skip to main content
DOE PAGES title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach

Abstract

Trust in a microelectronics-based system can be characterized as the level of confidence that a system is free of subversive alterations made during system development, or that the development process of a system has not been manipulated by a malicious adversary. Trust in systems has become an increasing concern over the past decade. This report introduces a novel game-theoretic framework, called GPLADD (Graph-based Probabilistic Learning Attacker and Dynamic Defender), for analyzing and quantifying system trustworthiness at the end of the development process, through the analysis of risk of development-time system manipulation. GPLADD represents attacks and attacker-defender contests over time. Here, time is an explicit constraint and allows incorporating the informational asymmetries between the attacker and defender into analysis. GPLADD includes an explicit representation of attack steps via multi-step attack graphs, attacker and defender strategies, and player actions at different times. GPLADD allows quantifying the attack success probability over time and the attacker and defender costs based on their capabilities and strategies. This ability to quantify different attacks provides an input for evaluation of trust in the development process. We demonstrate GPLADD on an example attack and its variants. We develop a method for representing success probability for arbitrary attacks andmore » derive an explicit analytic characterization of success probability for a specific attack. We present a numeric Monte Carlo study of a small set of attacks, quantify attack success probabilities, attacker and defender costs, and illustrate the options the defender has for limiting the attack success and improving trust in the development process.« less

Authors:
 [1];  [1];  [1];  [2];  [1];  [3];  [1];  [1]
  1. Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
  2. Georgia Inst. of Technology, Atlanta, GA (United States)
  3. The Ohio State Univ., Columbus, OH (United States)
Publication Date:
Research Org.:
Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
Sponsoring Org.:
USDOE National Nuclear Security Administration (NNSA)
OSTI Identifier:
1575267
Report Number(s):
SAND-2019-4521J
Journal ID: ISSN 2471-2566; 674919
Grant/Contract Number:  
AC04-94AL85000
Resource Type:
Accepted Manuscript
Journal Name:
ACM Transactions on Privacy and Security
Additional Journal Information:
Journal Volume: 22; Journal Issue: 3; Journal ID: ISSN 2471-2566
Publisher:
American Chemical Society (ACS)
Country of Publication:
United States
Language:
English
Subject:
99 GENERAL AND MISCELLANEOUS; Trust, security; cyber security; physical security; game theory; attacker; defender; attack graphs; 37 attack; stochastic process; probability theory; optimization; Deterrence; Nash equilibrium; optimal policy; PLADD; GPLADD

Citation Formats

Outkin, Alexander V., Eames, Brandon K., Galiardi, Meghan A., Walsh, Sarah, Vugrin, Eric D., Heersink, Byron, Hobbs, Jacob, and Wyss, Gregory D. GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach. United States: N. p., 2019. Web. doi:10.1145/3326283.
Outkin, Alexander V., Eames, Brandon K., Galiardi, Meghan A., Walsh, Sarah, Vugrin, Eric D., Heersink, Byron, Hobbs, Jacob, & Wyss, Gregory D. GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach. United States. doi:https://doi.org/10.1145/3326283
Outkin, Alexander V., Eames, Brandon K., Galiardi, Meghan A., Walsh, Sarah, Vugrin, Eric D., Heersink, Byron, Hobbs, Jacob, and Wyss, Gregory D. Fri . "GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach". United States. doi:https://doi.org/10.1145/3326283. https://www.osti.gov/servlets/purl/1575267.
@article{osti_1575267,
title = {GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach},
author = {Outkin, Alexander V. and Eames, Brandon K. and Galiardi, Meghan A. and Walsh, Sarah and Vugrin, Eric D. and Heersink, Byron and Hobbs, Jacob and Wyss, Gregory D.},
abstractNote = {Trust in a microelectronics-based system can be characterized as the level of confidence that a system is free of subversive alterations made during system development, or that the development process of a system has not been manipulated by a malicious adversary. Trust in systems has become an increasing concern over the past decade. This report introduces a novel game-theoretic framework, called GPLADD (Graph-based Probabilistic Learning Attacker and Dynamic Defender), for analyzing and quantifying system trustworthiness at the end of the development process, through the analysis of risk of development-time system manipulation. GPLADD represents attacks and attacker-defender contests over time. Here, time is an explicit constraint and allows incorporating the informational asymmetries between the attacker and defender into analysis. GPLADD includes an explicit representation of attack steps via multi-step attack graphs, attacker and defender strategies, and player actions at different times. GPLADD allows quantifying the attack success probability over time and the attacker and defender costs based on their capabilities and strategies. This ability to quantify different attacks provides an input for evaluation of trust in the development process. We demonstrate GPLADD on an example attack and its variants. We develop a method for representing success probability for arbitrary attacks and derive an explicit analytic characterization of success probability for a specific attack. We present a numeric Monte Carlo study of a small set of attacks, quantify attack success probabilities, attacker and defender costs, and illustrate the options the defender has for limiting the attack success and improving trust in the development process.},
doi = {10.1145/3326283},
journal = {ACM Transactions on Privacy and Security},
number = 3,
volume = 22,
place = {United States},
year = {2019},
month = {7}
}

Journal Article:
Free Publicly Available Full Text
Publisher's Version of Record

Save / Share:

Works referenced in this record:

Modeling Modern Network Attacks and Countermeasures Using Attack Graphs
conference, December 2009

  • Ingols, Kyle; Chu, Matthew; Lippmann, Richard
  • 2009 Annual Computer Security Applications Conference (ACSAC)
  • DOI: 10.1109/ACSAC.2009.21

Dynamic Security Risk Management Using Bayesian Attack Graphs
journal, January 2012

  • Poolsappasit, N.; Dewri, R.; Ray, I.
  • IEEE Transactions on Dependable and Secure Computing, Vol. 9, Issue 1
  • DOI: 10.1109/TDSC.2011.34

Game theory for security: Key algorithmic principles, deployed systems, lessons learned
conference, October 2012

  • Tambe, Milind; Jain, Manish; Pita, James Adam
  • 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton)
  • DOI: 10.1109/Allerton.2012.6483443

Hardware Trojan Insertion by Direct Modification of FPGA Configuration Bitstream
journal, April 2013


A Hardware Threat Modeling Concept for Trustable Integrated Circuits
conference, April 2007


Trust games: How game theory can guide the development of hardware Trojan detection methods
conference, May 2016

  • Graf, Jonathan
  • 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
  • DOI: 10.1109/HST.2016.7495563

Attack net penetration testing
conference, January 2000

  • McDermott, J. P.
  • Proceedings of the 2000 workshop on New security paradigms - NSPW '00
  • DOI: 10.1145/366173.366183

Attack Modeling for Information Security and Survivability
text, January 2018


Trojan Detection using IC Fingerprinting
conference, May 2007

  • Agrawal, Dakshi; Baktir, Selcuk; Karakoyunlu, Deniz
  • 2007 IEEE Symposium on Security and Privacy (SP '07)
  • DOI: 10.1109/SP.2007.36

The Hunt For The Kill Switch
journal, May 2008


A Large-Scale Study of the Time Required to Compromise a Computer System
journal, January 2014

  • Holm, Hannes
  • IEEE Transactions on Dependable and Secure Computing, Vol. 11, Issue 1
  • DOI: 10.1109/TDSC.2013.21

A Survey of Game Theory as Applied to Network Security
conference, January 2010

  • Roy, Sankardas; Ellis, Charles; Shiva, Sajjan
  • 2010 43rd Hawaii International Conference on System Sciences
  • DOI: 10.1109/HICSS.2010.35

A Survey on Systems Security Metrics
journal, December 2016

  • Pendleton, Marcus; Garcia-Lebron, Richard; Cho, Jin-Hee
  • ACM Computing Surveys, Vol. 49, Issue 4
  • DOI: 10.1145/3005714

The Trojan-proof chip
journal, February 2015


Risk-based cost-benefit analysis for security assessment problems
conference, October 2010

  • Wyss, Gregory D.; Clem, John F.; Darby, John L.
  • 2010 IEEE International Carnahan Conference on Security Technology (ICCST), 44th Annual 2010 IEEE International Carnahan Conference on Security Technology
  • DOI: 10.1109/CCST.2010.5678687

A Game-Theoretic Approach for Testing for Hardware Trojans
journal, July 2016

  • Kamhoua, Charles A.; Zhao, Hong; Rodriguez, Manuel
  • IEEE Transactions on Multi-Scale Computing Systems, Vol. 2, Issue 3
  • DOI: 10.1109/TMSCS.2016.2564963

    Works referencing / citing this record:

    Game theory for security: Key algorithmic principles, deployed systems, lessons learned
    conference, October 2012

    • Tambe, Milind; Jain, Manish; Pita, James Adam
    • 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton)
    • DOI: 10.1109/allerton.2012.6483443

    Trojan Detection using IC Fingerprinting
    conference, May 2007

    • Agrawal, Dakshi; Baktir, Selcuk; Karakoyunlu, Deniz
    • 2007 IEEE Symposium on Security and Privacy (SP '07)
    • DOI: 10.1109/sp.2007.36

    A Large-Scale Study of the Time Required to Compromise a Computer System
    journal, January 2014

    • Holm, Hannes
    • IEEE Transactions on Dependable and Secure Computing, Vol. 11, Issue 1
    • DOI: 10.1109/tdsc.2013.21

    A Hardware Threat Modeling Concept for Trustable Integrated Circuits
    conference, April 2007


    A Survey of Game Theory as Applied to Network Security
    conference, January 2010

    • Roy, Sankardas; Ellis, Charles; Shiva, Sajjan
    • 2010 43rd Hawaii International Conference on System Sciences
    • DOI: 10.1109/hicss.2010.35

    A Survey on Systems Security Metrics
    journal, December 2016

    • Pendleton, Marcus; Garcia-Lebron, Richard; Cho, Jin-Hee
    • ACM Computing Surveys, Vol. 49, Issue 4
    • DOI: 10.1145/3005714

    Risk-based cost-benefit analysis for security assessment problems
    conference, October 2010

    • Wyss, Gregory D.; Clem, John F.; Darby, John L.
    • 2010 IEEE International Carnahan Conference on Security Technology (ICCST), 44th Annual 2010 IEEE International Carnahan Conference on Security Technology
    • DOI: 10.1109/ccst.2010.5678687

    Dynamic Security Risk Management Using Bayesian Attack Graphs
    journal, January 2012

    • Poolsappasit, N.; Dewri, R.; Ray, I.
    • IEEE Transactions on Dependable and Secure Computing, Vol. 9, Issue 1
    • DOI: 10.1109/tdsc.2011.34

    Modeling Modern Network Attacks and Countermeasures Using Attack Graphs
    conference, December 2009

    • Ingols, Kyle; Chu, Matthew; Lippmann, Richard
    • 2009 Annual Computer Security Applications Conference (ACSAC)
    • DOI: 10.1109/acsac.2009.21