skip to main content
research-article

GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach

Published:10 June 2019Publication History
Skip Abstract Section

Abstract

Trust in a microelectronics-based system can be characterized as the level of confidence that a system is free of subversive alterations made during system development, or that the development process of a system has not been manipulated by a malicious adversary. Trust in systems has become an increasing concern over the past decade. This article presents a novel game-theoretic framework, called GPLADD (Graph-based Probabilistic Learning Attacker and Dynamic Defender), for analyzing and quantifying system trustworthiness at the end of the development process, through the analysis of risk of development-time system manipulation. GPLADD represents attacks and attacker-defender contests over time. It treats time as an explicit constraint and allows incorporating the informational asymmetries between the attacker and defender into analysis. GPLADD includes an explicit representation of attack steps via multi-step attack graphs, attacker and defender strategies, and player actions at different times. GPLADD allows quantifying the attack success probability over time and the attacker and defender costs based on their capabilities and strategies. This ability to quantify different attacks provides an input for evaluation of trust in the development process. We demonstrate GPLADD on an example attack and its variants. We develop a method for representing success probability for arbitrary attacks and derive an explicit analytic characterization of success probability for a specific attack. We present a numeric Monte Carlo study of a small set of attacks, quantify attack success probabilities, attacker and defender costs, and illustrate the options the defender has for limiting the attack success and improving trust in the development process.

References

  1. S. Adee. 2008. The hunt for the kill switch. IEEE Spectrum 45, 5 (2008), 34--39. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar. 2007. Trojan detection using IC fingerprinting. In Proceedings of the IEEE Symposium on Security Privacy. 296--310. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Lawrence M. Ausubel, Peter Cramton, and Paul Milgrom. 2006. The clock-proxy auction: A practical combinatorial auction design. In Combinatorial Auctions, Peter Cramton, Yoav Shoham, and Richard Steinberg (Eds.). MIT Press, Book section 5.Google ScholarGoogle Scholar
  4. T. Başar and G. Olsder. 1998. Dynamic Noncooperative Game Theory (2nd ed.). Society for Industrial and Applied Mathematics. arXiv:https://epubs.siam.org/doi/pdf/10.1137/1.9781611971132Google ScholarGoogle Scholar
  5. R. S. Chakraborty, I. Saha, A. Palchaudhuri, and G. K. Naik. 2013. Hardware trojan insertion by direct modification of FPGA configuration bitstream. IEEE Design Test 30, 2 (2013), 45--54.Google ScholarGoogle ScholarCross RefCross Ref
  6. Yu-Cheng Chen, Dustin Campbell, Vincent Mooney, Santiago Grijalva, Alexander Outkin Brandon Eames, Eric Vugrin, Ryan Helinski, and Benjamin Anthony. 2019. Power grid bad data injection attack modeling in PRESTIGE. In GOMACTech 2019.Google ScholarGoogle Scholar
  7. Dean Collins. 2006. TRUST, a proposed plan for trusted integrated circuits. In Proceedings of GOMACTech-06 Government Microcircuit Applications and Critical Technology Conference. 276--277.Google ScholarGoogle Scholar
  8. Vincent Darley and Alexander V. Outkin. 2007. Nasdaq Market Simulation: Insights on a Major Market from the Science of Complex Adaptive Systems. World Scientific Publishing Co., Inc. 168 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Jia Di and Scott Smith. 2007. A hardware threat modeling concept for trustable integrated circuits. In Proceedings of the 2007 IEEE Region 5 Technical Conference. 65--68.Google ScholarGoogle ScholarCross RefCross Ref
  10. Brandon K. Eames, Alexander V. Outkin, Sarah Walsh, Jackson R. Mayo, Jason R. Hamlet, John M. Eldridge, Robert C. Armstrong, Mathew P. Napier, Gregory D. Wyss, Eric D. Vugrin, and Michael L. Holmes. 2016. Fundamental Trust Analysis. Technical Report SAND2016-11696. Sandia National Laboratories.Google ScholarGoogle Scholar
  11. The Dwight D. Eisenhower School for National Security and Resource Strategy. 2017. 2017 Industry Study: Electronics. Technical Report. National Defense University.Google ScholarGoogle Scholar
  12. Jonathan Graf. 2016a. Toward optimal hardware trojan detection through security economics and game theory. In Proceedings of the 41st Annual GOMACTech Conference. 187--190.Google ScholarGoogle Scholar
  13. Jonathan Graf. 2016b. Trust games: How game theory can guide the development of hardware trojan detection methods. In Proceedings of the 2016 IEEE International Symposium on Hardware Oreinted Security and Trust (HOST’16). IEEE, 91--96.Google ScholarGoogle ScholarCross RefCross Ref
  14. Hannes Holm. 2014. A large-scale study of the time required to compromise a computer system. IEEE Transactions on Dependable and Secure Computing 11, 1 (Jan. 2014), 2--15. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Kyle Ingols, Matthew Chu, Richard Lippmann, Seth Webster, and Stephen Boyer. 2009. Modeling modern network attacks and countermeasures using attack graphs. In Computer Security Applications Conference (ACSAC’09).Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Y. Jin and Y. Makris. 2008. Hardware trojan detection using path delay fingerprint. In Proceedings of the IEEE International Workshop on Hardware-Oriented Security and Trust. 51--57. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Stephen Jones, Alexander Outkin, Jared Gearhart, Jacob Hobbs, John Siirola, Cindy Phillips, Stephen Verzi, Daniel Tauritz, Samuel Mulder, and Asmeret Naugle. 2015. Evaluating Moving Target Defense with Pladd. Technical Report. Sandia National Laboratories (SNL-NM), Albuquerque, NM.Google ScholarGoogle Scholar
  18. C. A. Kamhoua, H. Zhao, M. Rodriguez, and K. A. Kwiat. 2016. A game-theoretic approach for testing for hardware trojans. IEEE Transactions on Multi-Scale Computing Systems 2, 3 (2016), 199--210.Google ScholarGoogle ScholarCross RefCross Ref
  19. Brendan I. Koerner. 2016. Inside the cyberattack that shocked the US government. Wired (October 2016).Google ScholarGoogle Scholar
  20. J. P. McDermott. 2001. Attack net penetration testing. In Proceedings of the 2000 Workshop on New Security Paradigms. ACM Press, New York, pp. 15--21. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. S. Mitra, H. S. P. Wong, and S. Wong. 2015. The trojan-proof chip. IEEE Spectrum 52, 2 (2015), 46--51.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. R. Ellison Moore and R. Linger. 2001. Attack modeling for information security and survivability, Vol. Technical Note CMU/SEI-2001-TN-01. CMU Software Engineering Institute.Google ScholarGoogle Scholar
  23. Steven Noel, Sushil Jajodia, Lingyu Wang, and Anoop Singhal. 2010. Measuring security risk of networks using attack graphs. International Journal of Next-Generation Computing 1, 1 (2010).Google ScholarGoogle Scholar
  24. Alexander Outkin, Stephen Jones, Jared Gearhart, Jacob Hobbs, Cindy Phillips, Stephen Verzi, John Siirola, Daniel Tauritz, Samuel Mulder, and Asmeret Naugle. 2019. PLADD: A Game-Theoretic Model of Attacker-Defender Interaction - Deterrence and Moving Target Defense. Manuscript submitted for publication to the Special Issue on Game Theory For Cyber Security in Computers 8 Security Journal.Google ScholarGoogle Scholar
  25. Marcus Pendleton, Richard Garcia-Lebron, Jin-Hee Cho, and Shouhuai Xu. 2016. A survey on systems security metrics. ACM Computing Surveys 49, 4 (Dec. 2016), Article 62, 35 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. David Pentrack, Neal Levine, Jon Lloyd, and Aman Gahoonia. 2015. Quantifying system trust and microeletronics integrity. In Proceedings of GOMACTech-15 Government Microcircuit Applications and Critical Technology Conference. 211--214.Google ScholarGoogle Scholar
  27. Nayot Poolsappasit, Rinku Dewri, and Indrakshi Ray. 2012. Dynamic security risk management using bayesian attack graphs. IEEE Transactions onDependable and Secure Computing 9 (March 2012), 61--74. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Mike Rogers and C. A. Dutch Ruppersberger. 2012. Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE. Report. U.S. House of Representatives 112th Congress. https://intelligence.house.gov/sites/intelligence.house.gov/files/documents/huawei-zte.Google ScholarGoogle Scholar
  29. S. Roy, C. Ellis, S. Shiva, D. Dasgupta, V. Shandilya, and Q. Wu. 2010. A survey of game theory as applied to network security. In 2010 43rd Hawaii International Conference on System Sciences. 1--10. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. B. Schneier. December, 1999. Attack trees. Dr. Dobbs Journal (December, 1999).Google ScholarGoogle Scholar
  31. L. P. Swiler, C. Phillips, D. Ellis, and S. Chakerian. 2001. Computer-attack graph generation tool. In Proceedings of the 2nd DARPA Information Survivability Conference 8 Exposition (DISCEX II), Vol. II. IEEE Computer Society, Los Alamitos, California, pp. 307--321.Google ScholarGoogle Scholar
  32. Milind Tambe. 2011. Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. U.S. Department of Defense. 2017. A DARPA Aproach to Trsuted Microeletronics. https://www.darpa.mil/attachments/Background_FINAL3.pdfGoogle ScholarGoogle Scholar
  34. U.S. House Rep. 2017. National Defense Authorization Act for Fiscal Yesr 2017. Report. U.S. House of Representatives 114th Congress. https://www.congress.gov/114/crpt/hrpt840/CRPT-114hrpt840.pdf.Google ScholarGoogle Scholar
  35. V. Vovk, A. Takemura, and G. Shafer. 2005. Defensive forecasting. eprint arXiv:cs/0505083 (May 2005).Google ScholarGoogle Scholar
  36. Daniel Wilt, Richard Maitzler, and John DeVale. 2008. Metrics for TRUST in integrated circuits. In Proceedings of GOMACTech-08 Government Microcircuit Applications and Critical Technology Conference. 233--236.Google ScholarGoogle Scholar
  37. G. D. Wyss, J. F. Clem, J. L. Darby, K. Dunphy-Guzman, J. P. Hinton, and K. W. Mitchiner. 2010. Risk-based cost-benefit analysis for security assessment problems. In 44th Annual 2010 IEEE International Carnahan Conference on Security Technology. 286--295.Google ScholarGoogle Scholar
  38. J. Zhang, F. Yuan, L. Wei, Y. Liu, and Q. Xu. 2015. VeriTrust: Verification for hardware trust. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 34, 7 (2015), 1148--1161.Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. P. Ziobro and D. Yardon. 2014. Target now says 70 million people hit in data breach. Wall Street Journal (January 2014).Google ScholarGoogle Scholar

Index Terms

  1. GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach

                Recommendations

                Comments

                Login options

                Check if you have access through your login credentials or your institution to get full access on this article.

                Sign in

                Full Access

                PDF Format

                View or Download as a PDF file.

                PDF

                eReader

                View online with eReader.

                eReader

                HTML Format

                View this article in HTML Format .

                View HTML Format
                About Cookies On This Site

                We use cookies to ensure that we give you the best experience on our website.

                Learn more

                Got it!