Cryptology ePrint Archive: Report 2012/502
Are We Compromised? Modelling Security Assessment Games
Viet Pham and Carlos Cid
Abstract: Security assessments are an integral part of organisations' strategies for protecting their digital assets and critical IT infrastructure.
In this paper we propose a game-theoretic modelling of a particular form of security assessment -- one which addresses the question ``are we compromised?''.
We do so by extending the recently proposed game ``FlipIt'', which itself can be used to model the interaction between defenders and attackers under the Advanced Persistent Threat (APT) scenario.
Our extension gives players the option to ``test'' the state of the game before making a move. This allows one to study the scenario in which organisations have the option to perform periodic security assessments of such nature, and the benefits they may bring.
Category / Keywords: advanced persistent threat, security assessment, game theory, FlipIt, strategic security plan, penetration testing
Publication Info: An extended abstract of this work will appear in the proceedings of GameSec 2012. This is the full version
Date: received 30 Aug 2012
Contact author: viet pham 2010 at live rhul ac uk
Available formats: PDF | BibTeX Citation
Version: 20120903:130306 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]