The closest thing that I have done to this was installing Cuckoo Sandbox. Unfortunately it appears to be unmaintained. But it was actually quite fun to watch the viruses infecting some poor unpatchted Windows 7 VMs; even if it was not as sophisticated as on that cartoon.
I can see a modified version of @unman 's Qubes Network Viewer getting turned into some sort of ecosystem abstraction showing communication (packets, emails, probes, attacks) being passed back and forth between VMs.
Maybe we can create salt scripts that automate VMs reproducing and going extinct, with different package combinations being used as some sort of proxy for genetics. The VMs will compete for resource points that will determine whether they live, die, and reproduce. These resource points come from a separate, sacred VM (the ‘World VM’) that’s like the dom0 of the ecosystem, and how these points are doled out depend on whether VMs meet certain criteria. (By the way, these some VMs are armed with known malware and can choose to attack others, and can also co-operate. There’s a cost to attacking and others will detect and remember attackers).
Think of this as the 2020s version of Robert Axelrod’s famous experiment, except as a toy aquarium for infosec geeks. With deep learning having an impact on infosec, this makes this much more interesting.
I typed this up in 10 minutes, and would love to hear if anyone has additional/better ideas.
I wonder whether the Debian phyla or the Fedora Phyla will do better, or whether some dark horse candidate (like Gentoo) will come along and wipe the floor. (P.S. for the sake of simplicity this should just be limited to Linux VMs–no unikernels)
It could be interesting to do this just as an exercise. One would probably learn a lot about Qubes in the process, namely:
- qubes RPC policies - to indicate do dom0 the qube had been compromized
- monitoring qubes
This would also be an educational cybersecurity exercise since it’s a good introduction to malware in general (especially since you’ll be using known malware that won’t attack Xen).
In my uninformed opinion, Qubes might be well suited to being a cybersecurity test/education platform (devs take note if Invisible Things ever needs to pivot–or maybe start a side-business).
I’m actually tempted to attempt this now, especially since genetic algorithms interest me. The problem is getting my hands on a machine that’s fast enough, especially without hyperthreading (or maybe I should re-enable HT). I can see that even my i7-1065G7 would be a far cry from what’s needed.
Maybe a Xeon or a Zen3 AMD APU? One can dream