Paper 2012/502

Are We Compromised? Modelling Security Assessment Games

Viet Pham and Carlos Cid


Security assessments are an integral part of organisations' strategies for protecting their digital assets and critical IT infrastructure. In this paper we propose a game-theoretic modelling of a particular form of security assessment -- one which addresses the question ``are we compromised?''. We do so by extending the recently proposed game ``FlipIt'', which itself can be used to model the interaction between defenders and attackers under the Advanced Persistent Threat (APT) scenario. Our extension gives players the option to ``test'' the state of the game before making a move. This allows one to study the scenario in which organisations have the option to perform periodic security assessments of such nature, and the benefits they may bring.

Available format(s)
Publication info
Published elsewhere. An extended abstract of this work will appear in the proceedings of GameSec 2012. This is the full version
advanced persistent threatsecurity assessmentgame theoryFlipItstrategic security planpenetration testing
Contact author(s)
viet pham 2010 @ live rhul ac uk
2012-09-03: received
Short URL
Creative Commons Attribution


      author = {Viet Pham and Carlos Cid},
      title = {Are We Compromised? Modelling Security Assessment Games},
      howpublished = {Cryptology ePrint Archive, Paper 2012/502},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.