small triangle again to expand the hidden palette window.
4. Add a knowledge node named "Insider Knowledge" to the canvas.
   1. In the Attack Execution Graph editor, left-click the "Knowledge" item in the palette bar.
   2. Left-click a spot on the white canvas on the right side of the Attack Execution Graph editor window.
   3. A green circle should appear on the canvas, and the "Node Details" dialog should appear on the right side of the canvas. In the "Description" field, enter the name for the node, "Insider Knowledge". Notice that while we have a space in our description, the "Code Name" does not. If you are going to refer to this node in code, you must use the "Code Name".
5. Add an attack step named "Write Down Account Information" below the "Insider Knowledge" node. Follow the same basic steps as you did in creating the knowledge node. Note that the "Node Details" dialog now contains a lot more fields. We will come back to fill out the various fields later.
6. Add a second knowledge node named "Customer Information" below the attack step.
7. Add a second attack step named "Impersonate Customer To Obtain Money" below the second knowledge node.
8. Add a goal named "Money" below the second attack step.
9. Create an arc from the first knowledge node to the first attack step.
   1. Click on the "Connection" item in the palette.
   2. Click on the knowledge node "Insider Knowledge" on the canvas.
   3. Click on the attack step node "Write Down Account Information" on the canvas.
10. Create an arc from the first attack step to the second knowledge node.
11. Create an arc from the second knowledge node to the second attack step.
12. Create an arc from the second attack step to the goal.
13. Verify that your AEG now looks similar to the one in Checkpoint Diagram 1-1.
14. Click on the attack step called "Write Down Account Information" to bring up the "Node Details" view.
15. Define the cost of this attack to be 0.
    1. In the "Attack Cost" section, enter

       return 0;
       

       in the code box.
16. Set the attack execution time to be deterministically 5 time units.
    1. Move down to the "Attack Execution Time" section.
    2. Change the "Distribution" drop-down to read "Deterministic".
    3. In the Value tab, enter

       return 5;
       

       in the code box.
17. Set the precondition expression to require the adversary to have the Insider Knowledge knowledge, but not already have the Customer Information knowledge.
    1. Move down to the "Preconditions" section.
    2. Enter the following code in the code box:

         return (!CustomerInformation->Mark() && InsiderKnowledge->Mark());
       

18. Move down to the "Outcomes" section.
19. Verify that the number of outcomes is 1.
20. Define the "Success" outcome. The "Success" outcome should be the only outcome of this step, so its outcome probability can be set to 1. The risk of detection for this outcome is 0.1. The effect of this outcome is that the adversary will gain the "Customer Information" knowledge.
    1. Change the "Name" field to "Success".
    2. Enter

       return 1;
       

       for the outcome probability.
    3. Enter

       return 0.1;
       

       for the detection probability.
    4. Enter the following code in the "Effects" code box:

         CustomerInformation->Mark() = true;
       

21. Click the "Impersonate Customer To Obtain Money" attack step.
22. Define the attack cost to be 0.
23. Define the attack execution time to be deterministically 10 time units.
24. Define the preconditions to require the adversary to have the Customer Information knowledge, but not already have the Money goal.
25. Define two outcomes for the attack step.
    1. The first outcome should be called "Failure" and have an outcome probability of 0.3, a detection probability of 0.9, and no effect (leave the "Effects" code box empty).
    2. The second outcome should be called "Success" and have an outcome probability of 0.7, a detection probability of 0, and the effect that the adversary gains the Money goal. Enter the following code in the "Effects" code box:

         Money->Mark() = true;
       

26. Save the model by clicking "File" -> "Save."
27. If any errors are reported, check the troubleshooting section or email the Mobius users mailing list.

Part B - Defining the Adversary

The attack execution graph has now been defined. Next we define the adversary for the model.

1. Switch to the Adversary Editor tab.
2. Change the name to "Bank Employee".
3. Change the planning horizon to 2. That means that the adversary can consider up to two attack steps into the future when determining the most attractive step to attempt next.
4. Change the "Preference" weights.
   1. Change the "Cost" to be 0. This means the adversary doesn't care about costs at all (you may have noticed that our attack steps have no cost).
   2. Change the "Detection" to be 0.2. This means the adversary cares a little about not being detected.
   3. Change the "Payoff" to be 0.8. This means the adversary cares mostly about getting a good payoff.
5. Add the "Insider Knowledge" to the set of initial knowledge.
   1. Click the "Add..." button in the "Knowledge" section.
   2. Select the "Insider Knowledge" item on the left.
   3. Click the ">" button.
   4. Note that the "Init Value" for "Insider Knowledge" defaults to the value one (or true). For the Bank Employee adversary, this value is what we want as the bank employee already has insider knowledge (hence value 1). If the adversary was external, we would have to change this value to zero and the adversary would have to gain this information through some type of attack step.
   5. Click the "Finish" button.
6. Add the "Money" goal to the set of goals, with a payoff of "1000".
   1. Click the "Add..." button in the "Goals" section.
   2. Select the "Money" item on the left.
   3. Click the ">" button.
   4. Click the "Payoff" column of the "Money" item on the left to change the value from 0 to 1000.
   5. Click "Finish."
7. Save the model.

Congratulations on creating your first ADVISE atomic model! This is a very simple example meant to get your feet wet, and the values have been selected to ensure that you can see some results in the simulation.

Part C - Defining the Reward Model

Let's create the remaining pieces of this Möbius model. These steps are done the same way as the normal Möbius distribution, so we'll describe them at a higher level. If you're new to Möbius, please review the Möbius tutorial in the Möbius Manual.

1. Create a new "Performance Variable" reward model named "robberyRM".
2. Add a new variable called "k_insider".
   1. Define the rate reward to be:

        return robbery->InsiderKnowledge->Mark();
      

   2. In the "Time" tab, define the timing to be an instant of time with an incremental range. The range should be 0-60 with a step size of 5.
3. Add a new variable called "k_custinfo".
   1. Define the rate reward to be:

        return robbery->CustomerInformation->Mark();
      

   2. Define the timing to be an instant of time with an incremental range. The range should be 0-60 with a step size of 5.
4. Add a new variable called "g_money".
   1. Define the rate reward to be:

        return robbery->Money->Mark();
      

   2. Define the timing to be an instant of time with an incremental range. The range should be 0-60 with a step size of 5.
5. Save and close the reward model.

You now have a reward model for your ADVISE atomic model that measures the state of each knowledge item and goal at 5-time-unit intervals. This should give you a rough view of how the adversary will progress through the model.

Part D - Defining the Study

1. Create a new "Range Study" called "robberyStudy".
2. Save and close the study.

Since no global variables are defined in our model, we simply need to create an empty study.

Part E - Running the Simulation

1. Create a new simulation called "robberySim" in the "Solver" folder.
2. Click on the "Run Simulation" tab and click the "Start Simulation" button.
3. Wait for the simulation to complete; you should now be looking at the "Results" tab.
4. Scroll down to see the mean values of the three reward variables at the various time points.
5. Values should be similar to these results.

You should notice that the k_insider is 1.0 from the very beginning because the adversary has that knowledge as part of their initial knowledge, and at no point during the execution do they lose that knowledge. The k_custinfo becomes 1.0 at time 5 because the first attack step always takes 5 time units to complete and always results in the adversary's gaining the "Customer Information" knowledge. The "g_money" reward variable begins to show us some more interesting information. At time point 15, we begin to see that there is a 70% chance that the adversary will have attained the goal. Because the chance that the success outcome will be chosen in the "Impersonate Customer To Obtain Money" step is a uniform 0.7, that makes sense. The values then proceed to increase over time as the adversary is given additional chances to perform that step if they fail on initial attempts.

Review

The model you just created contains two pieces of knowledge, two attack steps, and a goal. This simple model is intended to demonstrate how knowledge is acquired and goals are achieved by the adversary in performing attack steps.

The model is executed by considering the available attack steps (steps with preconditions that evaluate to true) in the model and choosing the most attractive step to take based on the interests of the adversary. In the beginning, the "Write Down Account Information" (WDAI) and "Do Nothing" (DN) attack steps are available. The attractiveness of the WDAI step turns out to be greater than that of the DN step, so the WDAI is chosen to be attempted. Since there is only a single outcome, in the WDAI step, it is chosen, and the adversary gains the "Customer Information" knowledge. At this point, the "Impersonate Customer To Obtain Money" (ICTOM) step and the DN step are available. The attacker now finds the ICTOM step to be more attractive and attempts it. Now, there is a chance that this attempt will fail or succeed based on which of the two outcomes is chosen. In the event that the step fails, the state doesn't change, and the attacker will try again. If the attacker succeeds, the "Money" goal is attained, and the attacker will perform the DN step from that point forward.

It is important to recognize that the determination of the most attractive attack steps is deterministic based on state. The stochasticity of the model comes from the selection of outcomes when an attack step is attempted. A common problem people run into when creating their own models is that the attacker reaches a point (often at the beginning) at which it determines that the most attractive step is the "Do Nothing" step. Once the attacker has chosen the "Do Nothing" step (assuming that the "Do Nothing" step does not change the state), the attacker will always choose the "Do Nothing" step.

You can watch the selection of attack steps by examining the simulation trace.

Troubleshooting

Information will be added to this section if common problems are reported.

If you haven't found a solution to your problem, please email the Möbius users mailing list.

Part 2

Prerequisites

This part of the tutorial builds on the previous part. Before starting on Part 2, be sure that you have correctly completed Part 1. Alternatively, if you'd like to skip Part 1, you can download and use this project, which is the BankRobbery project as it appears after Part 1 has been completed.

Topics Covered

• Editing an attack execution graph.
  • Access.
  • Skill.
• Editing an adversary profile.
  • Defining skill proficiencies.
• Using global variables.
• Defining experiments in a study.

Process

Part A - Expanding the AEG

Checkpoint Diagram 2-1

1. Open the "BankRobbery" Möbius model.
2. Right-click on the "robbery" atomic model and select "Copy."
3. In the "To" column, enter the name "robbery2" and click "OK."
4. Click "No" at the next prompt.
5. Open the "robbery2" atomic model.
6. Add a skill called "Sneaky Skill" next to "Insider Knowledge."
7. Add an access called "Teller Access" next to "Insider Knowledge."
8. Connect both the new skill and the new access to the WDAI attack step.
9. Verify that your diagram looks similar to the one in Checkpoint Diagram 2-1.
10. Select the WDAI attack step and edit its details
    1. Change the precondition expression to the following:

  return !CustomerInformation->Mark() && TellerAccess->Mark() 
      && (InsiderKnowledge->Mark() || SneakySkill->Mark() >500);

Part B - Expanding the Adversary Profile

Since we are adding more nodes to the AEG, you also need to update the adversary profile. We are going to set up the atomic model so that we can vary the adversary's proficiency level and whether or not it has the "InsiderKnowledge" in the study. That will require us to use some global variables in the model definition.

1. Go to the "Bank Employee" tab of the "robbery2" atomic model.
2. Click on "Edit" -> "Global Variables."
3. Add a new global variable called "hasInsiderKnowledge" of type short.
   1. Enter "hasInsiderKnowledge" in the "Name" field.
   2. Verify that the "Type" drop down box is on "short."
   3. Click the "Add" button.
4. Add a new global variable called "sneakySkillProf" of type short.
5. Click the "Finish" button.
6. Add "Sneaky Skill" to the set of "Skills" for the "Bank Employee."
   1. For the proficiency, enter "sneakySkillProf".
7. Add the "Teller Access" to the set of initial access.
8. Remove the "Insider Knowledge" from the set of initial knowledge.
9. Set up the "InsiderKnowledge" to be initialized by the "hasInsiderKnowledge" global variable.
   1. Click on "Edit" -> "Custom Initialization."
   2. Enter the following code in the code box:

        InsiderKnowledge->Mark() = hasInsiderKnowledge;
      

   3. Click "Finish."
10. Save and close the atomic model.

Part C - Creating the Reward Model

We've now modified the "robbery" atomic model to have two new items on the AEG and the adversary profile uses two global variables to initialize the profile from values that we will define in the study. Next, we need to create a reward model.

1. Create a new reward model called "robberyRM2" with the same instructions as in part 1, but choose the "robbery2" atomic model as its child.

Part D - Creating the Study

Now, we need a new study that provides interesting global variable values to the atomic model.

Checkpoint Image 2-2

1. Create a new range study called "robberyStud2" and choose "robberyRM2" as its child.
2. Notice that we now have two variables in the table.
3. Select the "hasInsiderKnowledge" variable and click the "Incremental Range" button.
4. Change the "Final" field to be 1 and click "OK."
5. Select the "sneakySkillProf" and click the "Manual Range" button.
6. Enter the value 200 in the "New Value" field and click "Enter."
7. Enter the value 800 in the "New Value" field and click "Enter."
8. Select the "0" item from the "Current Values" list and click the "Delete" button.
9. Click "OK."
10. Click the "Experiment Activator" button and verify that the window matches Checkpoint Image 2-2.
11. Click "OK."
12. Save and close the study.

Part E - Running the Simulation

You have now defined a study with four experiments. Next, you need to run the simulation.

1. Create a new simulator called "robberySim2".
2. Run the simulation and view the results.
3. Verify that your results are similar to these results.

Notice that experiment 1 (no "InsiderKnowledge" and skill proficiency at 200) is not very interesting. The reason is that the adversary doesn't meet the preconditions of any attack step other than the "Do Nothing" step.

Experiments 2 and 4 show us results identical to what we saw in Part 1 of this tutorial, because we start out with the "InsiderKnowledge" as before, and model execution flows the exact same way.

Experiment 3's results are different from those for Part 1 only because the adversary never possesses the "InsiderKnowledge" knowledge. However, the adversary does possess a skill proficiency of 800, and the precondition for the first attack step demands at least 500. So the adversary can pick the first attack step, and the execution behaves the same. The adversary simply never gains the "InsiderKnowledge" during execution.

Review

We have added a new access and skill to the AEG. We have also changed the adversary profile to use two global variables so that we can create a handful of experiments. We are now able to see how the skill, access, and knowledge of the adversary affects the behavior of the model.

Troubleshooting

Information will be added to this section if common problems are reported.

If you haven't found a solution to your problem, please email the Möbius users mailing list.

Part 3

Prerequisites

This part of the tutorial builds on the previous parts. Before starting on part 3, be sure that you have correctly completed Parts 1 and 2. Alternatively, if you'd like to skip the previous parts, you can download and use this project, which is the BankRobbery project as it appears after Parts 1 and 2 have been completed.

This part of the tutorial requires more knowledge of standard Möbius. In particular, you'll be asked to build a basic SAN and Rep/Join model. If the steps prove to be difficult, please consult the Mobius Documentation for more information.

Topics Covered

• Create additional attack steps.
• Composing ADVISE models with SANs.

Process

Part A - Expanding the AEG

Checkpoint Diagram 3-1

1. Open the "BankRobbery" Möbius model.
2. Right click on the "robbery2" atomic model and select "Copy."
3. In the "To" column, enter the name "robbery3" and click "OK."
4. Click "No" at the next prompt.
5. Open the "robbery3" atomic model.
6. Add a knowledge called "Manager Personal Information" to the right of the "Teller Access" access.
7. Add a step called "Distract Manager With Phony Phone Call" to the right of the WDAI step.
8. Add an access called "Manager Off-Duty" to the right of the "Customer Information" knowledge.
9. Connect the new knowledge to the the step, the new step to the new access, and the new access to the ICTOM step.
10. The execution time of our new step will depend on the "Sneaky Skill," so also add a new connection from the "Sneaky Skill" to the DMWPPC step.
11. The effects of the ICTOM step will be changed to affect the Teller Access, so create an arc from the ICTOM step to the "Teller Access" access.
12. Verify that your diagram looks similar to the one in Checkpoint Diagram 3-1.
13. Select the DMWPPC attack step and edit its details.
    1. Define the attack cost to be 0.
    2. Define the distribution of attack execution time to be normal with parameters dependent on the adversary's "Sneaky Skill" proficiency.
       1. Enter the following code for the mean parameter:

          if(SneakySkill->Mark() > 400) return 2; else return 6;
          

       2. Enter the following code for the variance parameter:

          return 1;
          

    3. Enter the following code for the precondition expression:

       return ManagerPersonalInformation->Mark() && !ManagerOffDuty->Mark();
       

    4. Define three outcomes:
       1. The first outcome should be called "Failure Manager Detects Fraud". It should have a probability of 0.1, a detection probability of 0.9, and the following effects:

          ManagerPersonalInformation->Mark() = false;
          

       2. The second outcome should be called "Failure Manager Does Not Detect Fraud". It should have a probability of 0.2, a detection probability of 0.1, and no effects.
       3. The third outcome should be called, "Success." It should have a probability of 0.7, a detection probability of 0, and the following effects:

          ManagerOffDuty->Mark() = true;
          

14. Select the ICTOM attack step and edit its details.
    1. Change the "Failure" outcome.
       1. Replace the outcome probability with the following code:

          if(ManagerOffDuty->Mark()) return 0.1; else return 0.4;
          

       2. Replace the detection probability with the following code:

          if(ManagerOffDuty->Mark()) return 0.2; else return 0.9;
          

       3. Add the following code to the effects:

          if(!ManagerOffDuty->Mark()) { CustomerInformation->Mark() = false; TellerAccess->Mark() = false; }
          

    2. Change the "Success" outcome.
       1. Replace the outcome probability with the following code:

          if(ManagerOffDuty->Mark()) return 0.9; else return 0.6;
          

       2. Replace the detection probability with the following code:

          if(ManagerOffDuty->Mark()) return 0; else return 0.1;
          

15. Save and close the "robbery3" attack execution graph.

Part B - Expanding the Adversary Profile

Since we are adding more nodes to the AEG, you also need to update the adversary profile.

1. Open the "Bank Employee" tab for the "robbery3" atomic model.
2. Add the "Manager Personal Information" knowledge to the set of initial knowledge.
3. Under the goals section enter 1000 as the payoff.
4. Save and close the atomic model.

Part C - Creating a SAN for the Manager's Behavior

Checkpoint Diagram 3-2

1. Create a new SAN atomic model called "robbery3Manager".
2. Add the SAN elements to the canvas in a flattened circle. Their positions, described in terms of the face of a clock, should be as follows.
   1. Create a place at the 9:00 position called "managerOffDuty".
      1. Set the number of tokens to 0.
   2. Create an input gate at the 10:30 position called "isOffDuty".
      1. The input predicate should be:

         managerOffDuty->Mark() > 0
         

      2. The input function should be:

         managerOffDuty->Mark() = 0; managerOnDuty->Mark() = 0;
         

   3. Create a timed activity at the 12:00 position called "rest".
      1. Change the time distribution function to Deterministic and enter "14" for the value.
   4. Create a place at the 3:00 position called "managerOnDuty."
      1. Set the number of tokens to 1.
   5. Create a timed activity at the 6:00 position called "work."
      1. Change the time distribution function to "Deterministic" and enter "10" for the value.
3. Connect the elements in a clockwise direction.
4. Verify that your SAN looks like the one pictured in Checkpoint Diagram 3-2.

Part D - Composing the Manager SAN with the ADVISE Model

Checkpoint Diagram 3-3

1. Right-click on "Composed" in the project editor and create a new Rep/Join composed model called "robbery3RJ".
2. Add a new submodel to the canvas for robbery3 (the ADVISE atomic model) using the default name.
3. Add a new submodel to the canvas for robbery3Manager (the SAN atomic model) using the default name.
4. Add a join node above those and use the default name.
5. Create a new arc from the join to each of the submodels.
6. Right click on the join node, click on Create New Shared state variable and select ManagerOffDuty for both sub models.
7. Verify that your composed model looks like the one in Checkpoint Diagram 3-3.

Part E - Creating the Reward Model

You've now created a composed model that joins the "robbery3" and "robbery3Manager" atomic models. Next, you need to create a reward model.

1. Create a new reward model called "robberyRM3" with the same instructions as in Part 1, except this time the reward model's child should be "robbery3RJ".
2. Define a new performance variable called "k_manager".
   1. Define the rate reward to be:

        return robbery3->ManagerOffDuty->Mark();
      

   2. Define the timing to be an instant of time with an incremental range. The range should be 0-60 with a step size of 5.

Part F - Creating the Study

1. Create a new range study called "robberyStud3" using the same steps as in Part 2.

Part G - Running the Simulation

1. Create a new simulator called "robberySim3".
2. Run the simulation and view the results.
3. Verify that your results are similar to these results.
4. In case you are confused you can refer to this solution this project

Notice that the results are similar to what you saw in Part 2 of this tutorial. However, experiment 1 is now of interest, because you can see that the value of "k_manager" cycles back and forth between 0 and 1 thanks to the robbery3Manager SAN. Also, if you look at the results for a while, you'll notice that the additions to the AEG and adversary have changed the attack path and outcome significantly. Notice that success is no longer guaranteed in our model. If the adversary attempts the ICTOM step and fails while the manager is on duty, the manager revokes the Customer Information and Teller Access, which causes all attack paths to be blocked.

Review

You have further expanded the AEG and Adversary profile. You edited two attack steps to add state-dependent timing, detection, outcome probabilities, and outcome effects. You have also joined the AEG with a SAN using a Rep/Join composed model.

Troubleshooting

Information will be added to this section if common problems are reported.

If you haven't found a solution to your problem, please email the Möbius users mailing list.

Network Intrusion Example

This tutorial is under construction

Introduction

Network Diagram

Story

Alpha Corp provides infrared sensors for missile guidance packages to the US military. As a government subcontractor they are in possession of classified data, and are worried about their network. They are a medium sized corporation with thousands of employees, so they require a distributed network to accomodate workers at the office and off-site, working from home or traveling. As such, there are multiple access points such as the physical desktop computers, VPN, and Internet.

Explanation

Alpha Corp would like to model their network against various scenarios to determine an attackers behavior. We have provided an example that has some errors from the Alpha Corp computer security staff's model. The tutorial will go through looking at their model and how to debug various problems.

Topics Covered

• Debugging Simulations
  • Examining traces
  • Look at attack steps
• Editing Do Nothing Step
  • Increase/Decrease cost
• Utility Functions
  • Explanation
    • Setting preference weights
  • Editing functions

Part 1 - Debugging Simulations

Topics Covered

• Examining traces and attack steps

Part 2 - Do Nothing Step

Topics Covered

• Editing the Do Nothing Step
• How to increase/decrease costs

Part 2 - Utility Functions

Topics Covered

• Explanation of Utility Functions
  • Setting preference weights
• How to edit functions

Troubleshooting

This section will be added to when common problems are reported.

If you haven't found a solution to your problem, please email the ADVISE Alpha mailing list.