In order to decrease Information and Communication Technology (ICT) security threats caused by human errors an increased concentration on education and learning is necessary. Because of the large amount of new users, with different kind of learning capabilities, the traditional teaching methods are not sufficient. Alternative forms of education are needed. This article discusses why ICT securit...

We study the security of symmetric encryption schemes in settings with multiple users and realistic adversaries who can adaptively corrupt encryption keys. To avoid confinement to any particular definitional paradigm, we propose a general framework for multi-key security definitions. By appropriate settings of the parameters of the framework, we obtain multi-key variants of many of the existing...

Risks faced by information system operators and users are not only determined by their own security posture, but are also heavily affected by the security-related decisions of others. This interdependence between information system operators and users is a fundamental property that shapes the efficiency of security defense solutions. Game theory is the most appropriate method to model the strat...

Building on the successful applications of Stackelberg Security Games (SSGs) to protect infrastructure, researchers have begun focusing on applying game theory to green security domains such as protection of endangered animals and fish stocks. Previous efforts in these domains optimize defender strategies based on the standard Stackelberg assumption that the adversaries become fully aware of th...

Using a traditional leader-follower decisional sequence as the manifestation of power structure in a supply chain, this work generalizes extant research in IT security. We propose a game theoretic model to analyze the equilibrium IT security of the supply chain in the Stackelberg game, where the power structure in the supply chain manifests in a natural leader. Our results indicate that a natur...

Verifying cryptographic security proofs manually is inherently tedious and error-prone. The game-playing technique for cryptographic proofs advocates a modular proof design where cryptographic programs called games are transformed stepwise such that each step can be analyzed individually. This code-based approach has rendered the formal verification of such proofs using mechanized tools feasibl...

We describe an innovative application of a novel game-theoretic approach for a national scale security deployment. Working with the United States Transportation Security Administration (TSA), we have developed a new application called GUARDS to allocate the TSA’s limited resources across hundreds of security activities to provide protection at over 400 United States airports. Similar security a...

The Center for the Information Systems Studies and Research (CISR) at the Naval Postgraduate School has established a broad program in computer and network security education. The program, founded on a core in traditional computer science, is extended by a progression of specialized courses and a broad set of information assurance research projects. A CISR objective has been improvement of info...

SecurityEmpire is a new multiplayer computer game to teach cybersecurity concepts to high school students. We describe the design and implementation of SecurityEmpire, explain how it teaches security concepts, share preliminary evaluative data from students and teachers, and describe our experiences with developing, fielding, and evaluating this educational game. SecurityEmpire challenges each ...

Information security analysis can be performed using game theory implemented in dynamic simulations of Agent-Based Models (ABMs). Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. Our approach addresses imperfect information and scalability th...