IT-Security-Risk-Management based on Decision Theory (SERIMA)

Projektbeschreibung

Risk management is an essential task in nowadays information infrastructures. Letting security exclusively rest on qualitative assertions regarding cryptographic primitives can be misleading towards missing possible vulnerabilities arising from imperfect combinations of different security measures. The goal of this project is designing tools aiding the quantitative assessment of security in a given information infrastructure.

Risk management is an essential task in nowadays information infrastructures. Letting security exclusively rest on qualitative assertions regarding cryptographic primitives can be misleading towards missing possible vulnerabilities arising from imperfect combinations of different security measures. The goal of this project is designing tools aiding the quantitative assessment of security in a given information infrastructure.

Game-theory can provide us with risk measures that can be set up in any unit or context suitable for the application at hand. In fact, by using non-cooperative competitions for a security assessment, we obtain risk measures, optimal network provisioning strategies and pointers towards the most severe attack scenarios in a single blow. Neither the theory nor its results employ any computational intractability assumptions, such as most state-of-the-art cryptosystems hinge on. Thus, it applies to classical cryptography, as well as quantum cryptography or other security primitives equally well. This brings considerable advantages over other models, because the context and unit of any subjective trust estimate (such as discrete risk classifications or other methods) is directly carried over to the results of the analysis. Hence, interpretability of any result is ensured at all times, especially for a decision-maker.

The ultimate goal of system security is to protect the value tied to secret information. Risk management appears as a natural cover framework in which cryptographic primitives for secret transmission act as basic building blocks. A decision-theoretic (game-theoretic) communication risk assessment enables a decision-maker to estimate the (monetary) loss that can be expected from a given communication infrastructure due to secret information leakage. It thus provides a benchmark to compare and assess the security performance of the infrastructure at hand

In addition to this, a cost-optimized design or extension of an infrastructure towards minimal risk is possible. Network security is an endless cycle consisting of securing, monitoring, testing and improving. The project's goal is automating this cycle to a wider extend than currently, thus saving costs on human resources for security evaluation and monitoring. Those latter two can be handled by game-theoretic models, as well as cost-optimized improvements can be facilitated on mathematically justified grounds.