The Hacking Game: Cross-Impact Analysis Tool

Slides:

Advertisements

Similar presentations

Quantitative Techniques An Introduction

Advertisements

ICT Work Programme NCP Infoday 23 June Maria Geronymaki DG INFSO.H.2 ICT for Government & Public Services Objective.

Introduction to Theories of Public Policy

Introduction to Game theory Presented by: George Fortetsanakis.

(C) Murray Turoff Planning as Gaming or Gaming as Planning Murray Turoff, Michael Chumer Starr Roxanne Hiltz Information Systems Department.

1 Fabrizio Sestini New Paradigms and Experimental Facilities DG Information Society and Media "The views expressed in this presentation are those of the.

CSE3030Lecture 11 Know Your User The First Slogan.

Playing Konane Mathematically with Combinatorial Game Theory

Scenario Construction Via Cross Impact Prof. Victor A. Bañuls Management Department Pablo de Olavide University Seville, Spain

Secure Software Development Security Operations Chapter 9 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.

© 2003 Turoff 1 The Nature of Information Systems and Employment in IS Murray Turoff Information Systems Department.

Scenario Construction Via Cross Impact Prof. Victor A. Bañuls Management Department Pablo de Olavide University Seville, Spain

Lesson-7 Players in the Systems Game

Introduction Nichalin S. Summerfield Ph.D. Candidate in Management (Operations Management), Expected December Dissertation Title: Games of Decentralized.

Research Impact Alexandra Byrnes, Research Publication Officer Rio

Thinking of a Master´s?. MAIN FEATURES OF THE PROGRAM WHAT IS IT ABOUT? It provides a sound understanding of economics and its applications. Students.

CSC230 Software Design (Engineering)

2 This statement shows how important the education process is which prepares the next generation of engineers to fulfill the industry needs. But this.

Web-based Technology Web-based Project Management Application (WPMA) for Dredging Projects By GUSTAVO VECINO Civil Engineer February 2013.

Annual SERC Research Review - Student Presentation, October 5-6, Extending Model Based System Engineering to Utilize 3D Virtual Environments Peter.

S A V Dr. H. Stoessel Managerial Economics 1999 Managerial Economics SM1.21 Managerial Economics n Welcome to session 1.

Questions on the “issues paper” presented to the Council ( /02/2005) by L. Michel.

ROLE OF THE IT FUNCTION: COSTS, ANALYSIS, DEVELOPMENT Based on materials by David Schuff.

Module: Environmental Impact Assessment and Management (EIAM) Aristotle University of Thessaloniki Dr. Dimitra Vagiona.

3ie Grantees Communication for Policy Influence Clinic Negombo 16 th – 18 th July 2012.

Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist

Table-Driven Acceptance Testing Mario Aquino Principal Software Engineer Object Computing, Inc.

LEFIS W2 Posgraduate Workshop 1 LEFIS, WG 2 Postgraduate studies Meeting, Rotterdam.

1 Performance Evaluation of Computer Networks: Part II Objectives r Simulation Modeling r Classification of Simulation Modeling r Discrete-Event Simulation.

Research by IPCP.  People, Performance and Principles – our Co- operative Difference  People / HR Forum – why another network ?  Our Co-operative Difference.

DSS Modeling Current trends – Multidimensional analysis (modeling) A modeling method that involves data analysis in several dimensions – Influence diagram.

1.5 Conditional Probability 1. Conditional Probability 2. The multiplication rule 3. Partition Theorem 4. Bayes’ Rule.

1 What is Finance? Objective To Define Finance The Value of Finance Introduction to the Players.

Pricing in Non-cooperative Dynamic Games Lillian Ratliff, Sam Coogan, Daniel Calderone 20 August 2012.

OECD/INFE Tools for evaluating financial education programmes Adele Atkinson, PhD Policy Analyst OECD With the support of the Russian/World Bank/OECD Trust.

Scalable Game Development William Roberts Senior Game Engineer

OBJECT ORIENTED SYSTEM ANALYSIS AND DESIGN. COURSE OUTLINE The world of the Information Systems Analyst Approaches to System Development The Analyst as.

NES 2009-New Elements - A Lokniti Presentation -.

Advancing foresight methodology through networked conversations Ted Fuller Peter De Smedt Dale Rothman European Science Foundation COllaboration in Science.

Cost Estimation. Problem Our ability to realistically plan and schedule projects depends on our ability to estimate project costs and development efforts.

Abbasian, Phd Ch 1 -1 Chapter 1 The Nature of Strategic Management Strategic Management: Concepts & Cases 13 th Edition Fred David.

European Commission Joint Evaluation Unit common to EuropeAid, Relex and Development Methodology for Evaluation of Budget support operations at Country.

Information Systems Analysis and Management Modeling Sys. Requirements with Use Cases Arnie Lund, Jeffrey Kim May 5, 2009 INFO380.

Understanding the field & setting expectations.  Personal  International  UNT Alumni (Mathematics)  Academic  Economics & Mathematics  Professional.

ECE450 - Software Engineering II1 ECE450 – Software Engineering II Today: Introduction to Software Architecture.

Introduction to the IRRIIS Simulation SimCIP Césaire Beyel.

1 Accounting systems design & evaluation Karen Lau 25 Feb 2002.

15-1 Economics: Theory Through Applications This work is licensed under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported.

Building Bridges. After school programs can provide: an environment in which children can practice ways of learning and behaving that will help them succeed.

Carla Basili - Luisa De Biagi Carla Basili * - Luisa De Biagi * * IRCrES Institute, Rome (IT) *CNR –IRCrES Institute, Rome (IT) Central Library ‘G. Marconi’,

SMARTSHOP By: EVN BHARGAV NAGARAJU NAIDU – SASHI TERLI Belligerents.

New Frameworks for Teaching and Learning Bertram C. Bruce Nicholas C. Burbules Scott D. Johnson James A. Levin.

Introduction to Machine Learning © Roni Rosenfeld,

Secure Software Development Security Operations Chapter 9 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.

Chapter 16 Public Relations. Objectives To understand public relations and its role in positioning and in the formulation of the marketing mix To recognize.

Computer Science & Engineering 2111 Database Objects 1 CSE 2111 Introduction to Database Management Systems.

Introduction to Supporting Science. What Does Science Involve? Identifying a question to investigate Forming hypotheses Collecting data Interpreting data.

Configuration Control (Aliases: change control, change management )

Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall Ch 1 -1 Chapter 1 The Nature of Strategic Management Strategic Management: Concepts.

BioEnergy Sustaining The Future 2 BESTF2 Briefing Event 11 th December 2013 Dr Megan Cooper, BESTF co-ordinator.

P5 : Advanced Performance Management. B1: External Influences on Organisational Performance B1. Changing business environment B2. Impact of external factors.

© Prentice Hall, © Prentice Hall, ObjectivesObjectives 1.A complete definition of a plan 2.Insights regarding various dimensions.

Adding Dynamic Nodes to Reliability Graph with General Gates using Discrete-Time Method Lab Seminar Mar. 12th, 2007 Seung Ki, Shin.

CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.

Chapter 24: Architecture Competence

Transaction Processing Systems

Iraq NHDR III: Youth Project Components Report Implementation

CS 21a: Intro to Computing I

Optimization Techniques for Natural Resources SEFS 540 / ESRM 490 B

Quantitative Techniques

Presentation transcript:

The Hacking Game: Cross-Impact Analysis Tool Art Hendela, PhD student, art.hendela@hendela.com

Introduction The Problem Types of Games The Hacking Game Cross Impact Analysis The Hacking Game Components Technology Used Future Work

The Problem Protect a computer network from attack with limited resources Determine the allocation of those resources with the help of a mathematical model You can allocate the resources, but how do you know if you’ve done it in a reasonable and efficient manner?

Types of Games Economic Games Combinatorial Games Cooperative, i.e., joint venture (Aloysius,2002) Non-Cooperative, business competitors (Garcia, 2003) Mixed (Nash, 1951) Combinatorial Games Two person with perfect knowledge (Berlekamp 1982 ) Non-cooperative games are those where the participants are solely competitive and do not share information (Garcia 2003). One such example of a non-cooperative game pits managers against one another each with limited resources. As resources become scarcer, the meanness of the players towards one another increases (Wayne 1992).

The Hacking Game Participation in the game occurs in a virtual space No scenario is pre-determined Input is limited to your allotted budget Uses a mathematical model to aid resource allocation Model is based on Cross Impact Analysis The game is online. People do not have to meet to participate. The selection of game components and the events is entirely up to the players and the Overall Game Director. You can’t spend more than you have but you can ask for more. We cover Cross Impact next

Cross Impact Analysis From a paper by Murray Turoff in 1972 entitled, “An Alternative Approach to Cross Impact Analysis” Used for determining influences between events Uses the Delphi Method to help generate group statistics for impact (Turoff, 1970) The Cross Impact analysis provides the mathematical base The Delphi method provides the ideas on how to use experts to form the set of probabilities

Cross Impact Analysis Inputs A set of base events The probability of each base event occurring independent of the other events, Pi The set of probabilities for all other events where an individual base event is certain to occur, Rij The set of probabilities for all other events where an individual base event is certain to never occur, Sij

Cross Impact Analysis Outputs The relative impact of one event on another, Cij The influence by external events not entered, Gi

The Hacking Game Components Security System Component Library Game Definition Event Library Cross Impact Calculation Engine Players Security in in .Net and included role definition, management, Username assignment, Email password to user, Apply for Username, etc. Probabilities Teams Results Survey

The Hacking Game Components Security and roles Player/team management Game Definition with Budgets Components Events Probabilities Calculation Engine Results reporting Survey/evaluation Security limits access based on the type of player Players sign-up through the username/log-in management system Define the game as single or multi-user, allocate the budgets Enter the components that will be acted upon, for example a server or a firewall Enter the events, for example a Denial of Service attack. This creates the base set of events. Probabilities, Pi, Rij, Sij The results are calculated The results are shown The game is evaluated.

Technology Used Code Framework: ASP.NET 2.0 Development Environment: Visual Studio 2005 Language: Visual Basic, VB.NET Database: MS SQLServer 2000 ASP.NET provides many useful controls such as login to minimize the amount of code written. Visual Studio 2005 allows for local testing by providing Internet Information Service (IIS) on your laptop, desktop, etc. My company grew from dBase to FoxPro to Visual FoxPro. Visual basic is very close in structure and syntax to these legacy languages. SQLServer provides an enterprise scale data repository.

Future Work Complete development of the model Field test and evaluate the game Expand the use of the approach to non-network hacking environments that feature an offense/defense structure Protect chemical plants from terrorism Launch a new product against a business competitor

Acknowledgements This research is fully supported by Hendela System Consultants, Inc, Little Falls, NJ (www.hendela.com). The opinions expressed are those of the authors and may not reflect those of the corporate sponsor.

Selected References Aloysius, J. A. (2002). "Research Joint Ventures: A Cooperative Game for Competitors." European Journal of Operational Research 136(3): 591-602. Berlekamp, E., Conway, J, and Guy, R. (1982). Winning Ways for your Mathematical Plays, Academic Press.

Selected References Garcia, D. D., David Ganet, Peter Henderson (2003). "Everything you Always Wanted to Know about Game Theory (But were Afraid to Ask)." SIGCSE 2003 35(1): 96-97. Nash, J. F. (1951). "Non-Cooperative Games." Annals of Mathematics Journal 54(1951): 286-295.

Selected References Turoff, M, (1970). “The Design of a Policy Delphi”, Technology Forecasting and Social Change, 2(2). Turoff, M, (1972). “An alternative approach to Cross Impact Analysis." Technology Forecasting and Social Change”, 3, 338-368.