Skip to content
/ TSN-digital-twin Public

Time-Sensitive Networking Digital Twin for STRIDE-based Security Testing

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

UniboSecurityResearch/TSN-digital-twin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
ansible
ansible
 
 
results
results
 
 
.gitattributes
.gitattributes
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
create_vm.sh
create_vm.sh
 
 
virtual_disks.7z
virtual_disks.7z
 
 

Repository files navigation

TSN-digital-twin

This repository contains the artifacts for the paper "Time-Sensitive Networking Digital Twin for STRIDE-based Security Testing".

Prerequisites

The qemu-system is compiled with vde2. To make it work, you need to create symbolic links and set up the environment:

Symbolic Links

Create the following symbolic links:

ln -s libvdeplug4/libvdeplug_ptp.so libvdeplug_ptp.so
ln -s libvdeplug4/libvdeplug.so libvdeplug.so.3

Using the New Compiled Library

Set the LD_LIBRARY_PATH to the path of the compiled vde4 library:

export LD_LIBRARY_PATH=<path_to_compiled_vde4>

Running QEMU

Run the QEMU system with the following command:

LD_LIBRARY_PATH=. qemu-system-x86_64 -enable-kvm -machine q35 -cpu host -device intel-iommu -m 512     -drive file=/home/gio/tesi/clone_debian_disk.qcow2,format=qcow2     -net nic,macaddr=52:54:00:11:22:11 -net vde,sock=ptp://

Network Configuration

Using ptp4l

sudo ptp4l -H -2 -E -i enp0s31f6 -m

Creating a Clone Disk

qemu-img create -f qcow2 -F qcow2 -b debian_disk.qcow2 clone#_debian_disk.qcow2

Creating and Setting Up a Bridge

ip link add br0 type bridge && ip link set br0 up

Daemonizing QEMU

qemu-system-x86_64 -daemonize -enable-kvm -machine q35 -device intel-iommu -cpu host -m 1024     -drive file=clone1_debian_disk.qcow2     -device virtio-net,netdev=net0,mac=$(printf 'DE:AD:BE:EF:%02X:%02X
' $((RANDOM%256)) $((RANDOM%256))),mq=on,vectors=10     -netdev tap,id=net0,queues=4,vhost=on,script=/home/gio/tesi/qemu-ifup.sh     -nic user,hostfwd=tcp::60022-:22

Configuring Ethernet and Traffic Shaping

Adjusting Ethernet Settings

ethtool -L enp0s3 combined 4

Creating a Queue Discipline with tc-cbs

sudo tc qdisc add dev "$1" parent root handle 6666 mqprio     num_tc 3     map 2 2 1 0 2 2 2 2 2 2 2 2 2 2 2 2     queues 1@0 1@1 2@2     hw 0

Configuring CBS Queues

Queue 1:

tc qdisc replace dev "$1" parent 6666:1 cbs idleslope 98688 sendslope -901312 hicredit 153 locredit -1389 offload 0

Queue 2:

tc qdisc replace dev "$1" parent 6666:2 cbs idleslope 3648 sendslope -996352 hicredit 12 locredit -113 offload 0

Configuring iptables

iptables -t mangle -A POSTROUTING -p udp --sport 7777 -j CLASSIFY --set-class 6666:2
iptables -t mangle -A POSTROUTING -p udp --dport 7777 -j CLASSIFY --set-class 6666:2

iptables -t mangle -A POSTROUTING -p udp --dport 6666 -j CLASSIFY --set-class 6666:3
iptables -t mangle -A POSTROUTING -p udp --sport 6666 -j CLASSIFY --set-class 6666:3

Testing Network Performance

Using iperf

Server

iperf3 -s -p 7777

Client

iperf3 -c 192.168.1.35 --udp -p 7777 -b 1T

Generating Traffic with hping3

hping3 --udp --flood 192.168.1.35 --destport 6666 -d 512

Cite us

If you find this work interesting and use it in your academic research, please cite our paper!

DOI

About

Time-Sensitive Networking Digital Twin for STRIDE-based Security Testing

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Nov 19, 2024

Packages

No packages published

Languages