TY - GEN
T1 - Defending against the unknown enemy
T2 - 3rd International Conference on Decision and Game Theory for Security, GameSec 2012
AU - Bowers, K.D.
AU - Van Dijk, M.
AU - Griffin, R.
AU - Juels, A.
AU - Oprea, A.
AU - Rivest, R.L.
AU - Triandopoulos, N.
PY - 2012
Y1 - 2012
N2 - Most cryptographic systems carry the basic assumption that entities are able to preserve the secrecy of their keys. With attacks today showing ever increasing sophistication, however, this tenet is eroding. "Advanced Persistent Threats" (APTs), for instance, leverage zero-day exploits and extensive system knowledge to achieve full compromise of cryptographic keys and other secrets. Such compromise is often silent, with defenders failing to detect the loss of private keys critical to protection of their systems. The growing virulence of today's threats clearly calls for new models of defenders' goals and abilities. In this paper, we explore applications of FlipIt, a novel game-theoretic model of system defense introduced in [14]. In FlipIt, an attacker periodically gains complete control of a system, with the unique feature that system compromises are stealthy, i.e., not immediately detected by the system owner, called the defender. We distill out several lessons from our study of FlipIt and demonstrate their application to several real-world problems, including password reset policies, key rotation, VM refresh and cloud auditing. © 2012 Springer-Verlag.
AB - Most cryptographic systems carry the basic assumption that entities are able to preserve the secrecy of their keys. With attacks today showing ever increasing sophistication, however, this tenet is eroding. "Advanced Persistent Threats" (APTs), for instance, leverage zero-day exploits and extensive system knowledge to achieve full compromise of cryptographic keys and other secrets. Such compromise is often silent, with defenders failing to detect the loss of private keys critical to protection of their systems. The growing virulence of today's threats clearly calls for new models of defenders' goals and abilities. In this paper, we explore applications of FlipIt, a novel game-theoretic model of system defense introduced in [14]. In FlipIt, an attacker periodically gains complete control of a system, with the unique feature that system compromises are stealthy, i.e., not immediately detected by the system owner, called the defender. We distill out several lessons from our study of FlipIt and demonstrate their application to several real-world problems, including password reset policies, key rotation, VM refresh and cloud auditing. © 2012 Springer-Verlag.
UR - http://www.scopus.com/inward/record.url?scp=84869448367&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-34266-0_15
DO - 10.1007/978-3-642-34266-0_15
M3 - Conference contribution
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 248
EP - 263
BT - Decision and Game Theory for Security - Third International Conference, GameSec 2012, Proceedings
Y2 - 5 November 2012 through 6 November 2012
ER -