Games and Abstraction: The Science of Cyber Security
Project partners:
Imperial College (PI Chris Hankin, Co-I Tom Hoehn, RAs Andrew Fielder and Zeynep Gurguc),
Queen Mary University of London (PI Pasquale Malacaria, Co-I Fabrizio Smeraldi, RA Manos Panousis),
Royal Holloway (PI Carlos Cid).
Background
This project will address the challenge How do we make better security decisions?
Specifically we
propose to develop new approaches to decision support based on game theory. Our work will support
professionals who are designing secure systems and also those charged with determining if systems have
an appropriate level of security – in particular, systems administrators. We will develop techniques
to support human decision making and techniques which enable well-founded security design decisions to be made.
We recognise that the emerging trend away from corporate IT systems towards a Bring-Your-Own- Device
(BYOD) culture will bring new challenges and changes to the role of systems administrator. However,
even in this brave new world, companies will continue to have core assets such as the network
infrastructure and the corporate database which will need the same kind of protection. It is certainly
to be expected that some of the attacks will now originate from inside the corporate firewall rather than
from outside. Our team will include researchers from the Imperial College Business School who will help us
to ensure that our models are properly reflecting these new threats.
Whilst others have used game theoretic approaches to answer these questions, much of the previous work
has been more or less ad hoc. As such the resulting security decisions may be based on unsound principles.
In particular, it is common to use abstractions without giving much consideration to the relationship
between properties of the abstract model and the real system. We will develop a new game theoretic framework
which enables a precise analysis of these relationships and hence provides a more robust decision support tool.