Simulated, Emulated, and Physical Investigative Analysis (SEPIA) of networked systems

Tools are necessary for the DoD to analyze their information system´s security, reliability, and resilience against cyber attack. Today´s security analysis utilize real systems such as computers, network routers and other network equipment, computer emulations (e.g., virtual machines) and simulation models separately to analyze interplay between threats and safeguards. In contrast, we are developing new methods to combine these three approaches to provide hybrid Simulated, Emulated, and Physical Investigative Analysis (SEPIA) environments. Sandia Labs´ current SEPIA environment enables simulated networks to pass network traffic and perform, from the outside, like real networks. We connect both emulated and physical routers and computers to the simulated networks. This provides higher fidelity representations of key network nodes while still leveraging the scalability and cost advantages of simulation tools. SEPIA includes tools that facilitate rapid configuration and deployment of experiments. The result is to rapidly produce large yet relatively low-cost multi-fidelity SEPIA networks of computers and routers that let analysts quickly investigate threats and test protection approaches.