Defending against the Unknown Enemy: Applying FlipIt to System Security

Bowers, Kevin D.; Dijk, Marten van; Griffin, Robert; Juels, Ari; Oprea, Alina; Rivest, Ronald L.; Triandopoulos, Nikos

doi:10.1007/978-3-642-34266-0_15

Cited by 51 publications

(63 citation statements)

References 12 publications

(24 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For example the paper [2] examines the FlipIt game as applied to various different situations in computer security; for example password reset strategies, key management, cloud auditing and virtual machine refresh methodologies.…”

Section: Prior Workmentioning

confidence: 99%

See 1 more Smart Citation

Threshold FlipThem: When the Winner Does Not Need to Take All

Leslie

Sherfield

Smart

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We examine a FlipIt game in which there are multiple resources which a monolithic attacker is trying to compromise. This extension to FlipIt was considered in a paper in GameSec 2014, and was there called FlipThem. Our analysis of such a situation is focused on the situation where the attacker's goal is to compromise a threshold of the resources. We use our game theoretic model to enable a defender to choose the correct configuration of resources (number of resources and the threshold) so as to ensure that it makes no sense for a rational adversary to try to attack the system. This selection is made on the basis of the relative costs of the attacker and the defender.

show abstract

Section: Prior Workmentioning

confidence: 99%

“…Note that µ * = λ * = 0 is an equilibrium of the game defined by equations in (2). This is an artefact of assuming the existence of a unique distribution for all µ, λ, where as when λ = µ = 0 the Markov chain never makes any transitions.…”

Section: Simple Example Flipthemmentioning

confidence: 99%

Threshold FlipThem: When the Winner Does Not Need to Take All

Leslie

Sherfield

Smart

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Table 1 contains the most important difference in notation between the original FlipIt game and our FlipThem game. FlipIt [13,2] is a two-player, zero-sum game modeling stealthy takeovers, in which both players are trying take control of a single resource. One of the players is called the defender (denoted by D), while the other player is called the attacker (denoted by A).…”

Section: The Flipit Gamementioning

confidence: 99%

“…Existing work [13,2,11] studies a single resource, yet in practice the security of a key asset depends on multiple resources that an attacker has to compromise at the same time. Also, the severity of an attack typically depends on the number of compromised assets.…”

Section: Introductionmentioning

confidence: 99%

FlipThem: Modeling Targeted Attacks with FlipIt for Multiple Resources

Lászka

Horväth

Félegyházi

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The attack on RSA [12] in early 2011 represented a big surprise for the IT security industry. It showed that major security companies are attractive targets for stealthy attacks because of the important information they possess. The RSA attack induced an interesting discussion in the security industry and the research community alike. In particular, researchers at RSA modeled stealthy takeovers of a resource in their FlipIt game [13]. FlipIt is an attacker-defender game in which the players compete for the control of a resource, which can correspond to the practical case of updating and compromising a cryptographic key.In this paper, we present FlipThem, a generalization of the FlipIt game to multiple resources. In particular, we consider two control models: In the AND control model, the attacker needs to compromise all resources to gain access to the target system, whereas in the OR control model, the attacker only needs to control a single resource to reach her goal. First, we propose combinations of basic, single-resource FlipIt strategies and study the best choices for the defender and the attacker. Then, we extend these basic strategies with the Markov strategy class to represent more complex combinations of moves.Based on our FlipThem model, we can provide a few guidelines for the defenders. First, in the AND control model, we found that the defender should update her resources independently. On the other hand, the defender should generally update her resources synchronously in the OR control model. We also found that periodically updating resources is a good choice against a non-adaptive attacker in the FlipThem model, however, it suffers from the same weaknesses against an attacker with feedback as in the basic FlipIt model. Thus, the defender needs to carefully assess the potential information available to the attacker when choosing her strategy. In summary, our results enable a defender to plan her defense strategy against a range of attacker strategies.

show abstract

“…To model such long term stealthy attacks researchers have turned to game theory [1,21,24,28], adding to a growing body of work looking at game theory in cybersecurity in various scenarios [7,15,34]. Probably the most influential work applying game theory in the security area has been the FlipIt game [33]; with the follow up paper [5] demonstrating applications of FlipIt to various examples including credential management, virtual machine refresh and cloud auditing for service-level-agreement. FlipIt has gained traction and popularity due to the assumption that the adversary can always get into the system; thus aligning with the new rhetoric in the security industry that compromise avoidance is no longer a realistic possibility and it is now about limiting the amount of compromise as quickly and efficiently as possible.…”

Section: Introductionmentioning

confidence: 99%

Multi-rate Threshold FlipThem

Leslie

Sherfield

Smart

2017

Computer Security – ESORICS 2017

View full text Add to dashboard Cite

Abstract. A standard method to protect data and secrets is to apply threshold cryptography in the form of secret sharing. This is motivated by the acceptance that adversaries will compromise systems at some point; and hence using threshold cryptography provides a defence in depth. The existence of such powerful adversaries has also motivated the introduction of game theoretic techniques into the analysis of systems, e.g. via the FlipIt game of van Dijk et al. This work further analyses the case of FlipIt when used with multiple resources, dubbed FlipThem in prior papers. We examine two key extensions of the FlipThem game to more realistic scenarios; namely separate costs and strategies on each resource, and a learning approach obtained using so-called fictitious play in which players do not know about opponent costs, or assume rationality.

show abstract

Defending against the Unknown Enemy: Applying FlipIt to System Security

Cited by 51 publications

References 12 publications

Threshold FlipThem: When the Winner Does Not Need to Take All

Threshold FlipThem: When the Winner Does Not Need to Take All

FlipThem: Modeling Targeted Attacks with FlipIt for Multiple Resources

Multi-rate Threshold FlipThem

Contact Info

Product

Resources

About