The development of quantitative security analyses that consider both active attackers and reactive defenders is a main challenge in the design of trustworthy Cyber-Physical Systems. We propose a game-theoretic approach where it is natural to model attacker’s and defender’s actions explicitly, associating costs to attacks and countermeasures. Cost considerations enable to contrast different strategies on the basis of their effectiveness and efficiency, paving the way to a multi-objective notion of optimality. Moreover, the framework allows expressing the probabilistic nature of the environment and of the attack detection process. Finally, a solver is presented to compute strategies and their costs, resorting to a recent combination of strategy iteration with linear programming.
|Title of host publication||Secure IT Systems : 18th Nordic Conference, NordSec 2013, Ilulissat, Greenland, October 18-21, 2013, Proceedings|
|Publication status||Published - 2013|
|Event||18th Nordic Conference on Secure IT Systems (NordSec 2013) - Ilulissat, Greenland|
Duration: 18 Oct 2013 → 21 Oct 2013
|Conference||18th Nordic Conference on Secure IT Systems (NordSec 2013)|
|Period||18/10/2013 → 21/10/2013|
|Series||Lecture Notes in Computer Science|