1,453 research outputs found
Computing Weakest Strategies for Safety Games of Imperfect Information
CEDAR (Counter Example Driven Antichain Refinement) is a new symbolic algorithm for computing weakest strategies for safety games of imperfect information. The algorithm computes a fixed point over the lattice of contravariant antichains. Here contravariant antichains are antichains over pairs consisting of an information set and an allow set representing the associated move. We demonstrate how the richer structure of contravariant antichains for representing antitone functions, as opposed to standard antichains for representing sets of downward closed sets, allows CEDAR to apply a significantly less complex controllable predecessor step than previous algorithms
Gaming security by obscurity
Shannon sought security against the attacker with unlimited computational
powers: *if an information source conveys some information, then Shannon's
attacker will surely extract that information*. Diffie and Hellman refined
Shannon's attacker model by taking into account the fact that the real
attackers are computationally limited. This idea became one of the greatest new
paradigms in computer science, and led to modern cryptography.
Shannon also sought security against the attacker with unlimited logical and
observational powers, expressed through the maxim that "the enemy knows the
system". This view is still endorsed in cryptography. The popular formulation,
going back to Kerckhoffs, is that "there is no security by obscurity", meaning
that the algorithms cannot be kept obscured from the attacker, and that
security should only rely upon the secret keys. In fact, modern cryptography
goes even further than Shannon or Kerckhoffs in tacitly assuming that *if there
is an algorithm that can break the system, then the attacker will surely find
that algorithm*. The attacker is not viewed as an omnipotent computer any more,
but he is still construed as an omnipotent programmer.
So the Diffie-Hellman step from unlimited to limited computational powers has
not been extended into a step from unlimited to limited logical or programming
powers. Is the assumption that all feasible algorithms will eventually be
discovered and implemented really different from the assumption that everything
that is computable will eventually be computed? The present paper explores some
ways to refine the current models of the attacker, and of the defender, by
taking into account their limited logical and programming powers. If the
adaptive attacker actively queries the system to seek out its vulnerabilities,
can the system gain some security by actively learning attacker's methods, and
adapting to them?Comment: 15 pages, 9 figures, 2 tables; final version appeared in the
Proceedings of New Security Paradigms Workshop 2011 (ACM 2011); typos
correcte
Safe Sequential Path Planning Under Disturbances and Imperfect Information
Multi-UAV systems are safety-critical, and guarantees must be made to ensure
no unsafe configurations occur. Hamilton-Jacobi (HJ) reachability is ideal for
analyzing such safety-critical systems; however, its direct application is
limited to small-scale systems of no more than two vehicles due to an
exponentially-scaling computational complexity. Previously, the sequential path
planning (SPP) method, which assigns strict priorities to vehicles, was
proposed; SPP allows multi-vehicle path planning to be done with a
linearly-scaling computational complexity. However, the previous formulation
assumed that there are no disturbances, and that every vehicle has perfect
knowledge of higher-priority vehicles' positions. In this paper, we make SPP
more practical by providing three different methods to account for disturbances
in dynamics and imperfect knowledge of higher-priority vehicles' states. Each
method has different assumptions about information sharing. We demonstrate our
proposed methods in simulations.Comment: American Control Conference, 201
Applications of Repeated Games in Wireless Networks: A Survey
A repeated game is an effective tool to model interactions and conflicts for
players aiming to achieve their objectives in a long-term basis. Contrary to
static noncooperative games that model an interaction among players in only one
period, in repeated games, interactions of players repeat for multiple periods;
and thus the players become aware of other players' past behaviors and their
future benefits, and will adapt their behavior accordingly. In wireless
networks, conflicts among wireless nodes can lead to selfish behaviors,
resulting in poor network performances and detrimental individual payoffs. In
this paper, we survey the applications of repeated games in different wireless
networks. The main goal is to demonstrate the use of repeated games to
encourage wireless nodes to cooperate, thereby improving network performances
and avoiding network disruption due to selfish behaviors. Furthermore, various
problems in wireless networks and variations of repeated game models together
with the corresponding solutions are discussed in this survey. Finally, we
outline some open issues and future research directions.Comment: 32 pages, 15 figures, 5 tables, 168 reference
On a Generic Security Game Model
To protect the systems exposed to the Internet against attacks, a security
system with the capability to engage with the attacker is needed. There have
been attempts to model the engagement/interactions between users, both benign
and malicious, and network administrators as games. Building on such works, we
present a game model which is generic enough to capture various modes of such
interactions. The model facilitates stochastic games with imperfect
information. The information is imperfect due to erroneous sensors leading to
incorrect perception of the current state by the players. To model this error
in perception distributed over other multiple states, we use Euclidean
distances between the outputs of the sensors. We build a 5-state game to
represent the interaction of the administrator with the user. The states
correspond to 1) the user being out of the system in the Internet, and after
logging in to the system; 2) having low privileges; 3) having high privileges;
4) when he successfully attacks and 5) gets trapped in a honeypot by the
administrator. Each state has its own action set. We present the game with a
distinct perceived action set corresponding to each distinct information set of
these states. The model facilitates stochastic games with imperfect
information. The imperfect information is due to erroneous sensors leading to
incorrect perception of the current state by the players. To model this error
in perception distributed over the states, we use Euclidean distances between
outputs of the sensors. A numerical simulation of an example game is presented
to show the evaluation of rewards to the players and the preferred strategies.
We also present the conditions for formulating the strategies when dealing with
more than one attacker and making collaborations.Comment: 31 page
Compositional Reactive Synthesis for Multi-Agent Systems
With growing complexity of systems and guarantees they are required to provide, the need for automated and formal design approaches that can guarantee safety and correctness of the designed system is becoming more evident. To this end, an ambitious goal in system design and control is to automatically synthesize the system from a high-level specification given in a formal language such as linear temporal logic. The goal of this dissertation is to investigate and develop the necessary tools and methods for automated synthesis of controllers from high-level specifications for multi-agent systems. We consider systems where a set of controlled agents react to their environment that includes other uncontrolled, dynamic and potentially adversarial agents. We are particularly interested in studying how the existing structure in systems can be exploited to achieve more efficient synthesis algorithms through compositional reasoning.
We explore three different frameworks for compositional synthesis of controllers for multi-agent systems. In the first framework, we decompose the global specification into local ones, we then refine the local specifications until they become realizable, and we show that under certain conditions, the strategies synthesized for the local specifications guarantee the satisfaction of the global specification. In the second framework, we show how parametric and reactive controllers can be specified and synthesized, and how they can be automatically composed to enforce a high-level objective. Finally, in the third framework, we focus on a special but practically useful class of multi-agent systems, and show how by taking advantage of the structure in the system and its objective we can achieve significantly better scalability and can solve problems where the centralized synthesis algorithm is infeasible
Modelling Telecommunications Operators and Adversaries using Game Theory
Telecommunications systems being inherently distributed and collaborative in nature present a plurality of attack surfaces to malicious entities and hence vulnerable to many potential attacks even indirectly demanding a need in prioritising security. The choice of security implementations depends upon the currently understood threats, future possible threat vectors, and the dependencies between systems. Executing these choices while contemplating the financial aspects is exceptionally difficult. It is thus critical to have a perceptible decision support framework for better security decision-making. This thesis studies the strategic nature of the interaction between the Telecoms operators and attackers utilising game theory to understand their strategic decision-making characteristics strengthening security decisions.
To understand the security investment decision-making criteria of operators, this thesis utilises static security investment games. Through these games, we study the effects of security investment decision of an operator on other operators' behaviour. We determine conditions supporting the security investment decisions and propose strategic recommendations supplementing the dependency conditions.
We then study attackers' behaviour considering them with strategic incentives in contrary to their strictly-bounded rationality in traditional game-theoretic modelling approaches. We utilise a behavioural approach and design a decision-flow model capturing the choices of attackers in the attack process. An outcome of this work is a generalised attack framework. Moreover, using this framework, we derive attack strategies optimising attackers' effort. Through this work, we are probing the foundations for drawing inferences about attackers' strategic characteristics from a cybersecurity perspective
Improved Algorithms for Parity and Streett objectives
The computation of the winning set for parity objectives and for Streett
objectives in graphs as well as in game graphs are central problems in
computer-aided verification, with application to the verification of closed
systems with strong fairness conditions, the verification of open systems,
checking interface compatibility, well-formedness of specifications, and the
synthesis of reactive systems. We show how to compute the winning set on
vertices for (1) parity-3 (aka one-pair Streett) objectives in game graphs in
time and for (2) k-pair Streett objectives in graphs in time
. For both problems this gives faster algorithms for dense
graphs and represents the first improvement in asymptotic running time in 15
years
- …