IT-Security-Risk-Management based on Decision Theory (SERIMA)

Project Description

Risk management is an essential task in nowadays information infrastructures. Letting security exclusively rest on qualitative assertions regarding cryptographic primitives can be misleading towards missing possible vulnerabilities arising from imperfect combinations of different security measures. The goal of this project is designing tools aiding the quantitative assessment of security in a given information infrastructure. Decision-theory and particularly game-theory has successfully been applied to handle competitive situations in economy and other fields of science. Alas, its full power in the context of information security has not yet been unleashed. Game-theory can provide us with risk measures that can be set up in any unit or context suitable for the application at hand. Moreover, the theory is not relying on computational intractability assumptions, such as most state-of-the-art cryptosystems hinge on. Thus, it applies to classical cryptography, as well as quantum cryptography or other security primitives equally well. This brings remarkable advantages over other models, because the context and unit of any subjective trust estimate (such as discrete risk classifications or other methods) is directly carried over to the results of the analysis. Hence, interpretability of any result is ensured at all times, especially for a decision-maker. This is the major difference to previous modelling approaches, where the system under investigation needs to be described in pre-defined general-purpose terms. We explicitly avoid that by solely relying on the context-specific trust valuation that comes with the application, at the cost of needing accurate models for usage and attack strategies. Fortunately, the latter is a well-investigated problem: topological vulnerability analysis is a common method of identifying vulnerabilities in a communication infrastructure. The process is partially automatable through (commercial) vulnerability scanning software and hardware. The benefit provided by using such systems with a game-theoretic analysis is manifold: it helps optimizing the utilization of resources, whilst at the same time giving the most promising attack strategies. The latter can directly be regarded as hints towards the most valuable targets for adversarial influence attempts. Game-theory driven optimization of security infrastructures has been considered recently. This project attempts to fully exploit the power of game-theory in the context of security infrastructure management and optimization.