Games and Abstraction: The Science of Cyber Security
Lead Research Organisation:
Imperial College London
Department Name: Institute for Security Science and Tech
Abstract
This proposal addresses the challenge "How do we make better security decisions?". Specifically we propose to develop new approaches to decision support based on mathematical game theory. Our work will support professionals who are designing secure systems and also those charged with determining if systems have an appropriate level of security -- in particular, systems administrators. We will develop techniques to support human decision making and techniques which enable well-founded security design decisions to be made.
We recognise that the emerging trend away from corporate IT systems towards a Bring-Your-Own-Device (BYOD) culture will bring new challenges and changes to the role of systems administrator. However, even in this brave new world, companies will continue to have core assets such as the network infrastructure and the corporate database which will need the same kind of protection. It is certainly to be expected that some of the attacks will now originate from inside the corporate
firewall rather than from outside. Our team will include researchers from the Imperial College Business School who will help us to ensure that our models are properly reflecting these new threats.
Whilst others have used game theoretic approaches to answer these questions, much of the previous work has been more or less ad hoc. As such the resulting
security decisions may be based on unsound principles. In particular, it is common to use abstractions without giving much consideration to the relationship between properties of the abstract model and the real system. We will develop a new game theoretic framework which enables a precise analysis of these relationships and hence provides a more robust decision support tool.
We recognise that the emerging trend away from corporate IT systems towards a Bring-Your-Own-Device (BYOD) culture will bring new challenges and changes to the role of systems administrator. However, even in this brave new world, companies will continue to have core assets such as the network infrastructure and the corporate database which will need the same kind of protection. It is certainly to be expected that some of the attacks will now originate from inside the corporate
firewall rather than from outside. Our team will include researchers from the Imperial College Business School who will help us to ensure that our models are properly reflecting these new threats.
Whilst others have used game theoretic approaches to answer these questions, much of the previous work has been more or less ad hoc. As such the resulting
security decisions may be based on unsound principles. In particular, it is common to use abstractions without giving much consideration to the relationship between properties of the abstract model and the real system. We will develop a new game theoretic framework which enables a precise analysis of these relationships and hence provides a more robust decision support tool.
Planned Impact
The call for proposals gives examples of research that could contribute to challenge of "How do we make better security decisions?".
We claim that our proposal addresses each of these:
1. techniques to support human decision making and/or to examine the underlying rationale driving expert security decisions:
this was the primary rationale for the development of game theory.
2. techniques that enable well-founded security design decisions to be made which are based on an underlying set of well-defined principles:
game theory is a mathematical theory and as such rigorous and well founded. We argue that in its application to cyber security there is some residual ad-hoc decisions used in the construction of the model. This proposal aims to replace this ad-hoc component by well defined principles based on abstraction.
3. techniques to enable rigorous assessment of whether a system carries an appropriate level of protection for the threat environment it faces:
we will introduce the concept of security capacity as an upper bound on the achievable level of security in a system. We will elaborate on this or similar concepts and test them on empirical data.
4. techniques that enable well-informed trade-offs between security and other business drivers such as cost, functionality etc:
classically the notion of payoff in game theory encompasses such techniques. Through our collaboration with the Business School we expect to develop realistic understanding of the true payoffs involved in both SMEs and large organisations.
5. techniques that allow security spend to be targeted so as to provide the best return on investment:
again this is a classical game theoretical aspect that we expect to better understand via our empirical studies.
In addition to progressing the state-of-the art in the theoretical underpinnings of the project, we will develop a number of proof-of-concept implementations which will be made available to the stakeholder community. It is also anticipated that Business School empirical studies will lead to new policy advice.
We claim that our proposal addresses each of these:
1. techniques to support human decision making and/or to examine the underlying rationale driving expert security decisions:
this was the primary rationale for the development of game theory.
2. techniques that enable well-founded security design decisions to be made which are based on an underlying set of well-defined principles:
game theory is a mathematical theory and as such rigorous and well founded. We argue that in its application to cyber security there is some residual ad-hoc decisions used in the construction of the model. This proposal aims to replace this ad-hoc component by well defined principles based on abstraction.
3. techniques to enable rigorous assessment of whether a system carries an appropriate level of protection for the threat environment it faces:
we will introduce the concept of security capacity as an upper bound on the achievable level of security in a system. We will elaborate on this or similar concepts and test them on empirical data.
4. techniques that enable well-informed trade-offs between security and other business drivers such as cost, functionality etc:
classically the notion of payoff in game theory encompasses such techniques. Through our collaboration with the Business School we expect to develop realistic understanding of the true payoffs involved in both SMEs and large organisations.
5. techniques that allow security spend to be targeted so as to provide the best return on investment:
again this is a classical game theoretical aspect that we expect to better understand via our empirical studies.
In addition to progressing the state-of-the art in the theoretical underpinnings of the project, we will develop a number of proof-of-concept implementations which will be made available to the stakeholder community. It is also anticipated that Business School empirical studies will lead to new policy advice.
Organisations
People |
ORCID iD |
| Chris Hankin (Principal Investigator) | |
| Thomas Hoehn (Co-Investigator) |
Publications
Fielder A
(2016)
Decision support approaches for cyber security investment
in Decision Support Systems
Caulfield T
(2015)
Optimizing time allocation for network defence
in Journal of Cybersecurity
Fielder A
(2014)
ICT Systems Security and Privacy Protection
Panaousis E
(2014)
Decision and Game Theory for Security
| Description | We have developed new game theoretic models of cyber attacks on Enterprise IT systems. We use these models to provide systems administrators with advice on how to optimise the use of their limited resources in defending their systems against commodity style attacks. We have developed on an approach to compare several methods of allocating a cyber security budget. The approach considers a game theoretic representation of the entire problem, a purely optimisation based approach that does not consider the adversary's strategy and a hybrid method combining the two. We have been able to identify the trade-offs that exist between the optimality of the solutions, computational complexity of generating the solutions and how easily the solutions can be interpreted for practitioners. Additionally, we have developed a more accurate mapping from the available resources to our model. This allows us to better represent the controls and vulnerabilities in our calculations. The outcome of this improved mapping is that it gives us greater confidence in not only the model, but in the reliability of the results to better reflect the real world environment. The case study considers an SME like entity and currently considers 37 different attacks and 27 different controls. The case study has been developed based on a new platform capable of numerically evaluating a wide range of kinds of cyber attacks. We have developed a prototype web tool that gives advice to users about the implementation of their cyber defences. The system is designed to assume no technical knowledge of cyber security on the part of the user, but rather for them to supply information about their organisation consisting of their requirements and preferences. This allows us to create a profile of the organisation, which is used to better inform the internal algorithms. The system takes a UI approach based on a simple combination of menus and sliders that provide the input from users, where the advice is given in both a simple text form as well as in a graphical medium. The internal algorithms use lightweight optimisation algorithms to solve the game theory based representation within the tool. |
| Exploitation Route | We have produced prototype tools which encapsulate our approach. We are now in the process of talking to various user communities about the application of our techniques. We also recognise that there are scientific challenges to extend the work to deal with unexpected forms of attack and we have submitted a proposal to continue this work. In addition to academic publication, Professor Hankin is a regular speaker at seminars and conferences arranged by the Finance sector and others and is using this as a route to get better dissemination. One of the postdoctoral research associates funded on this project will work on a one year placement at GCHQ. |
| Sectors | Digital/Communication/Information Technologies (including Software),Security and Diplomacy |
| Description | There has been some commercial interest in our web-based tools but this has not yet led to any licensing or spin-out activity. The work has provided background IP for a number of follow-on projects funded by UKRI and Horizon 2020. The tools have also been developed to handle more sophisticated attacks. We are currently developing a white paper describing a more realistic case study which we will use to raise awareness and leverage interest from potential collaborators. |
| First Year Of Impact | 2020 |
| Sector | Digital/Communication/Information Technologies (including Software) |
| Impact Types | Economic |
| Description | Customized and Adaptive approach for Optimal Cybersecurity Investment |
| Amount | £774,906 (GBP) |
| Funding ID | EP/R002983/1 |
| Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
| Sector | Public |
| Country | United Kingdom |
| Start | 11/2017 |
| End | 10/2020 |
| Description | National Technical Authority funding |
| Amount | £138,000 (GBP) |
| Organisation | Government Communications Headquarters (GCHQ) |
| Sector | Public |
| Country | United Kingdom |
| Start | 03/2016 |
| End | 08/2017 |