Home Cybersecurity

Ziad Ismaïl, Jean Leneutre, Alia Fourati

Proc. of the 14th European Dependable Computing Conference (EDCC), September 2018.
DOI: 10.1109/EDCC.2018.00030

Abstract: The management of security resources in a system always comes with a tradeoff. Given technical and budget constraints, the defender focuses on deploying the set of security countermeasures that offer the best level of system protection. However, optimizing the configuration and deployment of defense countermeasures for efficient attack detection and mitigation remains a challenging task. In this paper, we leverage the information present in an attack graph, representing the evolution of the state of the attacker in the system, to tackle the problem of finding the optimal security policy that offers the maximum level of system protection. Our solution can be used to assist asset owners to prioritize the deployment of security countermeasures and respond to intrusions efficiently. We validate our approach on an Advanced Metering Infrastructure (AMI) case study.

Ziad Ismaïl, Jean Leneutre, David Bateman, Lin Chen

Book chapter in Game Theory for Security and Risk Management
Stefan Rass, Stefan Schauer (Editors)
ISBN 978-3-319-75268-6

Abstract: In complex interdependent systems, the interactions between the attacker and the defender play an important role in defining the optimal defense strategy. In this context, game theory offers a mathematical framework to study interactions between different players with the same or conflicting interests. For example, Law et al. [20] investigate false data injection attacks on the power grid and formulate the problem as a stochastic security game between an attacker and a defender. Amin et al. [21] present a framework to assess risks to cyber-physical systems when interdependencies between information and physical systems may result in correlated failures.

In this chapter, we address the issue of the security risk management of interdependent communication and electric infrastructures in the smart grid by proposing an analytical model for hardening security on critical communication equipment used to control the power grid. Using noncooperative game theory, we analyze the behavior of an attacker and a defender. The attacker tries to compromise communication equipment to cause the maximum impact on the power grid. On the other hand, the defender tries to protect the power system by hardening the security on communication equipment, while taking into account the existence of backup control equipment in the communication infrastructure. In [22] and [23], we proposed an analytical model based on game theory for optimizing the distribution of defense resources on communication equipment taking into account the interdependencies between electric and communication infrastructures and defined a methodology to assess some of the parameters of the model. In this chapter, we make a number of extensions to this model in an attempt to answer the following questions: Is security by obscurity a good strategy for the defender? Under which conditions can a player guarantee a certain payoff? How can we strategically assess the initial security risk on communication equipment? Is deception required from the part of the defender to better protect the system? As we will see, while some of these questions can be analyzed analytically in the general case, some answers to these questions are system dependent and will therefore be analyzed in the case study. Throughout this chapter, the communication system refers to the telecommunication infrastructure responsible of controlling and monitoring the electric system.