For LTI control systems, we provide mathematical tools – in terms of Linear Matrix Inequalities – for computing outer ellipsoidal bounds on the reachable sets that attacks can induce in the system when they are subject to the physical limits of the actuators. Next, for a given set of dangerous states, states that (if reached) compromise the integrity or safe operation of the system, we provide ...

Game theoretic methods for making resource allocation decision in security domains have attracted growing attention from both researchers and security practitioners, including deployed applications at both the LAX airport and the Federal Air Marshals Service. We develop a new class of security games designed to model decisions faced by the Transportation Security Administration and other agenci...

This paper considers the problem of allocating nite resources among the elements of a critical infrastructure system in order to protect it from antagonistic attacks. Previous studies have assumed that the attacker has complete information about the utilities associated with attacks on each element. In reality, it is likely that the attacker's perception of the system is not as precise as the d...

Risk of a given threat is a function of the likelihood of exercising the threat and the severity of its impacts. This paper proposes incorporating attacker capabilities and motivations in estimating the likelihood of exercising threats. Attacker capability is the ability to use appropriate means (e.g., knowledge, time, expertise, and tools) and opportunity (e.g., enough time to perform the atta...

Trust systems assist in dealing with users who may betray one another. Cunning users (attackers) may attempt to hide the fact that they betray others, deceiving the system. Trust systems that are difficult to deceive are considered more robust. To formally reason about robustness, we formally model the abilities of an attacker. We prove that the attacker model is maximal, i.e. 1) the attacker c...

Providing meaningful estimations for the quantitative annotations on the steps of complex multi-step attacks is hard, as they are jointly influenced by the infrastructure and attacker properties. The paper introduces attacker profiling as a concept of separation of the infrastructure properties from the properties of malicious agents undertaking strategic decisions in the considered environment...

Consider an information network with harmful procedures called attackers (e.g., viruses); each attacker uses a probability distribution to choose a node of the network to damage. Opponent to the attackers is the system protector scanning and cleaning from attackers some part of the network (e.g., an edge or a path), which it chooses independently using another probability distribution. Each att...

Our paper aims to move the research of secrecy amplification protocols for general ad-hoc networks to more realistic scenarios, conditions and attacker capabilities. The extension of the current attacker models is necessary, including the differentiation based on types of attacker’s manipulation with a node, monitoring capabilities and movement strategies. We also aim to propose suitable secrec...

In this paper, we consider security aspects of network routing in a game-theoretic framework where an attacker is empowered with an ability for intrusion into edges of the network; on the other hand, the goal of designer is to choose routing paths. We interpret the secure routing problem as a two player zero sum game. The attacker can choose one or more edges for intrusion, while the designer h...