Game Theory Meets Network Security: A Tutorial at ACM CCS

The increasingly pervasive connectivity of today's information systems brings up new challenges to security. Traditional security has accomplished a long way toward protecting well-defined goals such as confidentiality, integrity, availability, and authenticity. However, with the growing sophistication of the attacks and the complexity of the system, the protection using traditional methods could be cost-prohibitive. A new perspective and a new theoretical foundation are needed to understand security from a strategic and decision-making perspective. Game theory provides a natural framework to capture the adversarial and defensive interactions between an attacker and a defender. It provides a quantitative assessment of security, prediction of security outcomes, and a mechanism design tool that can enable security-by-design and reverse the attacker's advantage. This tutorial provides an overview of diverse methodologies from game theory that includes games of incomplete information, dynamic games, mechanism design theory to offer a modern theoretic underpinning of a science of cybersecurity. The tutorial will also discuss open problems and research challenges that the CCS community can address and contribute with an objective to build a multidisciplinary bridge between cybersecurity, economics, game and decision theory

A case study of MMO2's Madic: A framework for creating mobile internet systems

Mobile Internet applications on ubiquitous mobile networks allows real-time, anywhere, anytime connectivity to services. Due to its scalability and potential cost savings, mobile communication is being increasingly applied in the business and consumer communities to create innovative data and voice application, which run over the Internet infrastructure. This paper reports on a case study at an organisation that created an innovative approach to developing mobile applications developed by third party independent developers. A conceptual wireless reference model is presented that was used to define the various system components required to create effective mobile applications

Cloud for Gaming

Cloud for Gaming refers to the use of cloud computing technologies to build large-scale gaming infrastructures, with the goal of improving scalability and responsiveness, improve the user's experience and enable new business models.Comment: Encyclopedia of Computer Graphics and Games. Newton Lee (Editor). Springer International Publishing, 2015, ISBN 978-3-319-08234-

Multi-Layer Cyber-Physical Security and Resilience for Smart Grid

The smart grid is a large-scale complex system that integrates communication technologies with the physical layer operation of the energy systems. Security and resilience mechanisms by design are important to provide guarantee operations for the system. This chapter provides a layered perspective of the smart grid security and discusses game and decision theory as a tool to model the interactions among system components and the interaction between attackers and the system. We discuss game-theoretic applications and challenges in the design of cross-layer robust and resilient controller, secure network routing protocol at the data communication and networking layers, and the challenges of the information security at the management layer of the grid. The chapter will discuss the future directions of using game-theoretic tools in addressing multi-layer security issues in the smart grid.Comment: 16 page

Olympic rings of steel: Constructing security for 2012 and beyond

Academic and political commentators have commonly sought to understand the Olympics as a cultural dynamic, a "spectacle" that motivates certain actors to project their relative interests in localized spaces and as well on a global scale (Hiller 2006; Boyle and Haggerty 2009b ). Mega-events, as this argument goes, are monumental cultural events (Roche 2000) that rely on the audacity of spectacle to dramatize and condition the cultural, political, legal and economic landscape. Extending these insights into surveillance studies, Boyle and Haggerty (2009b: 259-260) position spectacle and the disciplinary mechanisms of anxieties associated with mega-events to explain the risk management practices of security planners. The dynamic social implications of the spectacle condition dramatic regimes of securitization and surveillance such that sovereign power emanates from the production and consumption of spectacle. In similar fashion Vida Bajc (2007: 1648) writes that security meta-rituals "demonstrate[s] that the process of transformation of [the] public space [of mega-events] from one of routine of daily life into a sterile area [that] has a ritual form [that] .... separates insiders from outsiders and brings about a new socio-political reality." Put another way, the "security-meta ritual" legitimates security and surveillance practices by normalizing the social hierarchies it imposes. Bajc focuses on the over-determination of dividing practices in mega-event security, but the signifying practices associated with capital are absent (perhaps due to her empirical focus on presidential addresses). Klauser (2008: 181) links commercialization and mechanisms of surveillance, but only by foregrounding the significance of "neutralized space" created by granting absolute commercial rights to event sponsors. Neoliberalprivatization and its articulation with security and surveillance, however, cannot be reduced to control over sponsorship rights and consumptive practices in particular urban "zones," nor can it be limited by the methodological temporality of the event itself

A Dynamic Game Analysis and Design of Infrastructure Network Protection and Recovery

Infrastructure networks are vulnerable to both cyber and physical attacks. Building a secure and resilient networked system is essential for providing reliable and dependable services. To this end, we establish a two-player three-stage game framework to capture the dynamics in the infrastructure protection and recovery phases. Specifically, the goal of the infrastructure network designer is to keep the network connected before and after the attack, while the adversary aims to disconnect the network by compromising a set of links. With costs for creating and removing links, the two players aim to maximize their utilities while minimizing the costs. In this paper, we use the concept of subgame perfect equilibrium (SPE) to characterize the optimal strategies of the network defender and attacker. We derive the SPE explicitly in terms of system parameters. Finally, we use a case study of UAV-enabled communication networks for disaster recovery to corroborate the obtained analytical results.Comment: 6 page