Information Technology Reference
In-Depth Information
defenders to the various vulnerabilities. Two cases have to be considered. In the
first one the number of attackers allocated to a vulnerability is known when
allocating the defenders to the same vulnerability, and the other way around. In
the other, more interesting, case the allocations of attackers and of defenders are
chosen simultaneously. In this case, the allocation of a resource, i.e. an attacker
or a defender, to the search for vulnerabilities can be modeled as a strategy
game with two players, the attacker and the defender. The attacker manages a
pool with na resources, the attackers, while the defender, i.e the infrastructure
owner, manages a pool with nd resources, the defenders. The move of each player
defines a tuple with n integers, one for each vulnerability and the i-th integer
of the tuple defines the resources allocated by the player to the corresponding
vulnerability.
The complete definition of the game requires those of utility functions of
both players. Both functions always depend upon the resources allocated to
each vulnerability, but alternative definitions are possible. As an example, the
utility of the attacker may be the average loss of the infrastructure, i.e. to the
sum of the average impacts of attacks enabled by the vulnerabilities, while that
of the defender may the inverse of this function. This defines is a zero sum game
where the loss of a player is the utility of the other one. In other cases, the utility
functions may be defined in terms of the probability that no loss occurs.
In all these cases, we can exploit the main results of game theory, starting
from the Nash equilibrium, to define an optimal strategy for each player [22].
It is worth noticing that a worst case for the defender arises anytime the de-
fender allocates a few resources to a vulnerability, say V j and, simultaneously,
the attacker allocates a large number of resources to the same vulnerability. The
0-delay model shows that these allocations result into a large impact due to V j
because of the large difference between the numbers of attackers and of defenders.
3.2
“Security Through Obscurity” and Open Source
The 0-delay model supports the introduction of some mathematical considera-
tions into the discussion of ”security through obscurity”. This philosophy favors
proprietary solutions with respect to open source ones, under the assumption
that the lack of information on the infrastructure obstacles the search for vulner-
abilities of the attacker. In this way, the attacker has to study a ”live” system,
which is much more dangerous. As discussed in the previous section. 0-delay
models the asymmetry between the attackers and the defenders through the
constant ϕ that multiplies the number of the resource of the defender so that
we may assume that the probability of finding a vulnerability is the same for
each resource. In a ”closed” solution, and if the number of the resources of the
attacker is constant, ϕ increases the number of the resources of the defender to
take into account the larger amount of information these resources can access.
As a consequence, in an infrastructure exploiting a proprietary solution, if the
technical skills of the attackers and of the defenders are comparable, ϕ will be
larger than one and inversely related to public information on the infrastructure
or on the considered component.
Search WWH ::




Custom Search