According to standard fiction, a user is able to securely keep long term keys on his device. However, in fact his device may become infected with malware, and an adversary may obtain a copy of his key. We propose an attacker model in which devices are “periodically trustworthy” — they may become infected by malware, and then later become trustworthy again after software patches and malware scan...

A Mobile Ad-hoc network (MANET) is a multi-hop wireless network where nodes communicate with each other without any pre-deployed infrastructure. An attack is an attempt to bypass the security controls on a computer. The attack may alter, release, or deny data. Intrusion Detection System is a process of monitoring activities in a system, which can be a computer or network system. The mechanism b...

Java Card is a variant of Java designed for use in smart cards and other systems with limited resources. Applets running on a smart card are protected from each other by the applet firewall, allowing communication only through shared objects. Security can be breached if a reference to a shared object is leaked to a hostile applet. In this paper we develop a Control Flow Analysis for a small lan...

Risk management refers to the process of making decisions that minimize the effects of vulnerabilities on the network hosts. This can be a difficult task in the context of high-exploit probability and the difficult to identify new exploits and vulnerabilities. For many years, security engineers have performed risk analysis using economic models for the design and operation of risk-prone, techno...

We describe our model for the behaviour of an attacker. In the model, the attacker has uncertain knowledge about a computer system. Moreover, the attacker tries different attack paths if initially selected ones cannot be completed. The model allows finer-grain analysis of the security of computer systems. The model is based on Markov Decision Processes theory for predicting possible attacker’s ...

The reliability of road networks depends directly on their vulnerability to disruptive incidents, ranging in severity from minor disruptions to terrorist attacks. This paper presents a game theoretic approach to the analysis of road network vulnerability. The approach posits predefined disruption, attack or failure scenarios and then considers how to use the road network so as to minimize the m...

We show that the recent technique of computationally complete symbolic attackers proposed by Bana and Comon-Lundh [6] for computationally sound verification of security protocols is powerful enough to verify actual protocols. In their work, Bana and Comon-Lundh presented only the general framework, but they did not introduce sufficiently many axioms to actually prove protocols. We present a set...

Algorithms for finding game-theoretic solutions are now used in several real-world security applications. This work has generally assumed a Stackelberg model where the defender commits to a mixed strategy first. In general two-player normal-form games, Stackelberg strategies are easier to compute than Nash equilibria, though it has recently been shown that in many security games, Stackelberg st...