GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach

Outkin, Alexander V.; Eames, Brandon K.; Galiardi, Meghan A.; Walsh, Sarah; Vugrin, Eric D.; Heersink, Byron; Hobbs, Jacob; Wyss, Gregory D.

doi:10.1145/3326283

Title: GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach

Journal Article · Fri Jul 19 00:00:00 EDT 2019 · ACM Transactions on Privacy and Security

DOI:https://doi.org/10.1145/3326283· OSTI ID:1575267

Outkin, Alexander V. ^[1]; Eames, Brandon K. ^[1]; Galiardi, Meghan A. ^[1]; Walsh, Sarah ^[2]; Vugrin, Eric D. ^[1]; Heersink, Byron ^[3]; Hobbs, Jacob ^[1]; Wyss, Gregory D. ^[1]

Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
Georgia Inst. of Technology, Atlanta, GA (United States)
The Ohio State Univ., Columbus, OH (United States)

Trust in a microelectronics-based system can be characterized as the level of confidence that a system is free of subversive alterations made during system development, or that the development process of a system has not been manipulated by a malicious adversary. Trust in systems has become an increasing concern over the past decade. This report introduces a novel game-theoretic framework, called GPLADD (Graph-based Probabilistic Learning Attacker and Dynamic Defender), for analyzing and quantifying system trustworthiness at the end of the development process, through the analysis of risk of development-time system manipulation. GPLADD represents attacks and attacker-defender contests over time. Here, time is an explicit constraint and allows incorporating the informational asymmetries between the attacker and defender into analysis. GPLADD includes an explicit representation of attack steps via multi-step attack graphs, attacker and defender strategies, and player actions at different times. GPLADD allows quantifying the attack success probability over time and the attacker and defender costs based on their capabilities and strategies. This ability to quantify different attacks provides an input for evaluation of trust in the development process. We demonstrate GPLADD on an example attack and its variants. We develop a method for representing success probability for arbitrary attacks and derive an explicit analytic characterization of success probability for a specific attack. We present a numeric Monte Carlo study of a small set of attacks, quantify attack success probabilities, attacker and defender costs, and illustrate the options the defender has for limiting the attack success and improving trust in the development process.

View Accepted Manuscript (DOE)

Cite

Export

Save

Research Organization:: Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

Sponsoring Organization:: USDOE National Nuclear Security Administration (NNSA)

Grant/Contract Number:: AC04-94AL85000

OSTI ID:: 1575267

Report Number(s):: SAND-2019-4521J; 674919

Journal Information:: ACM Transactions on Privacy and Security, Vol. 22, Issue 3; ISSN 2471-2566

Publisher:: American Chemical Society (ACS)Copyright Statement

Country of Publication:: United States

Language:: English

Citation Metrics:

Cited by: 3 works

Citation information provided by
Web of Science

References (17)

Modeling Modern Network Attacks and Countermeasures Using Attack Graphs Ingols, Kyle; Chu, Matthew; Lippmann, Richard 2009 Annual Computer Security Applications Conference (ACSAC) https://doi.org/10.1109/ACSAC.2009.21	conference	December 2009
Dynamic Security Risk Management Using Bayesian Attack Graphs Poolsappasit, N.; Dewri, R.; Ray, I. IEEE Transactions on Dependable and Secure Computing, Vol. 9, Issue 1 https://doi.org/10.1109/TDSC.2011.34	journal	January 2012
Game theory for security: Key algorithmic principles, deployed systems, lessons learned Tambe, Milind; Jain, Manish; Pita, James Adam 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton) https://doi.org/10.1109/Allerton.2012.6483443	conference	October 2012
Hardware Trojan Insertion by Direct Modification of FPGA Configuration Bitstream Chakraborty, R. S.; Saha, I.; Palchaudhuri, A. IEEE Design & Test, Vol. 30, Issue 2 https://doi.org/10.1109/MDT.2013.2247460	journal	April 2013
A Hardware Threat Modeling Concept for Trustable Integrated Circuits Di, Jia; Smith, Scott 2007 IEEE Region 5 Technical Conference https://doi.org/10.1109/TPSD.2007.4380353	conference	April 2007
Trust games: How game theory can guide the development of hardware Trojan detection methods Graf, Jonathan 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) https://doi.org/10.1109/HST.2016.7495563	conference	May 2016
Attack net penetration testing McDermott, J. P. Proceedings of the 2000 workshop on New security paradigms - NSPW '00 https://doi.org/10.1145/366173.366183	conference	January 2000
Trojan Detection using IC Fingerprinting Agrawal, Dakshi; Baktir, Selcuk; Karakoyunlu, Deniz 2007 IEEE Symposium on Security and Privacy (SP '07) https://doi.org/10.1109/SP.2007.36	conference	May 2007
The Hunt For The Kill Switch Adee, Sally IEEE Spectrum, Vol. 45, Issue 5 https://doi.org/10.1109/MSPEC.2008.4505310	journal	May 2008
A Large-Scale Study of the Time Required to Compromise a Computer System Holm, Hannes IEEE Transactions on Dependable and Secure Computing, Vol. 11, Issue 1 https://doi.org/10.1109/TDSC.2013.21	journal	January 2014
A Survey of Game Theory as Applied to Network Security Roy, Sankardas; Ellis, Charles; Shiva, Sajjan 2010 43rd Hawaii International Conference on System Sciences https://doi.org/10.1109/HICSS.2010.35	conference	January 2010
A Survey on Systems Security Metrics Pendleton, Marcus; Garcia-Lebron, Richard; Cho, Jin-Hee ACM Computing Surveys, Vol. 49, Issue 4 https://doi.org/10.1145/3005714	journal	December 2016
The Trojan-proof chip Mitra, Subhasish; Wong, H. -S. Philip; Wong, Simon IEEE Spectrum, Vol. 52, Issue 2 https://doi.org/10.1109/MSPEC.2015.7024511	journal	February 2015
Risk-based cost-benefit analysis for security assessment problems Wyss, Gregory D.; Clem, John F.; Darby, John L. 2010 IEEE International Carnahan Conference on Security Technology (ICCST), 44th Annual 2010 IEEE International Carnahan Conference on Security Technology https://doi.org/10.1109/CCST.2010.5678687	conference	October 2010
A Game-Theoretic Approach for Testing for Hardware Trojans Kamhoua, Charles A.; Zhao, Hong; Rodriguez, Manuel IEEE Transactions on Multi-Scale Computing Systems, Vol. 2, Issue 3 https://doi.org/10.1109/TMSCS.2016.2564963	journal	July 2016
Attack Modeling for Information Security and Survivability Moore, Andrew P.; Ellison, Robert J.; Linger, Richard C. Figshare https://doi.org/10.1184/r1/6572063.v1	text	January 2018
Attack Modeling for Information Security and Survivability Moore, Andrew P.; Ellison, Robert J.; Linger, Richard C. Carnegie Mellon University https://doi.org/10.1184/r1/6572063	text	January 2001

Figures / Tables (16)

Similar Records

Attack detection and strategy optimization in game-theoretic trust models

Technical Report · Fri Oct 04 00:00:00 EDT 2019 · OSTI ID:1575267

Galiardi, Meghan A.; Vugrin, Eric D.; Outkin, Alexander V.; +2 more

Cyber Threat Screening Using a Queuing-Based Game-Theoretic Approach

Journal Article · Mon Dec 02 00:00:00 EST 2019 · Journal of Information Warfare · OSTI ID:1575267

Bhattacharya, Arnab; Bopardikar, Shaunak; Chatterjee, Samrat; +1 more

Cyber risk assessment and investment optimization using game theory and ML-based anomaly detection and mitigation for wide-area control in smart grids

Other · Mon Aug 01 00:00:00 EDT 2022 · OSTI ID:1575267

Hyder, Burhan

Related Subjects

99 GENERAL AND MISCELLANEOUS
Trust
security
cyber security
physical security
game theory
attacker
defender
attack graphs
37 attack
stochastic process
probability theory
optimization
Deterrence
Nash equilibrium
optimal policy
PLADD
GPLADD

Title: GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach

Citation Formats

References (17)

Figures / Tables (16)

Similar Records

Related Subjects