A Moving Target Defense Platform powered by ANCOR
Switch branches/tags
Clone or download
Latest commit d096ae1 Feb 5, 2018

README.md

What is MTD CBITS?

Moving Target Defense for Cloud-Based IT Systems (MTD CBITS) is a platform that automatically adapts multiple aspects of the network’s logical and physical configuration. The platform is targeting OpenStack and is built on top of ANCOR. ANCOR is a framework that captures the high-level user requirements and translates them into a working IT system on a cloud infrastructure.

Useful information:

Please don't hesitate to contact the authors if you have any questions or concerns.

Resources for MTD CBITS: Moving Target Defense for Cloud-Based IT Systems

General Requirements

  • In order to use MTD CBITS and/or ANCOR, the user needs an OpenStack cloud infrastructure (extensively tested on Icehouse release) that the VM hosting MTD CBITS/ANCOR can reach.

  • The MTD CBITS/ANCOR VM should be reachable by the instances running on the OpenStack infrastructure (i.e., VM should run in bridged mode).

  • The necessary Puppet manifests that are needed for the system that will be deployed with MTD CBITS or ANCOR.

Setting Up and Using MTD CBITS and ANCOR

Option 1 - General Setup Instructions

(The underlying ANCOR framework was extensively tested on Ubuntu 12.04 x64.)

  • Ensure your terminal of choice is using bash/zsh as a login shell

  • Please follow the automated installer (includes the ANCOR CLI tool)

  • Run in terminal: Change directory into the ANCOR folder to configure and start ANCOR bin/interactive-setup; bin/setup-mcollective; bin/start-services

  • If needed, install ANCOR CLI on a different host

Option 2 - Preconfigured MTD CBITS/ANCOR VM

  1. Download the MTD CBITS/ANCOR VM:

Default credentials - user: ancor password: ancor

The virtual machine is bridged to the network and therefore the user might be warned that a different NIC is used than the one that it was configured on.

  1. Setup the communication between the preconfigured VM and the OpenStack deployment. Start MTD CBITS/ANCOR ...

Run in terminal:

cd ~/workspace/ancor
bin/interactive-setup
bin/finish-setup
bin/start-services

** Testing MTD CBITS and ANCOR with a basic "Drupal deployment" example:**

Run in terminal:

ancor environment plan /home/ancor/workspace/ancor/spec/fixtures/arml/drupal.yaml
ancor environment commit

For more information about the available sample scenarios please check Puppet Manifests' Repository for MTD CBITS and ANCOR Example Scenarios

For more features (e.g., adding, removing, replacing instances) run in terminal:

ancor

Option 3 - Using Vagrant

  1. Install Vagrant
  2. Clone the MTD CBITS/ANCOR repository. Run in terminal:
git clone https://github.com/arguslab/ancor/ && cd ancor
  1. Create a local development VM for MTD CBITS and ANCOR. All necessary ports are forwarded to your host, so you can use your development machine's IP address when configuring MTD CBITS and/or ANCOR. Run in terminal: vagrant up

  2. Once the VM is up and running, run in terminal:vagrant ssh

  3. Run the following commands inside the VM to configure and start ANCOR:

cd /vagrant to change into the ANCOR directory This directory is shared between the VM and your host using the Shared Folders feature in VirtualBox. Changes in this directory will be shared instantly between the VM and your host.

bin/interactive-setup to start from the configuration template

bin/setup-mcollective to install MCollective for ANCOR

bin/start-services to start the Rails app and Sidekiq worker for ANCOR 6. Test MTD CBITS and ANCOR with a basic "Drupal deployment" example:

ancor environment plan /vagrant/spec/fixtures/arml/drupal.yaml; ancor environment commit