Why Model
Information Security?
•
•Leads toward a total solution
•Stimulates joint participation
•Does not disrupt the actual system
•Provides a clearer, common understanding of the system
•Identifies technical and management issues for consideration
•Capitalizes on human strengths – visualization, memory, reasoning
•For existing systems, improves system performance
•Helps to ensures that the proposed system will perform as intended
•
•
“The high cost of running real-world attacks, the limited extent to which they exercise the space of actual attacks, and the high potential for harm from a successful attack conspire to make some other means of analysis an imperative.”  Fred Cohen
You are likely wondering – what the heck does an elephant have to do with this?
“The Blind Men and the Elephant” by American poet John Godfrey Saxe (1816-1887) based upon an Indian fable.
Tusk – like a spear  Side – like a wall   Trunk – like a snake   Leg – like a tree   Ear – like a fan   Tail – like a rope

So oft in theologic wars,
The disputants, I ween,
Rail on in utter ignorance
Of what each other mean,
And prate about an elephant
Not one of them has seen.

What the system looks like depends upon your perspective. Most often none have the full picture

•Instant "reset" of computers, networks, etc to initial conditions
•Compression of long term activity into short periods
•Lower cost than utilizing real computers, networks, software, protocols, etc
•Ease of scalability
•Creation of scenarios too risky for "real world" testing
•Levels of abstraction like the OSI model may be represented
•Ease of re-configuration
•Capability for building in an “automatic/scripted” Black or White Team

When to Model?     Actual object or process:
•Is very complex - too difficult to observe
•Doesn’t currently exist
•Is too dangerous to observe
•Takes too long to observe
•Has a large number of variations, and
•Economically and operationally feasible to do so