1,354 research outputs found
Multi-Layer Cyber-Physical Security and Resilience for Smart Grid
The smart grid is a large-scale complex system that integrates communication
technologies with the physical layer operation of the energy systems. Security
and resilience mechanisms by design are important to provide guarantee
operations for the system. This chapter provides a layered perspective of the
smart grid security and discusses game and decision theory as a tool to model
the interactions among system components and the interaction between attackers
and the system. We discuss game-theoretic applications and challenges in the
design of cross-layer robust and resilient controller, secure network routing
protocol at the data communication and networking layers, and the challenges of
the information security at the management layer of the grid. The chapter will
discuss the future directions of using game-theoretic tools in addressing
multi-layer security issues in the smart grid.Comment: 16 page
Game Theory Meets Network Security: A Tutorial at ACM CCS
The increasingly pervasive connectivity of today's information systems brings
up new challenges to security. Traditional security has accomplished a long way
toward protecting well-defined goals such as confidentiality, integrity,
availability, and authenticity. However, with the growing sophistication of the
attacks and the complexity of the system, the protection using traditional
methods could be cost-prohibitive. A new perspective and a new theoretical
foundation are needed to understand security from a strategic and
decision-making perspective. Game theory provides a natural framework to
capture the adversarial and defensive interactions between an attacker and a
defender. It provides a quantitative assessment of security, prediction of
security outcomes, and a mechanism design tool that can enable
security-by-design and reverse the attacker's advantage. This tutorial provides
an overview of diverse methodologies from game theory that includes games of
incomplete information, dynamic games, mechanism design theory to offer a
modern theoretic underpinning of a science of cybersecurity. The tutorial will
also discuss open problems and research challenges that the CCS community can
address and contribute with an objective to build a multidisciplinary bridge
between cybersecurity, economics, game and decision theory
Cyber Insurance for Cyber Resilience
Cyber insurance is a complementary mechanism to further reduce the financial
impact on the systems after their effort in defending against cyber attacks and
implementing resilience mechanism to maintain the system-level operator even
though the attacker is already in the system. This chapter presents a review of
the quantitative cyber insurance design framework that takes into account the
incentives as well as the perceptual aspects of multiple parties. The design
framework builds on the correlation between state-of-the-art attacker vectors
and defense mechanisms. In particular, we propose the notion of residual risks
to characterize the goal of cyber insurance design. By elaborating the
insurer's observations necessary for the modeling of the cyber insurance
contract, we make comparison between the design strategies of the insurer under
scenarios with different monitoring rules. These distinct but practical
scenarios give rise to the concept of the intensity of the moral hazard issue.
Using the modern techniques in quantifying the risk preferences of individuals,
we link the economic impacts of perception manipulation with moral hazard. With
the joint design of cyber insurance design and risk perceptions, cyber
resilience can be enhanced under mild assumptions on the monitoring of
insurees' actions. Finally, we discuss possible extensions on the cyber
insurance design framework to more sophisticated settings and the regulations
to strengthen the cyber insurance markets
On Cyber Risk Management of Blockchain Networks: A Game Theoretic Approach
Open-access blockchains based on proof-of-work protocols have gained
tremendous popularity for their capabilities of providing decentralized
tamper-proof ledgers and platforms for data-driven autonomous organization.
Nevertheless, the proof-of-work based consensus protocols are vulnerable to
cyber-attacks such as double-spending. In this paper, we propose a novel
approach of cyber risk management for blockchain-based service. In particular,
we adopt the cyber-insurance as an economic tool for neutralizing cyber risks
due to attacks in blockchain networks. We consider a blockchain service market,
which is composed of the infrastructure provider, the blockchain provider, the
cyber-insurer, and the users. The blockchain provider purchases from the
infrastructure provider, e.g., a cloud, the computing resources to maintain the
blockchain consensus, and then offers blockchain services to the users. The
blockchain provider strategizes its investment in the infrastructure and the
service price charged to the users, in order to improve the security of the
blockchain and thus optimize its profit. Meanwhile, the blockchain provider
also purchases a cyber-insurance from the cyber-insurer to protect itself from
the potential damage due to the attacks. In return, the cyber-insurer adjusts
the insurance premium according to the perceived risk level of the blockchain
service. Based on the assumption of rationality for the market entities, we
model the interaction among the blockchain provider, the users, and the
cyber-insurer as a two-level Stackelberg game. Namely, the blockchain provider
and the cyber-insurer lead to set their pricing/investment strategies, and then
the users follow to determine their demand of the blockchain service.
Specifically, we consider the scenario of double-spending attacks and provide a
series of analytical results about the Stackelberg equilibrium in the market
game
- …