Extending a Platform for IT-Security Exercises

Abstract: The Swedish Defence Research Agency, FOI, has developed a platform that is used to train and study IT-security. This platform was used during the cyber Baltic shield, an international cyber security exercise. During the exercise, a number of teams acting as system administrators, tried to secure and defend the system of a fictive power supply company. Another team acted as a terrorist organisation with the goal to compromise the systems of the power supply companies and shut down their power generators. FOI has also developed a security assessment method, named XMASS, which is implemented in a software tool called SANTA. This can be used to model a networked IT-system and get a picture of its current state of security. This thesis aims to integrate the tool, SANTA, with the platform for cyber security exercises to get the ability to visualise a system and analyse its security during an IT-security exercise. The thesis also identifies some problems with XMASS regarding how traffic mediators, for example firewalls, are modelled. A literature review is performed to get a picture of the current state of research on security assessment methods and leads to a proposition of a new model for traffic mediators.