Transcript The Hacking Game: Cross

The Hacking Game:
Cross-Impact Analysis Tool
Art Hendela, PhD student, [email protected]
Introduction
 The
Problem
 Types of Games
 The Hacking Game
 Cross Impact Analysis
 The Hacking Game Components
 Technology Used
 Future Work
The Problem
 Protect
a computer network from attack
with limited resources
 Determine the allocation of those
resources with the help of a
mathematical model
Types of Games
 Economic
Games
 Cooperative,
i.e., joint venture
(Aloysius,2002)
 Non-Cooperative, business competitors
(Garcia, 2003)
 Mixed (Nash, 1951)
 Combinatorial
 Two
Games
person with perfect knowledge
(Berlekamp 1982 )
The Hacking Game
 Participation
in the game occurs in a
virtual space
 No scenario is pre-determined
 Input is limited to your allotted budget
 Uses a mathematical model to aid
resource allocation
 Model is based on Cross Impact
Analysis
Cross Impact Analysis
 From
a paper by Murray Turoff in 1972
entitled, “An Alternative Approach to
Cross Impact Analysis”
 Used for determining influences
between events
 Uses the Delphi Method to help
generate group statistics for impact
(Turoff, 1970)
Cross Impact Analysis Inputs
A
set of base events
 The probability of each base event occurring
independent of the other events, Pi
 The set of probabilities for all other events
where an individual base event is certain to
occur, Rij
 The set of probabilities for all other events
where an individual base event is certain to
never occur, Sij
Cross Impact Analysis Outputs
 The
relative impact of one event on
another, Cij
 The influence by external events not
entered, Gi
The Hacking Game Components
Security System
Component Library
Game
Definition
Players
Event Library
Cross Impact
Calculation Engine
Probabilities
Teams
Results
Survey
The Hacking Game Components
 Security
and roles
 Player/team management
 Game Definition with Budgets
 Components
 Events
 Probabilities
 Calculation Engine
 Results reporting
 Survey/evaluation
Technology Used
 Code
Framework: ASP.NET 2.0
 Development Environment: Visual
Studio 2005
 Language: Visual Basic, VB.NET
 Database: MS SQLServer 2000
Future Work
 Complete
development of the model
 Field test and evaluate the game
 Expand the use of the approach to nonnetwork hacking environments that feature
an offense/defense structure
 Protect
chemical plants from terrorism
 Launch a new product against a business
competitor
Acknowledgements
 This
research is fully supported by
Hendela System Consultants, Inc, Little
Falls, NJ (www.hendela.com). The
opinions expressed are those of the
authors and may not reflect those of the
corporate sponsor.
Selected References
 Aloysius,
J. A. (2002). "Research Joint
Ventures: A Cooperative Game for
Competitors." European Journal of
Operational Research 136(3): 591-602.
 Berlekamp, E., Conway, J, and Guy, R.
(1982). Winning Ways for your
Mathematical Plays, Academic Press.
Selected References
Garcia, D. D., David Ganet, Peter
Henderson (2003). "Everything you
Always Wanted to Know about Game
Theory (But were Afraid to Ask)."
SIGCSE 2003 35(1): 96-97.
 Nash, J. F. (1951). "Non-Cooperative
Games." Annals of Mathematics Journal
54(1951): 286-295.
Selected References
Turoff, M, (1970). “The Design of a Policy
Delphi”, Technology Forecasting and
Social Change, 2(2).
 Turoff, M, (1972). “An alternative
approach to Cross Impact Analysis."
Technology Forecasting and Social
Change”, 3, 338-368.