Generalized Selective Decryption (GSD) is an easy to define game based on a symmetric encryption scheme Enc. It was introduced by Panjwani [TCC’07] to capture the difficulty of proving adaptive security of certain protocols. In the GSD game there are n keys k1, . . . , kn, which the adversary may adaptively corrupt (i.e., learn); moreover, it can ask for encryptions Encki(kj) of keys under othe...

Game theory has been successfully used to handle complex resource allocation and patrolling problems in security and sustainability domains. More specifically, real-world applications have been deployed for different domains based on the framework of security games, where the defender (e.g., security agency) has a limited number of resources to protect a set of targets from an adversary (e.g., ...

This paper introduces a new game-theoretic framework and algorithms for addressing opportunistic crime. Stackelberg Security Game (SSG), focused on highly strategic and resourceful adversaries, has become an important computational framework within multiagent systems. Unfortunately, SSG is ill-suited as a framework for handling opportunistic crimes, which are committed by criminals who are less...

To be accepted, a cryptographic scheme must come with a proof that it satisfies some standard security properties. However, because cryptographic schemes are based on non-trivial mathematics, proofs are error-prone and difficult to check. The main contributions of this paper are a refinement of the game-based approach to security proofs, and its implementation on top of the proof assistant Coq....

To protect the systems exposed to the Internet against attacks, a security system with the capability to engage with the attacker is needed. There have been attempts to model the engagement/interactions between users, both benign and malicious, and network administrators as games. Building on such works, we present a game model which is generic enough to capture various modes of such interactio...

Consider a network vulnerable to viral infection, where the security software can guarantee safety only to a limited part of it. We model this practical network scenario as a non-cooperative multiplayer game on a graph, with two kinds of players, a set of attackers and a protector player, representing the viruses and the system security software, respectively. Each attacker player chooses a nod...

Although many have recognized the risks of software monocultures, it is not currently clear how much and what kind of diversity would be needed to address these risks. Here we attempt to provide insight into this issue using a simple model of hosts and vulnerabilities connected in a bipartite graph. We use this graph to compute diversity metrics as Renyi entropy and to formulate an anti-coordin...

Game theory has been receiving immense concern to deal with attacks in wireless ad hoc networks, which are widely employed in a large range of applications but vulnerable to various attacks. Previous works provided readers with comprehensive understanding of game theoretic solutions on cyber security problems. However, they neglect the relationship between attack characteristics and the corresp...

This work addresses the challenge “how do we make better security decisions?” and it develops techniques to support human decision making and algorithms which enable well-founded cyber security decisions to be made. In this paper we propose a game theoretic model which optimally allocates cyber security resources such as administrators’ time across different tasks. We first model the interactio...

After a short introduction to the field of security protocol verification, we present the automatic protocol verifier CryptoVerif. In contrast to most previous protocol verifiers, CryptoVerif does not rely on the Dolev-Yao model, but on the computational model. It produces proofs presented as sequences of games, like those manually done by cryptographers; these games are formalized in a probabi...