Simulation

Check for remaining things to fix

To the right in securiCAD we have a tab labelled Problems. It is a list of mandatory things we need to add before running a simulation. For instance, in order to be able to calculate, a Protocol object is mandatory for each Dataflow object. If this would be missing, then it would show up as a notification in the Problems pane.

While building our model, we have also seen that there are sometimes small red labels near the top left corners of some objects. This indicates that a mandatory association is missing to that object.

At this moment, we don’t have any remaining Problems blocking us from running the first simulation.

Selecting what assets to analyze

Attack simulations spread and are performed throughout the entire model. However, when it comes to reporting, we need to select what asset we want to look at the simulation results. It is perfectly possible to select several assets. This is done by selecting an asset, unfolding the attack step we are interested in, often Compromise, and set the Consequence value to a figure between 1 and 10.

Time to simulate

At this moment in the manual we will not go into if this is a reasonable attack, what it really means and what we can do about it. These topics are described in much more detail in other sections of this manual. What we will look at now is how the attack affects the different parts of the model to see that the attack propagates through it. Press the Simulate button;

If you have not yet saved the model, you will be prompted to do so before the simulation starts.

Simulations are run both locally in securiCAD and on line in the securiCAD cloud based simulation service.

The model is now colored according to the success rate of the attack;

When the simulation is finished, we see that the model is colored according to the success rate of each attack step throughout the model. The deeper red a label is colored, the higher the probability of a successful attack on that particular object.

In addition to the coloring of the object frames, we will also, when using securiCAD, get a web page showing the simulation results.

Conclusions

In this module we have learnt how to build models and what models mean. Next we will continue dig deeper into the attack simulations and how to use them for actionable results.

The resulting model we have just built can be downloaded here.


What’s Next