## Cryptology ePrint Archive: Report 2012/502

Are We Compromised? Modelling Security Assessment Games

Viet Pham and Carlos Cid

Abstract: Security assessments are an integral part of organisations' strategies for protecting their digital assets and critical IT infrastructure. In this paper we propose a game-theoretic modelling of a particular form of security assessment -- one which addresses the question are we compromised?''. We do so by extending the recently proposed game FlipIt'', which itself can be used to model the interaction between defenders and attackers under the Advanced Persistent Threat (APT) scenario. Our extension gives players the option to test'' the state of the game before making a move. This allows one to study the scenario in which organisations have the option to perform periodic security assessments of such nature, and the benefits they may bring.

Category / Keywords: advanced persistent threat, security assessment, game theory, FlipIt, strategic security plan, penetration testing

Publication Info: An extended abstract of this work will appear in the proceedings of GameSec 2012. This is the full version

Contact author: viet pham 2010 at live rhul ac uk

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2012/502

[ Cryptology ePrint archive ]