There have been various attempts to apply game theory to various aspects of security situations. This paper is particularly interested in security as relates to computers and the Internet. While there have been varying levels of success in describing different aspects of security in game-theoretic terms, there has been little success in describing the problem on a large scale that would be appropriate for making decisions about enterprise or Internet security policy decisions. This report attempts to provide such a description.
We propose that there are three types of players in the game: the computer user, the malicious actor, and the security architect. This paper is not about how to “win” the game of Internet security or a prescription of the clever strategy — as game theorists make clear, “the search for effective decisions is not a central problem of game theory” [29]. The aim of this paper is two-fold, one for theorists and one for practitioners. For game theorists, this paper provides a more accurate description of the actual dynamics of security-related interactions on the Internet. For practitioners, we will provide a framework to clarify existing motivations and intuitions about the current situation and why it is, or is not, working. Hopefully this perspective on the dynamics of the situation will enable more effective decisions and guide the search for clever solutions using other fields of study.
This paper does not focus on building mathematical tools for analysis. We focus on the description of the game. The three players — user, rogue, and architect — all have competing interests. The main interactions are thus: (1) The user and architect negotiate a suitable system configuration which includes trade-offs between productivity (of the user), security (architect’s goal), and cost; this is a non-zero sum game. This occurs on a much slower time scale than the other two interactions. (2) The rogues attempt to steal resources from the user; this feature is also not a zero-sum game, and so presents some interesting challenges. (3) The third interaction is between the architects and the rogues. Although these two parties are defined as diametrically opposed, their interaction is also not zero-sum.
With these interactions laid out, we make the following important observation about the game itself: the user can ignore, or even be complicit with, the rogue without immediate loss. This fact makes it harder to convince the user to work with the architect to improve security. There are other interesting points to consider related to the game: (1) The game is modeled with three players, and we assert that at least this many players is necessary to maintain fidelity with the real Internet; (2) perfect security cannot be promised, even in principle, because the features of the game are such that there is no guaranteed method to compute a globally-optimal strategy (three player game, the fact that it is non-zero-sum, and the fact that there is imperfect information).
1 Introduction
Game theory was founded as a sub-discipline of mathematics in the mid-20th century. It is a description of how rational decision makers compete. However, this paper is not about how to “win” the game of Internet security or a prescription of the clever strategy — as game theorists make clear, “the search for effective decisions is not a central problem of game theory” [29]. What game theory can illuminate is how an interaction proceeds, certain rules about the outcome given the inputs, and to help an analyst clarify a situation by reducing a complex situation to a more compact description.
For the purposes of this paper, we will assume the payoffs to the players are already defined. How to do this is non-obvious. However, a process such as the model described in [35] provides a plausible method for arriving at the payoffs, measured in monetary resources lost or gained.
Game theory assumes we have rational decision makers. Kahneman’s psychological work, and the resulting behavioral economics literature, demonstrate that people are not purely rational. This has important ramifications for actually selecting policies that will be effective, however from our abstract point of view it just means we might have to adjust our payoff values to account for the fact that people may value something more or less than is rational. As such, we will leave this issue aside for now.
When describing the game, we will describe the payoff matrices to the extent possible — which values are positive or negative, their relative magnitudes, etc. However, our goal is not to formulate games to the level of detail that analytic or numeric solutions are possible. There is still much work to be done before that can be achieved. The goal of this paper is to provide the shape of a game as it relates to information security on the Internet.
References
[1] : 2013 Data Breach Investigations Report (DBIR), 2014. URL http://www.verizonenterprise.com/DBIR/2013/.
[2] : Black Tulip: Report of the investigation into the DigiNotar Certificate Authority breach, 2012.
[3] Devdatta Akhawe, Adrienne Porter Felt: “Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness”, 22nd USENIX Security Symposium, 2013. URL http://www.cs.berkeley.edu/~devdatta/papers/alice-in-warningland.pdf.
[4] R. J. Anderson: Security Engineering: A guide to building dependable distributed systems. Wiley, 2008.
[5] R. Anderson, C. Barton, R. Böhme, R. Clayton, M.J.G. van Eeten, M. Levi, T. Moore, S. Savage: “Measuring the cost of cybercrime”, 11th Workshop on the Economics of Information Security, 2012. URL http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf.
[6] Steven J Brams: Negotiation Games: Applying game theory to bargaining and arbitration. Routledge, 2003.
[7] Huseyin Cavusoglu, Birendra Mishra, Srinivasan Raghunathan: “A model for evaluating IT security investments”, Communications of the ACM, pp. 87—92, 2004.
[8] Adam Cummings, Todd Lewellen, David McIntire, Andrew Moore, Randall Trzeciak: Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector, 2012. URL http://www.sei.cmu.edu/library/abstracts/reports/12sr004.cfm.
[9] David Drummond: A new approach to China. Google Official Blog, 2010.
[10] L. Dolanskỳ: “Present state of the Lanchester theory of combat”, Operations Research, pp. 344—358, 1964.
[11] Ellen Messmer: “RSA’s SecurID security breach: What should you do?”, Network World, 2011. URLhttp://www.networkworld.com/news/2011/031811-rsa-securid-breach.html.
[12] Ellen Messmer: “RSA’s SecurID security breach: What should you do?”, Network World, 2011. URLhttp://www.networkworld.com/news/2011/031811-rsa-securid-breach.html.
[13] Drew Fudenberg, Jean Tirole: Game theory. 1991. MIT Press, 1991.
[14] Herbert Gintis: Game theory evolving: A problem-centered introduction to modeling strategic behavior. Princeton University Press, 2000.
[15] Kuno JM Huisman: Technology Investment: a game theoretic real options approach. Kluwer Academic Pub, 2001.
[16] John Gilmore: DES (Data Encryption Standard) Review at Stanford University, 2005. URL http://www.toad.com/des-stanford-meeting.html.
[17] C. Kanich, N. Weaver, D. McCoy, T. Halvorson, C. Kreibich, K. Levchenko, V. Paxson, G.M. Voelker, S. Savage: “Show Me the Money: Characterizing Spam-advertised Revenue”, 20th USENIX Security Symposium, 2011. URLhttps://www.usenix.org/legacy/event/sec11/tech/full_papers/Kanich.pdf.
[18] Ioanna Kantzavelou, Sokratis Katsikas: “A game-based intrusion detection mechanism to confront internal attackers”, Computers & Security, pp. 859—874, 2010.
[19] MK Lauren: Describing Rates of Interaction between Multiple Autonomous Entities: An Example Using Combat Modelling, 2001.
[20] S.D. Moitra: Managing Risk from Cybercrime: Internet Policy and Security Management for Organizations. Max-Planck-Institut f. ausländisches und internationales Strafrecht, 2008.
[21] Tyler Moore, Richard Clayton: “Evil searching: Compromise and recompromise of internet hosts for phishing”, Financial Cryptography and Data Security, pp. 256—272, 2009.
[22] Roger B Myerson: Game theory: analysis of conflict. Harvard University Press, 1997.
[23] John F Nash Jr: “Non-cooperative games”, The Annals of Mathematics, pp. 286—295, 1951.
[24] John F Nash Jr: “The bargaining problem”, Econometrica: Journal of the Econometric Society, pp. 155—162, 1950.
[25] G. Owen: Game theory. Emerald Group Publishing, 1995.
[26] Anatol Rapoport: N-person game theory: Concepts and applications. Courier Dover Publications, 1970.
[27] Anatol Rapoport: Two-person game theory: The essential ideas. Courier Dover Publications, 1966.
[28] E. Rasmusen: Games and Information: An Introduction to Game Theory. Blackwell, 2007.
[29] R. Rasmussen, G. Aaron: Global phishing survey: trends and domain name use in 2Q2012, 2012.
[30] Sankardas Roy, Charles Ellis, Sajjan Shiva, Dipankar Dasgupta, Vivek Shandilya, Qishi Wu: “A survey of game theory as applied to network security”, System Sciences (HICSS), 2010 43rd Hawaii International Conference on, pp. 1—10, 2010.
[31] J.M. Spring: “Modeling Malicious Domain Name Take-down Dynamics: Why eCrime Pays”, IEEE eCrime Researchers Summit, 2013. URLhttp://resources.sei.cmu.edu/library/asset-view.cfm?assetID=88265.
[32] T Spyridopoulos, G Karanikas, T Tryfonas, G Oikonomoug: “A Game Theoretic Defence Framework Against DoS/DDoS Cyber Attacks”, Computers & Security, pp. 39—50, 2013.
[33] John Von Neumann, Oskar Morgenstern: The theory of games and economic behavior. Princeton university press, 1944.
[34] E Weinan, Bjorn Engquist, Xiantao Li, Weiqing Ren, Eric Vanden-Eijnden: “Heterogeneous multiscale methods: a review”, Communications in computational physics, pp. 367—450, 2007.
[35] William Casey, Jose A. Morales, Thomson Nguyen, Jonathan Spring, Rhiannon Weaver, Evan Wright, Leigh Metcalf, Bud Mishra: “Cyber Security via Signaling Games: Toward a Science of Cyber Security”, ICDCIT, pp. 34-42, 2014. URL http://dx.doi.org/10.1007/978-3-319-04483-5_4.
[36] Quanyan Zhu, Linda Bushnell, Tamer Basar: “Game-theoretic analysis of node capture and cloning attack with multiple attackers in wireless sensor networks”, Decision and Control (CDC), 2012 IEEE 51st Annual Conference on, pp. 3404—3411, 2012.
Endnotes
1An agent may both use one system and be the architect of another; most software developers fit this description. However the roles of user and architect qua roles do not overlap.
Author
Leave a Comment
You must be logged in to post a comment.