Limiting Adversarial Budget in Quantitative Security Assessment

Aleksandr Lenin, Ahto Buldas

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    3 Citations (Scopus)

    Abstract

    We present the results of research of limiting adversarial budget in attack games, and, in particular, in the failure-free attack tree models presented by Buldas-Stepanenko in 2012 and improved in 2013 by Buldas and Lenin. In the previously presented models attacker’s budget was assumed to be unlimited. It is natural to assume that the adversarial budget is limited and such an assumption would allow us to model the adversarial decision making more close to the one that might happen in real life. We analyze three atomic cases – the single atomic case, the atomic AND, and the atomic OR. Even these elementary cases become quite complex, at the same time, limiting adversarial budget does not seem to provide any better or more precise results compared to the failure-free models. For the limited model analysis results to be reliable, it is required that the adversarial reward is estimated with high precision, probably not achievable by providing expert estimations for the quantitative annotations on the attack steps, such as the cost or the success probability. It is doubtful that it is reasonable to face this complexity, as the failure-free model provides reliable upper bounds, being at the same time computationally less complex.
    Original languageEnglish
    Title of host publicationDecision and Game Theory for Security
    Subtitle of host publication5th International Conference, GameSec 2014, Los Angeles, CA, USA, November 6-7, 2014. Proceedings
    EditorsRadha Poovendran, Walid Saad
    Place of PublicationBerlin
    PublisherSpringer
    Pages155-174
    Number of pages20
    ISBN (Electronic)978-3-319-12601-2
    ISBN (Print)978-3-319-12600-5
    DOIs
    Publication statusPublished - Nov 2014
    Event5th International Conference on Decision and Game Theory for Security, GameSec 2014 - Los Angeles, United States
    Duration: 6 Nov 20147 Nov 2014
    Conference number: 5

    Publication series

    NameLecture notes in computer science
    PublisherSpringer
    Volume8840
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    Conference5th International Conference on Decision and Game Theory for Security, GameSec 2014
    Abbreviated titleGameSec
    CountryUnited States
    CityLos Angeles
    Period6/11/147/11/14

    Keywords

    • EC Grant Agreement nr.: FP7/2007-2013
    • EC Grant Agreement nr.: FP7/318003

    Fingerprint Dive into the research topics of 'Limiting Adversarial Budget in Quantitative Security Assessment'. Together they form a unique fingerprint.

  • Cite this

    Lenin, A., & Buldas, A. (2014). Limiting Adversarial Budget in Quantitative Security Assessment. In R. Poovendran, & W. Saad (Eds.), Decision and Game Theory for Security: 5th International Conference, GameSec 2014, Los Angeles, CA, USA, November 6-7, 2014. Proceedings (pp. 155-174). (Lecture notes in computer science; Vol. 8840). Berlin: Springer. https://doi.org/10.1007/978-3-319-12601-2_9