GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach

Outkin, Alexander V.; Eames, Brandon K.; Galiardi, Meghan A.; Walsh, Sarah; Vugrin, Eric D.; Heersink, Byron; Hobbs, Jacob; Wyss, Gregory D.

doi:10.1145/3326283

Title: GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach

Abstract

Trust in a microelectronics-based system can be characterized as the level of confidence that a system is free of subversive alterations made during system development, or that the development process of a system has not been manipulated by a malicious adversary. Trust in systems has become an increasing concern over the past decade. This report introduces a novel game-theoretic framework, called GPLADD (Graph-based Probabilistic Learning Attacker and Dynamic Defender), for analyzing and quantifying system trustworthiness at the end of the development process, through the analysis of risk of development-time system manipulation. GPLADD represents attacks and attacker-defender contests over time. Here, time is an explicit constraint and allows incorporating the informational asymmetries between the attacker and defender into analysis. GPLADD includes an explicit representation of attack steps via multi-step attack graphs, attacker and defender strategies, and player actions at different times. GPLADD allows quantifying the attack success probability over time and the attacker and defender costs based on their capabilities and strategies. This ability to quantify different attacks provides an input for evaluation of trust in the development process. We demonstrate GPLADD on an example attack and its variants. We develop a method for representing success probability for arbitrary attacks andmore »« less

Authors:

Outkin, Alexander V. ^[1]; Eames, Brandon K. ^[1]; Galiardi, Meghan A. ^[1]; Walsh, Sarah ^[2]; Vugrin, Eric D. ^[1]; Heersink, Byron ^[3]; Hobbs, Jacob ^[1]; Wyss, Gregory D. ^[1]

Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
Georgia Inst. of Technology, Atlanta, GA (United States)
The Ohio State Univ., Columbus, OH (United States)

Publication Date:: Fri Jul 19 00:00:00 EDT 2019

Research Org.:: Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

Sponsoring Org.:: USDOE National Nuclear Security Administration (NNSA)

OSTI Identifier:: 1575267

Report Number(s):: SAND-2019-4521J
Journal ID: ISSN 2471-2566; 674919

Grant/Contract Number:: AC04-94AL85000

Resource Type:: Accepted Manuscript

Journal Name:: ACM Transactions on Privacy and Security

Additional Journal Information:: Journal Volume: 22; Journal Issue: 3; Journal ID: ISSN 2471-2566

Publisher:: American Chemical Society (ACS)

Country of Publication:: United States

Language:: English

Subject:: 99 GENERAL AND MISCELLANEOUS; Trust, security; cyber security; physical security; game theory; attacker; defender; attack graphs; 37 attack; stochastic process; probability theory; optimization; Deterrence; Nash equilibrium; optimal policy; PLADD; GPLADD

Citation Formats


                    Outkin, Alexander V., Eames, Brandon K., Galiardi, Meghan A., Walsh, Sarah, Vugrin, Eric D., Heersink, Byron, Hobbs, Jacob, and Wyss, Gregory D. GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach.  United States: N. p., 2019. 
Web.  doi:10.1145/3326283.

Copy to clipboard


                    Outkin, Alexander V., Eames, Brandon K., Galiardi, Meghan A., Walsh, Sarah, Vugrin, Eric D., Heersink, Byron, Hobbs, Jacob, & Wyss, Gregory D. GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach.  United States.  https://doi.org/10.1145/3326283

Copy to clipboard


                    Outkin, Alexander V., Eames, Brandon K., Galiardi, Meghan A., Walsh, Sarah, Vugrin, Eric D., Heersink, Byron, Hobbs, Jacob, and Wyss, Gregory D. Fri .  
"GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach".  United States.  https://doi.org/10.1145/3326283.  https://www.osti.gov/servlets/purl/1575267.

Copy to clipboard


                    
@article{osti_1575267,

  title        = {GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach},

  author       = {Outkin, Alexander V. and Eames, Brandon K. and Galiardi, Meghan A. and Walsh, Sarah and Vugrin, Eric D. and Heersink, Byron and Hobbs, Jacob and Wyss, Gregory D.},

  abstractNote = {Trust in a microelectronics-based system can be characterized as the level of confidence that a system is free of subversive alterations made during system development, or that the development process of a system has not been manipulated by a malicious adversary. Trust in systems has become an increasing concern over the past decade. This report introduces a novel game-theoretic framework, called GPLADD (Graph-based Probabilistic Learning Attacker and Dynamic Defender), for analyzing and quantifying system trustworthiness at the end of the development process, through the analysis of risk of development-time system manipulation. GPLADD represents attacks and attacker-defender contests over time. Here, time is an explicit constraint and allows incorporating the informational asymmetries between the attacker and defender into analysis. GPLADD includes an explicit representation of attack steps via multi-step attack graphs, attacker and defender strategies, and player actions at different times. GPLADD allows quantifying the attack success probability over time and the attacker and defender costs based on their capabilities and strategies. This ability to quantify different attacks provides an input for evaluation of trust in the development process. We demonstrate GPLADD on an example attack and its variants. We develop a method for representing success probability for arbitrary attacks and derive an explicit analytic characterization of success probability for a specific attack. We present a numeric Monte Carlo study of a small set of attacks, quantify attack success probabilities, attacker and defender costs, and illustrate the options the defender has for limiting the attack success and improving trust in the development process.},

  doi          = {10.1145/3326283},

  journal      = {ACM Transactions on Privacy and Security},

  number       = 3,

  volume       = 22,

  place        = {United States},

  year         = {Fri Jul 19 00:00:00 EDT 2019},

  month        = {Fri Jul 19 00:00:00 EDT 2019}

}

Copy to clipboard

Journal Article:

Free Publicly Available Full Text

Accepted Manuscript (DOE)

Publisher's Version of Record

https://doi.org/10.1145/3326283

Other availability

Search WorldCat to find libraries that may hold this journal

Citation Metrics:

Cited by: 3 works

Citation information provided by
Web of Science

Figures / Tables:

Fig. 1: PLADD Game: blue indicates defender control, red shows attacker control

All figures and tables (16 total)

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Modeling Modern Network Attacks and Countermeasures Using Attack Graphs
conference, December 2009

Ingols, Kyle; Chu, Matthew; Lippmann, Richard
2009 Annual Computer Security Applications Conference (ACSAC)
DOI: 10.1109/ACSAC.2009.21

Dynamic Security Risk Management Using Bayesian Attack Graphs
journal, January 2012

Poolsappasit, N.; Dewri, R.; Ray, I.
IEEE Transactions on Dependable and Secure Computing, Vol. 9, Issue 1
DOI: 10.1109/TDSC.2011.34

Game theory for security: Key algorithmic principles, deployed systems, lessons learned
conference, October 2012

Tambe, Milind; Jain, Manish; Pita, James Adam
2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton)
DOI: 10.1109/Allerton.2012.6483443

Hardware Trojan Insertion by Direct Modification of FPGA Configuration Bitstream
journal, April 2013

Chakraborty, R. S.; Saha, I.; Palchaudhuri, A.
IEEE Design & Test, Vol. 30, Issue 2
DOI: 10.1109/MDT.2013.2247460

A Hardware Threat Modeling Concept for Trustable Integrated Circuits
conference, April 2007

Di, Jia; Smith, Scott
2007 IEEE Region 5 Technical Conference
DOI: 10.1109/TPSD.2007.4380353

Trust games: How game theory can guide the development of hardware Trojan detection methods
conference, May 2016

Graf, Jonathan
2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
DOI: 10.1109/HST.2016.7495563

Attack net penetration testing
conference, January 2000

McDermott, J. P.
Proceedings of the 2000 workshop on New security paradigms - NSPW '00
DOI: 10.1145/366173.366183

Trojan Detection using IC Fingerprinting
conference, May 2007

Agrawal, Dakshi; Baktir, Selcuk; Karakoyunlu, Deniz
2007 IEEE Symposium on Security and Privacy (SP '07)
DOI: 10.1109/SP.2007.36

The Hunt For The Kill Switch
journal, May 2008

Adee, Sally
IEEE Spectrum, Vol. 45, Issue 5
DOI: 10.1109/MSPEC.2008.4505310

A Large-Scale Study of the Time Required to Compromise a Computer System
journal, January 2014

Holm, Hannes
IEEE Transactions on Dependable and Secure Computing, Vol. 11, Issue 1
DOI: 10.1109/TDSC.2013.21

A Survey of Game Theory as Applied to Network Security
conference, January 2010

Roy, Sankardas; Ellis, Charles; Shiva, Sajjan
2010 43rd Hawaii International Conference on System Sciences
DOI: 10.1109/HICSS.2010.35

A Survey on Systems Security Metrics
journal, December 2016

Pendleton, Marcus; Garcia-Lebron, Richard; Cho, Jin-Hee
ACM Computing Surveys, Vol. 49, Issue 4
DOI: 10.1145/3005714

The Trojan-proof chip
journal, February 2015

Mitra, Subhasish; Wong, H. -S. Philip; Wong, Simon
IEEE Spectrum, Vol. 52, Issue 2
DOI: 10.1109/MSPEC.2015.7024511

Risk-based cost-benefit analysis for security assessment problems
conference, October 2010

Wyss, Gregory D.; Clem, John F.; Darby, John L.
2010 IEEE International Carnahan Conference on Security Technology (ICCST), 44th Annual 2010 IEEE International Carnahan Conference on Security Technology
DOI: 10.1109/CCST.2010.5678687

A Game-Theoretic Approach for Testing for Hardware Trojans
journal, July 2016

Kamhoua, Charles A.; Zhao, Hong; Rodriguez, Manuel
IEEE Transactions on Multi-Scale Computing Systems, Vol. 2, Issue 3
DOI: 10.1109/TMSCS.2016.2564963

Attack Modeling for Information Security and Survivability
text, January 2018

Moore, Andrew P.; Ellison, Robert J.; Linger, Richard C.
Figshare
DOI: 10.1184/r1/6572063.v1

Attack Modeling for Information Security and Survivability
text, January 2001

Moore, Andrew P.; Ellison, Robert J.; Linger, Richard C.
Carnegie Mellon University
DOI: 10.1184/r1/6572063

Figures / Tables found in this record:

Figures/Tables have been extracted from DOE-funded journal article accepted manuscripts.

Similar Records in DOE PAGES and OSTI.GOV collections:

Attack detection and strategy optimization in game-theoretic trust models

Technical Report Galiardi, Meghan A. ; Vugrin, Eric D. ; Outkin, Alexander V. ; ...

Trust in a microelectronics-based systems can be characterized as the level of confidence that the system is free of subversive alterations inserted by a malicious adversary during system development. Outkin et al. recently developed GPLADD, a game-theoretic framework that enables trust analysis through a set of mathematical models that represent multi-step attack graphs and contention between system attackers and defenders. This paper extends GPLADD to include detection of attacks on development processes and defender decision processes that occur in response to detection events. The paper provides mathematical details for implementing attack detection and demonstrates the models on an example system.more »« less
https://doi.org/10.2172/1569343

Full Text Available
Cyber Threat Screening Using a Queuing-Based Game-Theoretic Approach

Journal Article Bhattacharya, Arnab ; Bopardikar, Shaunak ; Chatterjee, Samrat ; ... - Journal of Information Warfare

Dynamic and uncertain security environments, such as cyber systems, often involve strategic interactions among multiple decision-making agents. In this paper, we consider a cybersecurity setting where a system administrator (defender) has to screen malicious service requests of an attacker who seeks to exhaust available cyber resources and inconvenience users with normal requests. We propose a novel cyber-threat inspection model, based on Stackelberg games, that unies aspects of Threat Security Games with the Erlang-B queuing framework to provide equilibrium strategies for both the attacker and defender. In our proposed model, the defender seeks to determine the optimal number of inspection nodesmore »« less
Cyber risk assessment and investment optimization using game theory and ML-based anomaly detection and mitigation for wide-area control in smart grids

Other Hyder, Burhan

The electric power grid is increasingly becoming susceptible to cyber attacks that exploit vulnerabilities in the smart grid control, information, and physical layers. Successful cyber attacks can have catastrophic impacts on the social and economic well-being of any nation all over the globe. It has, thus, become imperative to secure the smart grid against such adversarial actions to ensure stable, secure, and reliable operation of the grid. The existing research and industry practices prove to be inadequate in terms of providing pragmatic and effective defense methodologies and measures for long-term cybersecurity planning and real-time cybersecurity for grid operation. For example,more »« less
Automated Adversary-in-the-Loop Cyber-Physical Defense Planning

Journal Article Banik, Sandeep ; Ramachandran, Thiagarajan ; Bhattacharya, Arnab ; ... - ACM Transactions on Cyber-Physical Systems

Security of cyber-physical systems (CPS) continues to pose new challenges due to the tight integration and operational complexity of the cyber and physical components. To address these challenges, this article presents a domain-aware, optimization-based approach to determine an effective defense strategy for CPS in an automated fashion—by emulating a strategic adversary in the loop that exploits system vulnerabilities, interconnection of the CPS, and the dynamics of the physical components. Our approach builds on an adversarial decision-making model based on a Markov Decision Process (MDP) that determines the optimal cyber (discrete) and physical (continuous) attack actions over a CPS attack graph.more »« less
https://doi.org/10.1145/3596222
M3CT-23IN1105035 - Protecting and Defending against Autonomous Control Systems and Digital Twin Cyber Attacks (Final)

Technical Report Spirito, Christopher M ; Zhang, Fan ; Hossain, Md. Musabbir

Navigating through the complex tapestry of technological advancements, "Response Strategy for Hyperparameter attacks of Digital Twin Machine Learning Model in Nuclear Power Plants" stands at the intersection of cybersecurity and nuclear power plant operations, embarking on a journey through the intricacies of securing digital twins against malicious cyber activities. As nuclear power plants progressively integrate digital twin technology and machine learning models to optimize operations and ensure system reliability, they inadvertently expose themselves to a new spectrum of vulnerabilities, notably in the realm of hyperparameter attacks. Hyperparameters, integral in machine learning model tuning and optimal performance of digital twins, havemore »« less
https://doi.org/10.2172/2331253

Full Text Available

Similar Records

Title: GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach

Abstract

Citation Formats

Figures / Tables:

Modeling Modern Network Attacks and Countermeasures Using Attack Graphs conference, December 2009

Dynamic Security Risk Management Using Bayesian Attack Graphs journal, January 2012

Game theory for security: Key algorithmic principles, deployed systems, lessons learned conference, October 2012

Hardware Trojan Insertion by Direct Modification of FPGA Configuration Bitstream journal, April 2013

A Hardware Threat Modeling Concept for Trustable Integrated Circuits conference, April 2007

Trust games: How game theory can guide the development of hardware Trojan detection methods conference, May 2016

Attack net penetration testing conference, January 2000

Trojan Detection using IC Fingerprinting conference, May 2007

The Hunt For The Kill Switch journal, May 2008

A Large-Scale Study of the Time Required to Compromise a Computer System journal, January 2014

A Survey of Game Theory as Applied to Network Security conference, January 2010

A Survey on Systems Security Metrics journal, December 2016

The Trojan-proof chip journal, February 2015

Risk-based cost-benefit analysis for security assessment problems conference, October 2010

A Game-Theoretic Approach for Testing for Hardware Trojans journal, July 2016

Attack Modeling for Information Security and Survivability text, January 2018

Attack Modeling for Information Security and Survivability text, January 2001

Modeling Modern Network Attacks and Countermeasures Using Attack Graphs
conference, December 2009

Dynamic Security Risk Management Using Bayesian Attack Graphs
journal, January 2012

Game theory for security: Key algorithmic principles, deployed systems, lessons learned
conference, October 2012

Hardware Trojan Insertion by Direct Modification of FPGA Configuration Bitstream
journal, April 2013

A Hardware Threat Modeling Concept for Trustable Integrated Circuits
conference, April 2007

Trust games: How game theory can guide the development of hardware Trojan detection methods
conference, May 2016

Attack net penetration testing
conference, January 2000

Trojan Detection using IC Fingerprinting
conference, May 2007

The Hunt For The Kill Switch
journal, May 2008

A Large-Scale Study of the Time Required to Compromise a Computer System
journal, January 2014

A Survey of Game Theory as Applied to Network Security
conference, January 2010

A Survey on Systems Security Metrics
journal, December 2016

The Trojan-proof chip
journal, February 2015

Risk-based cost-benefit analysis for security assessment problems
conference, October 2010

A Game-Theoretic Approach for Testing for Hardware Trojans
journal, July 2016

Attack Modeling for Information Security and Survivability
text, January 2018

Attack Modeling for Information Security and Survivability
text, January 2001