The Structure of Rooted Weighted Trees Modeling Layered Cyber-security Systems

In this paper we consider the structure and topology of a layered-security model in which the containers and their nestings are given in the form of a rooted tree T. A cyber-security model is an ordered three-tuple M = (T, C, P) where C and P are multisets of penetration costs for the containers and target-acquisition values for the prizes that are located within the containers, respectively, both of the same cardinality as the set of the non-root vertices of T. The problem that we study is to assign the penetration costs to the edges and the target-acquisition values to the vertices of the tree T in such a way that minimizes the total prize that an attacker can acquire given a limited budget. The attacker breaks into containers starting at the root of T and once a vertex has been broken into, its children can be broken into by paying the associated penetration costs. The attacker must deduct the corresponding penetration cost from the budget, as each new container is broken into. For a given assignment of costs and target values we obtain a security system. We show that in general it is not possible to develop an optimal security system for a given cyber-security model M. We define P- and C-models where the penetration costs and prizes, respectively, all have unit value. We show that if T is a rooted tree such that any P- or C-model M = (T, C, P) has an optimal security system, then T is one of the following types: (i) a rooted path, (ii) a rooted star, (iii) a rooted 3-caterpillar, or (iv) a rooted 4-spider. Conversely, if T is one of these four types of trees, then we show that any P- or C-model M = (T, C, P) does have an optimal security system. Finally, we study a duality between P- and C-models that allows us to translate results for P-models into corresponding results for C-models and vice versa. The results obtained give us some mathematical insights into how layered-security defenses should be organized

On Cyber Attacks and the Maximum-Weight Rooted-Subtree Problem

This paper makes three contributions to cyber-security research. First, we define a model for cyber-security systems and the concept of a cyber-security attack within the model's framework. The model highlights the importance of game-over components - critical system components which if acquired will give an adversary the ability to defeat a system completely. The model is based on systems that use defense-in-depth/layered-security approaches, as many systems do. In the model we define the concept of penetration cost, which is the cost that must be paid in order to break into the next layer of security. Second, we define natural decision and optimization problems based on cyber-security attacks in terms of doubly weighted trees, and analyze their complexity. More precisely, given a tree T rooted at a vertex r, a penetrating cost edge function c on T, a target-acquisition vertex function p on T, the attacker's budget and the game-over threshold B,G ϵ Q+ respectively, we consider the problem of determining the existence of a rooted subtree T' of T within the attacker's budget (that is, the sum of the costs of the edges in T' is less than or equal to B) with total acquisition value more than the game-over threshold (that is, the sum of the target values of the nodes in T' is greater than or equal to G). We prove that the general version of this problem is intractable, but does admit a polynomial time approximation scheme. We also analyze the complexity of three restricted versions of the problems, where the penetration cost is the constant function, integer-valued, and rational-valued among a given fixed number of distinct values. Using recursion and dynamic-programming techniques, we show that for constant penetration costs an optimal cyber-attack strategy can be found in polynomial time, and for integer-valued and rational-valued penetration costs optimal cyber-attack strategies can be found in pseudo-polynomial time. Third, we provide a list of open problems relating to the architectural design of cyber-security systems and to the model

The Computational Complexity of Generating Random Fractals

In this paper we examine a number of models that generate random fractals. The models are studied using the tools of computational complexity theory from the perspective of parallel computation. Diffusion limited aggregation and several widely used algorithms for equilibrating the Ising model are shown to be highly sequential; it is unlikely they can be simulated efficiently in parallel. This is in contrast to Mandelbrot percolation that can be simulated in constant parallel time. Our research helps shed light on the intrinsic complexity of these models relative to each other and to different growth processes that have been recently studied using complexity theory. In addition, the results may serve as a guide to simulation physics.Comment: 28 pages, LATEX, 8 Postscript figures available from [email protected]

The Parallel Complexity of Growth Models

This paper investigates the parallel complexity of several non-equilibrium growth models. Invasion percolation, Eden growth, ballistic deposition and solid-on-solid growth are all seemingly highly sequential processes that yield self-similar or self-affine random clusters. Nonetheless, we present fast parallel randomized algorithms for generating these clusters. The running times of the algorithms scale as $O(\log^2 N)$, where $N$ is the system size, and the number of processors required scale as a polynomial in $N$. The algorithms are based on fast parallel procedures for finding minimum weight paths; they illuminate the close connection between growth models and self-avoiding paths in random environments. In addition to their potential practical value, our algorithms serve to classify these growth models as less complex than other growth models, such as diffusion-limited aggregation, for which fast parallel algorithms probably do not exist.Comment: 20 pages, latex, submitted to J. Stat. Phys., UNH-TR94-0

A Model Classifying Algorithms as Inherently Sequential with Applications to Graph Searching

A model is proposed that can be used to classify algorithms as inherently sequential. The model captures the internal computations of algorithms. Previous work in complexity theory has focused on the solutions algorithms compute. Direct comparison of algorithms within the framework of the model is possible. The model is useful for identifying hard to parallelize constructs that should be avoided by parallel programmers. The model's utility is demonstrated via applications to graph searching. A stack breadth-first search (BFS) algorithm is analyzed and proved inherently sequential. The proof technique used in the reduction is a new one. The result for stack BFS sharply contrasts a result showing that a queue based BFS algorithm is in NC. An NC algorithm to compute greedy depth-first search numbers in a dag is presented, and a result proving that a combination search strategy called breadth-depth search is inherently sequential is also given