Defending against the Unknown Enemy: Applying FlipIt to System Security

Most cryptographic systems carry the basic assumption that entities are able to preserve the secrecy of their keys. With attacks today showing ever increasing sophistication, however, this tenet is eroding. “Advanced Persistent Threats” (APTs), for instance, leverage zero-day exploits and extensive system knowledge to achieve full compromise of cryptographic keys and other secrets. Such compromise is often silent, with defenders failing to detect the loss of private keys critical to protection of their systems. The growing virulence of today’s threats clearly calls for new models of defenders’ goals and abilities.

[1]  Roger B. Myerson,et al.  Game theory - Analysis of Conflict , 1991 .

[2]  Tadeusz Radzik RESULTS AND PROBLEMS IN GAMES OF TIMING , 1996 .

[3]  Jeannette M. Wing,et al.  Scenario graphs and attack graphs , 2004 .

[4]  G. Mailath,et al.  Repeated Games and Reputations , 2006 .

[5]  G. Mailath,et al.  Repeated Games and Reputations: Long-Run Relationships , 2006 .

[6]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[7]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[8]  Jonathan Katz,et al.  Bridging Game Theory and Cryptography: Recent Results and Future Directions , 2008, TCC.

[9]  Tansu Alpcan,et al.  Security Games with Incomplete Information , 2009, 2009 IEEE International Conference on Communications.

[10]  Tyler Moore,et al.  Would a 'cyber warrior' protect us: exploring trade-offs between attack and defense of information systems , 2010, NSPW '10.

[11]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[12]  Roberto Tamassia,et al.  Optimal Verification of Operations on Dynamic Sets , 2011, CRYPTO.

[13]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.

[14]  Dusko Pavlovic,et al.  Gaming security by obscurity , 2011, NSPW '11.

[15]  Edwin Pickstone,et al.  ILLEGITIMI NON CARBORUNDUM , 2012 .

[16]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[17]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[18]  Elaine B. Barker,et al.  Recommendation for Key Management - Part 2: Best Practices for Key Management Organization , 2014 .