In securiCAD the middle/main area of the program will be the area where you can drop and view objects and their connections. When starting securiCAD you will either see a new empty canvas area called “View 1” or the ACME Example Model.
In the previous parts of this user manual, we describe adding objects to this canvas and making connection between them. We also dropped objects into other objects to bundle/hide them.
When we double-click to open an object, a new tab will be shown with the contents of the opened object. This is what we call an “Object View”.
Double-clicking on the Stage srv 2 object in the ACME Example Model, we see that it contains additional objects.
In the above image, we see the object view of the Stage srv 2 Host object. It shows what objects are contained within the Stage srv 2 Host object.
Object views are used for navigating your model structure in a hierarchical way.
Object View limitations
Since all objects in an object view are connected to the main object (in this case Local Accounts, LSASS, RDP Service, SSH Client and Windows Server 2008 are all connected to Stage srv 2), only objects that can be connected/added to a Host object are allowed here. This means that you can not, for instance, add a WebApplication or Firewall object here.
Furthermore, when on a general canvas, you can select an object and use the left bound arrow to see connected objects and the right bound arrow to add new objects. This functionality is not available when you are in an object view.
The right-click function “Show all connected objects” is also deactivated when you are on an object view.
When looking at objects contained in an object view, the right-click Hide functionality is deactivated.
In the lower left area of securiCAD we have seen an area called “Object View” presenting other objects the selected object is connected to. There is also functionality for adding and deleting objects and connections using this method. This is a way of working that will not require you to locate and put an object onto a canvas in order to work with it. Therefore, this method of object and connection management is most efficient when working on building and changing larger models.
Inspecting Connections of an Object
In the securiCAD user interface, there is an area called “Object View”. This area is showing the connections and some other properties of the object currently selected on the modeling canvas or in the Object Explorer list of objects. Having a few objects connected like in our current example and selecting the prod2dev router object, will show what other objects it is connected to.
In the above example we see that the object “Prod2Dev”, of type Router is connected to one AccessControl, one Firewall and four Network objects.
From the Object View, you can unfold the different object labels to see other objects connected to the selected one. Clicking “Edit” will then bring up a new panel in the program letting you add and remove connections by moving them between lists of connected and unconnected/connectable objects in the model.
Removing a Connection
Selecting a connected object and clicking “Disconnect” will remove the connection. Please note that it will not remove any of the objects from the model, only the connection.
If the objects you have disconnected both are present on a canvas, you will see that the interconnecting line between them will be removed.
Adding a Connection
The opposite of disconnecting two objects is to select a non-connected object and then use the “Connect” button below the “Available Network(s) from the model” area.
Adding an Object While Connecting
If you need to connect an object that has not yet been added to the model, you can do that on-the-fly by first unfolding the “Create New Object” label, enter a new name for the object to be created, adjust the defense settings and when clicking “Add” it will be created and connected at once.
If there are several types of connections to choose from (like with Administration/Connection between Router and Network), we will be prompted to choose one of them like when adding an object via the canvas method.
Worth mentioning is that when an object already has a connection that it can only have one instance of, the “Create New Object” option is grayed out. Such an example is when a Dataflow already is connected to a Protocol.
Connecting Multiple Objects
Possibly the most efficient feature of managing connections this way is that you can select and connect several objects. For instance, if we want to connect all Network Admin zones to the same ZoneManagement object, we can do that in one operation.
Select all routers to be managed/administrated from the same network zone and connect them.
Picking several objects at a time and connecting (or disconnecting) them like this is particularly efficient when working with objects that are shared between many other objects such as Protocol objects, SoftwareProduct objects, ZoneManagement objects and so on.
This section describes ways of locating objects and identifying what neighboring objects an object is connected to.
In the Object Explorer, the Model Explorer and the Views tab, there is an input field labeled Search.
This gives the possibility to type an object name or part of an object name to list all objects with that name. This is useful when you have a model containing many objects and you need to find all objects having a certain name. For instance, I have typed “prod” and that will show me only items having the string “prod” in them in the Object Explorer.
The search field is also acting on the objects’ ID numbers. This is useful when for instance the attack path is listing an object id and you want to investigate it. Then you can search for the ID number in the Search field to quickly find it.
Show All Connected Objects
When an object is present on a canvas, there is a function to show all objects connected to it. This function is used to avoid looking up all objects by hand.
Showing all connected objects in for instance the Lnx Oracle Srv component will give the following collection;
When there are numerous objects connected to an object, it is often convenient to show all connected object of a selected type. For instance, when working with a network zone and you want to see all routers connected to it, it is probably good to avoid showing all hosts connected to it as well.
ID Numbers on Canvas Objects
When referring to particular objects in large models, especially in models with numerous objects with the same name, it is convenient to show the unique object ID number on the objects on the canvas. This is selected via a check box in the Configuration -> Objects dialogue.
Enabling the ID number on the canvas objects will look like the following example.
Views, sometimes called canvases, are used to show a subset of the model, for instance holding objects of a certain type or category. The “circled plus” button in the tool bar will add a new view to the model.
To rename it, you can either go to the “Views” pane next to the “Object Explorer” or you right-click on the view/canvas and select the “Rename” option form the menu. This is only possible on views created manually, not on views automatically generated by securiCAD.
Above the view/canvas area of the securiCAD tool, there are two alignment buttons, next to the zoom tool. These alignment buttons are active when two or more objects are selected.
These buttons align objects to each other horizontally or vertically, to a base line, top line or a center line.
Snap to Grid
The “Snap to Grid” button shows a grid that the modeling objects will be aligned to when moved around.
The “Guidelines” button will activate blue horizontal and vertical lines to show up, showing what other objects the currently moved object are aligned to.
Labeled boxes are not part of the actual securiCAD model and are not considered during simulation.
However, they are a visualization help that can preferably be used when the modeling phase is nearing finished and the models shall be presented to other people. The modelers often has a clear picture of which objects belong to each other and why, but when it comes to explaining models to other people, grouping objects with boxes might be of good help.
Boxes are added by clicking the “Add Text Note” button above the modeling view/canvas.
In the following example we have drawn boxes around the objects related to a certain department.
When modeling objects exist in a model, on a canvas/view, it is possible to copy, paste and delete them in some slightly different manners. The operations below are found in the Edit drop-down menu and by right-clicking on the canvas/view itself.
Edit -> Cut/Copy/Paste
The cut, copy and paste operations cuts, copies and pastes an instance of an object so that it can be added to another canvas/view as well.
However, these operations do not add an extra object. They should therefore be seen more like cut/copy/paste on the visualization part of an object.
Edit -> Paste as Duplicate
Since the paste operation does not create a new object, there is an operation called “Paste as Duplicate”.
Using this will make a copy of the copied object and add it to a canvas/view. This is used for object duplication purposes.
Edit -> Delete/Hide
The difference between the Delete and the Hide operations is that Delete deletes the object from the model completely, while the Hide operation only makes the object non-visible, while it still exists in the model itself and thus can still be found in the list of objects in the “Model Explorer” window.
Shortcut key for hiding an object is backspace and for deleting an object, you can use the delete key.
Tool Bar Button for Adding Objects
In the tool bar in the upper area of securiCAD there is a downward pointing arrow for adding objects to a canvas. Clicking this arrow will show a menu of object categories where you can select objects to add. These objects are the same as the ones in the Object Explorer. This tool is specially useful if you close the Object Explorer tab to get more space to have a larger canvas.
In securiCAD there is a functionality for merging models. This is especially useful when collaborating with the modeling work or when you are working on several sub-models that you want to merge into one big model and then simulate.
The model merging tool is found under File -> Import -> Import Model.
When using this function, you will import a model into the current model you have open in securiCAD including objects, connections and views you have from the model to be imported.
Import Report Dialogue
On successful import, you will get a dialogue reporting which objects were added to your current model.
If an Attacker object exist in the model you are about to import, securiCAD will ask you if you want to include it as well. If you do (and you already had an attacker in your current model), you will have two attackers in the model you are working on. There is no logical problem with this, but since attacks are coming from two directions, the attack influence might be a bit tricky to follow.
The model you are working on will now be extended with objects, connections and views from the model you have imported. However, there will be no automatic connections between the objects you already had and the objects you have just imported since securiCAD doesn’t know what the intention of the imported objects/model is. Therefore you have to make such connections manually.
For instance, if you have a network overview with routers and network zones in your existing model and someone helps you out with modeling a branch office zone and the related sub-zones, you need to manually connect the branch office zone to the correct location/router in the network overview.