Abstract
Trust in a microelectronics-based system can be characterized as the level of confidence that a system is free of subversive alterations made during system development, or that the development process of a system has not been manipulated by a malicious adversary. Trust in systems has become an increasing concern over the past decade. This article presents a novel game-theoretic framework, called GPLADD (Graph-based Probabilistic Learning Attacker and Dynamic Defender), for analyzing and quantifying system trustworthiness at the end of the development process, through the analysis of risk of development-time system manipulation. GPLADD represents attacks and attacker-defender contests over time. It treats time as an explicit constraint and allows incorporating the informational asymmetries between the attacker and defender into analysis. GPLADD includes an explicit representation of attack steps via multi-step attack graphs, attacker and defender strategies, and player actions at different times. GPLADD allows quantifying the attack success probability over time and the attacker and defender costs based on their capabilities and strategies. This ability to quantify different attacks provides an input for evaluation of trust in the development process. We demonstrate GPLADD on an example attack and its variants. We develop a method for representing success probability for arbitrary attacks and derive an explicit analytic characterization of success probability for a specific attack. We present a numeric Monte Carlo study of a small set of attacks, quantify attack success probabilities, attacker and defender costs, and illustrate the options the defender has for limiting the attack success and improving trust in the development process.
- S. Adee. 2008. The hunt for the kill switch. IEEE Spectrum 45, 5 (2008), 34--39. Google Scholar
Digital Library
- D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar. 2007. Trojan detection using IC fingerprinting. In Proceedings of the IEEE Symposium on Security Privacy. 296--310. Google Scholar
Digital Library
- Lawrence M. Ausubel, Peter Cramton, and Paul Milgrom. 2006. The clock-proxy auction: A practical combinatorial auction design. In Combinatorial Auctions, Peter Cramton, Yoav Shoham, and Richard Steinberg (Eds.). MIT Press, Book section 5.Google Scholar
- T. Başar and G. Olsder. 1998. Dynamic Noncooperative Game Theory (2nd ed.). Society for Industrial and Applied Mathematics. arXiv:https://epubs.siam.org/doi/pdf/10.1137/1.9781611971132Google Scholar
- R. S. Chakraborty, I. Saha, A. Palchaudhuri, and G. K. Naik. 2013. Hardware trojan insertion by direct modification of FPGA configuration bitstream. IEEE Design Test 30, 2 (2013), 45--54.Google Scholar
Cross Ref
- Yu-Cheng Chen, Dustin Campbell, Vincent Mooney, Santiago Grijalva, Alexander Outkin Brandon Eames, Eric Vugrin, Ryan Helinski, and Benjamin Anthony. 2019. Power grid bad data injection attack modeling in PRESTIGE. In GOMACTech 2019.Google Scholar
- Dean Collins. 2006. TRUST, a proposed plan for trusted integrated circuits. In Proceedings of GOMACTech-06 Government Microcircuit Applications and Critical Technology Conference. 276--277.Google Scholar
- Vincent Darley and Alexander V. Outkin. 2007. Nasdaq Market Simulation: Insights on a Major Market from the Science of Complex Adaptive Systems. World Scientific Publishing Co., Inc. 168 pages. Google Scholar
Digital Library
- Jia Di and Scott Smith. 2007. A hardware threat modeling concept for trustable integrated circuits. In Proceedings of the 2007 IEEE Region 5 Technical Conference. 65--68.Google Scholar
Cross Ref
- Brandon K. Eames, Alexander V. Outkin, Sarah Walsh, Jackson R. Mayo, Jason R. Hamlet, John M. Eldridge, Robert C. Armstrong, Mathew P. Napier, Gregory D. Wyss, Eric D. Vugrin, and Michael L. Holmes. 2016. Fundamental Trust Analysis. Technical Report SAND2016-11696. Sandia National Laboratories.Google Scholar
- The Dwight D. Eisenhower School for National Security and Resource Strategy. 2017. 2017 Industry Study: Electronics. Technical Report. National Defense University.Google Scholar
- Jonathan Graf. 2016a. Toward optimal hardware trojan detection through security economics and game theory. In Proceedings of the 41st Annual GOMACTech Conference. 187--190.Google Scholar
- Jonathan Graf. 2016b. Trust games: How game theory can guide the development of hardware trojan detection methods. In Proceedings of the 2016 IEEE International Symposium on Hardware Oreinted Security and Trust (HOST’16). IEEE, 91--96.Google Scholar
Cross Ref
- Hannes Holm. 2014. A large-scale study of the time required to compromise a computer system. IEEE Transactions on Dependable and Secure Computing 11, 1 (Jan. 2014), 2--15. Google Scholar
Digital Library
- Kyle Ingols, Matthew Chu, Richard Lippmann, Seth Webster, and Stephen Boyer. 2009. Modeling modern network attacks and countermeasures using attack graphs. In Computer Security Applications Conference (ACSAC’09).Google Scholar
Digital Library
- Y. Jin and Y. Makris. 2008. Hardware trojan detection using path delay fingerprint. In Proceedings of the IEEE International Workshop on Hardware-Oriented Security and Trust. 51--57. Google Scholar
Digital Library
- Stephen Jones, Alexander Outkin, Jared Gearhart, Jacob Hobbs, John Siirola, Cindy Phillips, Stephen Verzi, Daniel Tauritz, Samuel Mulder, and Asmeret Naugle. 2015. Evaluating Moving Target Defense with Pladd. Technical Report. Sandia National Laboratories (SNL-NM), Albuquerque, NM.Google Scholar
- C. A. Kamhoua, H. Zhao, M. Rodriguez, and K. A. Kwiat. 2016. A game-theoretic approach for testing for hardware trojans. IEEE Transactions on Multi-Scale Computing Systems 2, 3 (2016), 199--210.Google Scholar
Cross Ref
- Brendan I. Koerner. 2016. Inside the cyberattack that shocked the US government. Wired (October 2016).Google Scholar
- J. P. McDermott. 2001. Attack net penetration testing. In Proceedings of the 2000 Workshop on New Security Paradigms. ACM Press, New York, pp. 15--21. Google Scholar
Digital Library
- S. Mitra, H. S. P. Wong, and S. Wong. 2015. The trojan-proof chip. IEEE Spectrum 52, 2 (2015), 46--51.Google Scholar
Digital Library
- R. Ellison Moore and R. Linger. 2001. Attack modeling for information security and survivability, Vol. Technical Note CMU/SEI-2001-TN-01. CMU Software Engineering Institute.Google Scholar
- Steven Noel, Sushil Jajodia, Lingyu Wang, and Anoop Singhal. 2010. Measuring security risk of networks using attack graphs. International Journal of Next-Generation Computing 1, 1 (2010).Google Scholar
- Alexander Outkin, Stephen Jones, Jared Gearhart, Jacob Hobbs, Cindy Phillips, Stephen Verzi, John Siirola, Daniel Tauritz, Samuel Mulder, and Asmeret Naugle. 2019. PLADD: A Game-Theoretic Model of Attacker-Defender Interaction - Deterrence and Moving Target Defense. Manuscript submitted for publication to the Special Issue on Game Theory For Cyber Security in Computers 8 Security Journal.Google Scholar
- Marcus Pendleton, Richard Garcia-Lebron, Jin-Hee Cho, and Shouhuai Xu. 2016. A survey on systems security metrics. ACM Computing Surveys 49, 4 (Dec. 2016), Article 62, 35 pages. Google Scholar
Digital Library
- David Pentrack, Neal Levine, Jon Lloyd, and Aman Gahoonia. 2015. Quantifying system trust and microeletronics integrity. In Proceedings of GOMACTech-15 Government Microcircuit Applications and Critical Technology Conference. 211--214.Google Scholar
- Nayot Poolsappasit, Rinku Dewri, and Indrakshi Ray. 2012. Dynamic security risk management using bayesian attack graphs. IEEE Transactions onDependable and Secure Computing 9 (March 2012), 61--74. Google Scholar
Digital Library
- Mike Rogers and C. A. Dutch Ruppersberger. 2012. Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE. Report. U.S. House of Representatives 112th Congress. https://intelligence.house.gov/sites/intelligence.house.gov/files/documents/huawei-zte.Google Scholar
- S. Roy, C. Ellis, S. Shiva, D. Dasgupta, V. Shandilya, and Q. Wu. 2010. A survey of game theory as applied to network security. In 2010 43rd Hawaii International Conference on System Sciences. 1--10. Google Scholar
Digital Library
- B. Schneier. December, 1999. Attack trees. Dr. Dobbs Journal (December, 1999).Google Scholar
- L. P. Swiler, C. Phillips, D. Ellis, and S. Chakerian. 2001. Computer-attack graph generation tool. In Proceedings of the 2nd DARPA Information Survivability Conference 8 Exposition (DISCEX II), Vol. II. IEEE Computer Society, Los Alamitos, California, pp. 307--321.Google Scholar
- Milind Tambe. 2011. Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press. Google Scholar
Digital Library
- U.S. Department of Defense. 2017. A DARPA Aproach to Trsuted Microeletronics. https://www.darpa.mil/attachments/Background_FINAL3.pdfGoogle Scholar
- U.S. House Rep. 2017. National Defense Authorization Act for Fiscal Yesr 2017. Report. U.S. House of Representatives 114th Congress. https://www.congress.gov/114/crpt/hrpt840/CRPT-114hrpt840.pdf.Google Scholar
- V. Vovk, A. Takemura, and G. Shafer. 2005. Defensive forecasting. eprint arXiv:cs/0505083 (May 2005).Google Scholar
- Daniel Wilt, Richard Maitzler, and John DeVale. 2008. Metrics for TRUST in integrated circuits. In Proceedings of GOMACTech-08 Government Microcircuit Applications and Critical Technology Conference. 233--236.Google Scholar
- G. D. Wyss, J. F. Clem, J. L. Darby, K. Dunphy-Guzman, J. P. Hinton, and K. W. Mitchiner. 2010. Risk-based cost-benefit analysis for security assessment problems. In 44th Annual 2010 IEEE International Carnahan Conference on Security Technology. 286--295.Google Scholar
- J. Zhang, F. Yuan, L. Wei, Y. Liu, and Q. Xu. 2015. VeriTrust: Verification for hardware trust. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 34, 7 (2015), 1148--1161.Google Scholar
Digital Library
- P. Ziobro and D. Yardon. 2014. Target now says 70 million people hit in data breach. Wall Street Journal (January 2014).Google Scholar
Index Terms
GPLADD: Quantifying Trust in Government and Commercial Systems A Game-Theoretic Approach
Recommendations
GTM: Game Theoretic Methodology for optimal cybersecurity defending strategies and investments
ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and SecurityInvestments on cybersecurity are essential for organizations to protect operational activities, develop trust relationships with clients, and maintain financial stability. A cybersecurity breach can lead to financial losses as well as to damage the ...
Defending Cyber-Physical Attacks on Oil Pipeline Systems: A Game-Theoretic Approach
PrAISe '16: Proceedings of the 1st International Workshop on AI for Privacy and SecurityThe security of critical infrastructures such as oil and gas cyber-physical systems is a significant concern in today's world where malicious activities are frequent like never before. On one side we have cyber criminals who compromise cyber ...
Defeating Memory Corruption Attacks via Pointer Taintedness Detection
DSN '05: Proceedings of the 2005 International Conference on Dependable Systems and NetworksMost malicious attacks compromise system security through memory corruption exploits. Recently proposed techniques attempt to defeat these attacks by protecting program control data. We have constructed a new class of attacks that can compromise network ...






Comments