26,388 research outputs found
Game Theory Meets Network Security: A Tutorial at ACM CCS
The increasingly pervasive connectivity of today's information systems brings
up new challenges to security. Traditional security has accomplished a long way
toward protecting well-defined goals such as confidentiality, integrity,
availability, and authenticity. However, with the growing sophistication of the
attacks and the complexity of the system, the protection using traditional
methods could be cost-prohibitive. A new perspective and a new theoretical
foundation are needed to understand security from a strategic and
decision-making perspective. Game theory provides a natural framework to
capture the adversarial and defensive interactions between an attacker and a
defender. It provides a quantitative assessment of security, prediction of
security outcomes, and a mechanism design tool that can enable
security-by-design and reverse the attacker's advantage. This tutorial provides
an overview of diverse methodologies from game theory that includes games of
incomplete information, dynamic games, mechanism design theory to offer a
modern theoretic underpinning of a science of cybersecurity. The tutorial will
also discuss open problems and research challenges that the CCS community can
address and contribute with an objective to build a multidisciplinary bridge
between cybersecurity, economics, game and decision theory
On the inability of existing security models to cope with data mobility in dynamic organizations
Modeling tools play an important role in identifying threats in traditional\ud
IT systems, where the physical infrastructure and roles are assumed\ud
to be static. In dynamic organizations, the mobility of data outside the\ud
organizational perimeter causes an increased level of threats such as the\ud
loss of confidential data and the loss of reputation. We show that current\ud
modeling tools are not powerful enough to help the designer identify the\ud
emerging threats due to mobility of data and change of roles, because they\ud
do not include the mobility of IT systems nor the organizational dynamics\ud
in the security model. Researchers have proposed security models that\ud
particularly focus on data mobility and the dynamics of modern organizations,\ud
such as frequent role changes of a person. We show that none\ud
of the current security models simultaneously considers the data mobility\ud
and organizational dynamics to a satisfactory extent. As a result, none\ud
of the current security models effectively identifies the potential security\ud
threats caused by data mobility in a dynamic organization
- ā¦