# Tutorial

<h5 style="margin-bottom: 2px; margin-top: 0px;">
    <b><span>Finding vulnerabilities in a Cybersecurity model</b></span>
</h5>
<p>
    In this tutorial, we will explore a small Boolean model designed to simulate different cybersecurity scenarios. The model consists of nodes representing key components of a cybersecurity system, and the goal of this tutorial is to evaluate how different conditions and guidelines affect the overall security state of the system.
</p>
<p>
    The model includes the following nodes: <br><br>
    <ul>
        <li> Inputs: 
            <code style="font-size: 14px; margin-bottom: 100px">Security_Policies</code>,
            <code style="font-size: 14px; margin-bottom: 100px">User_Education</code>,
            <code style="font-size: 14px; margin-bottom: 100px">Network_Monitoring</code>, and
            <code style="font-size: 14px; margin-bottom: 100px">Security_Patches</code>.<br><br>
        <li> Internal nodes:
            <code style="font-size: 14px; margin-bottom: 100px">Backups</code>,
            <code style="font-size: 14px; margin-bottom: 100px">Malware</code>,
            <code style="font-size: 14px; margin-bottom: 100px">Firewall</code>,
            <code style="font-size: 14px; margin-bottom: 100px">Unauthorized_Access</code>,
            <code style="font-size: 14px; margin-bottom: 100px">Exploits</code>,
            <code style="font-size: 14px; margin-bottom: 100px">Antivirus</code>,
            <code style="font-size: 14px; margin-bottom: 100px">Strong_Password</code>,
            <code style="font-size: 14px; margin-bottom: 100px">TwoFactAut</code>, and
            <code style="font-size: 14px; margin-bottom: 100px">Phishing_Attack</code>.<br><br>
        <li> Output nodes:
            <code style="font-size: 14px; margin-bottom: 100px">Security_State</code>.
    </ul>

</p>

In [None]:
import boolevard as blv
import pandas as pd
from boolevard import CountPaths

In [2]:
model = blv.Load("/mnt/Datos/Project_Method/boolevard/tutorial/security.bnet") # Load the model (BoolNet format)
check = ["Security_State"] # Set node(s) to check

In [3]:
model.Info

Unnamed: 0,0,3,2,1,6,7,4,5,8,15,12,11,9,14,13,10,DNF,NDNF
User_Education,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,User_Education,~User_Education
Security_Policies,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,Security_Policies,~Security_Policies
Security_Patches,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,Security_Patches,~Security_Patches
Network_Monitoring,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,Network_Monitoring,~Network_Monitoring
Backups,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,"And(~Malware, Security_Policies)","Or(Malware, ~Security_Policies)"
Malware,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,"And(~Antivirus, Exploits, ~Firewall, ~Strong_P...","Or(Antivirus, ~Exploits, Firewall, Strong_Pass..."
Security_State,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,"And(Backups, ~Unauthorized_Access)","Or(~Backups, Unauthorized_Access)"
Firewall,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,"Or(Network_Monitoring, Security_Patches)","And(~Network_Monitoring, ~Security_Patches)"
Unauthorized_Access,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"Or(And(~Firewall, Malware, ~Strong_Password, ~...","Or(Firewall, Strong_Password, TwoFactAut, And(..."
Exploits,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,"Or(~Strong_Password, ~TwoFactAut)","And(Strong_Password, TwoFactAut)"


<p>
A total of 16 stable states are reached upon different input combinations. We will check the how secure our system is based on the number of paths leading to the activation or inactivation of the <code style="font-size:14px">Security_State</code> node.
</p> 


In [4]:
sec_status = model.CountPaths(check, ss_wise = True) # Average signed path counts leading to the local state of Security_State across all the stable states of the model

Evaluating Stable State: 0
Security_State: -35, 4.168351491292318e-06 minutes.
Evaluating Stable State: 3
Security_State: -1, 8.424123128255208e-07 minutes.
Evaluating Stable State: 2
Security_State: -1, 8.821487426757813e-07 minutes.
Evaluating Stable State: 1
Security_State: -1, 6.914138793945312e-07 minutes.
Evaluating Stable State: 6
Security_State: -6, 2.173582712809245e-06 minutes.
Evaluating Stable State: 7
Security_State: 4, 1.5695889790852864e-06 minutes.
Evaluating Stable State: 4
Security_State: 5, 1.9272168477376303e-06 minutes.
Evaluating Stable State: 5
Security_State: 7, 2.276897430419922e-06 minutes.
Evaluating Stable State: 8
Security_State: -1, 4.569689432779948e-07 minutes.
Evaluating Stable State: 15
Security_State: -1, 8.781750996907552e-07 minutes.
Evaluating Stable State: 12
Security_State: -1, 5.125999450683594e-07 minutes.
Evaluating Stable State: 11
Security_State: -1, 4.172325134277344e-07 minutes.
Evaluating Stable State: 9
Security_State: 21, 3.333886464436

In [6]:
# Sort the security outcomes in ascending order
security_outcomes = pd.DataFrame(sec_status, columns = ["Security_State"], index = model.Info.columns[:-2]).transpose().sort_values(by = "Security_State", axis = 1)
security_outcomes

Unnamed: 0,0,6,3,2,1,8,15,12,11,7,4,5,9,14,13,10
Security_State,-35,-6,-1,-1,-1,-1,-1,-1,-1,4,5,7,21,24,26,29


In [8]:
# Sort the stable states based on security outcomes and check the input configurations triggering them
inputs = ["User_Education", "Security_Policies", "Security_Patches", "Network_Monitoring"]
model.Info.loc[inputs, security_outcomes.columns]

Unnamed: 0,0,6,3,2,1,8,15,12,11,7,4,5,9,14,13,10
User_Education,0,0,0,0,0,1,1,1,1,0,0,0,1,1,1,1
Security_Policies,0,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1
Security_Patches,0,0,0,1,1,0,0,1,1,0,1,1,0,0,1,1
Network_Monitoring,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1


<style>code{font-size: 14px}</style>
<p>
In the table above, we can see that the absence of all inputs simultaneously results in the worst security outcome <b>(SS = 0, Path count = 35)</b>. Activating any single input is not sufficient to change the inactive state of <code>Security_States</code>, although it reduces the number of paths leading to inactivation to one, except for <code>Security_Policies</code>, which leads to a slightly improved outcome <b>(SS = 6, Path count = -6)</b>. <br><br>
Most input combinations result in a positive security state, except for the combination of <code>Security_Patches</code> and <code>Network_Monitoring</code>. The strongest security state occurs when all inputs are active, but the combination of <code>User_Education</code>, <code>Security_Policies</code>, and any additional input is enough to trigger almost the maximum observed secure paths.
<p>

<style>code{font-size: 14px}</style>
<p>
Lastly, we will examine how common scenarios impact security, either by reducing the number of activating paths or shifting the system toward insecurity. To do so, we will perturb the model by simulating virus triggers and system bugs affecting the defenders, introducing additive activations or inactivations of specific nodes.

<code>BooLEVARD</code> allows for two types of perturbations: <b>non-additive</b>, where the perturbation completely overrides the target node’s regulation, and <b>additive</b>, where its regulatory effect is combined with the existing one. We will analyze the effects of these perturbations when all inputs are ON.
</p>

In [9]:
perturbations = ["Firewall%INH", "Unauthorized_Access%ACT", "Exploits%ACT", "Antivirus%INH", "Strong_Password%INH", "TwoFactAut%INH", "Phishing_Attack%ACT"] # Define the perturbations
res = []
for p in perturbations:
    pmodel = model.Pert(p, additive = True) # Perturb the model
    pmodel.Info = pmodel.Info.loc[:, (pmodel.Info.loc[inputs] == 1).all(axis = 0) | pmodel.Info.columns.str.contains("DNF")] # Retrieve only stable states reached when all inputs are on
    
    if len(pmodel.Info.columns) <= 2:
        res.append("NA")
    else:
        sec_status = pmodel.CountPaths(check, ss_wise = True)
        res.append(sec_status)

res = [item[0] for item in res]
res = pd.DataFrame(res, index = perturbations, columns = ["Security_State"]).transpose().sort_values(by = "Security_State", axis = 1) # Store results in a dataframe
res

Evaluating Stable State: 29
Security_State: 23, 2.5908152262369793e-06 minutes.
Evaluating Stable State: 30
Security_State: -1, 9.258588155110677e-07 minutes.
Evaluating Stable State: 28
Security_State: 21, 3.949801127115885e-06 minutes.
Evaluating Stable State: 23
Security_State: 25, 4.315376281738282e-06 minutes.
Evaluating Stable State: 9
Security_State: 16, 2.3404757181803385e-06 minutes.
Evaluating Stable State: 27
Security_State: 9, 2.642472585042318e-06 minutes.
Evaluating Stable State: 28
Security_State: 16, 2.3484230041503905e-06 minutes.


Unnamed: 0,Unauthorized_Access%ACT,TwoFactAut%INH,Strong_Password%INH,Phishing_Attack%ACT,Exploits%ACT,Firewall%INH,Antivirus%INH
Security_State,-1,9,16,16,21,23,25


<style>code{font-size: 14px}</style>
<p>
We observe that, except for the activation of <code>Unauthorized_Access</code>, all perturbations still allow for security, albeit with varying strengths. In this system, the loss of security strategies is predicted to have a greater impact than losing the antivirus or deactivating the firewall.
<p>