Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Hacking Game: Cross-Impact Analysis Tool

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The Hacking Game: Cross-Impact Analysis Tool"— Presentation transcript:

1 The Hacking Game: Cross-Impact Analysis Tool
Art Hendela, PhD student,

2 Introduction The Problem Types of Games The Hacking Game
Cross Impact Analysis The Hacking Game Components Technology Used Future Work

3 The Problem Protect a computer network from attack with limited resources Determine the allocation of those resources with the help of a mathematical model You can allocate the resources, but how do you know if you’ve done it in a reasonable and efficient manner?

4 Types of Games Economic Games Combinatorial Games
Cooperative, i.e., joint venture (Aloysius,2002) Non-Cooperative, business competitors (Garcia, 2003) Mixed (Nash, 1951) Combinatorial Games Two person with perfect knowledge (Berlekamp 1982 ) Non-cooperative games are those where the participants are solely competitive and do not share information (Garcia 2003). One such example of a non-cooperative game pits managers against one another each with limited resources. As resources become scarcer, the meanness of the players towards one another increases (Wayne 1992).

5 The Hacking Game Participation in the game occurs in a virtual space
No scenario is pre-determined Input is limited to your allotted budget Uses a mathematical model to aid resource allocation Model is based on Cross Impact Analysis The game is online. People do not have to meet to participate. The selection of game components and the events is entirely up to the players and the Overall Game Director. You can’t spend more than you have but you can ask for more. We cover Cross Impact next

6 Cross Impact Analysis From a paper by Murray Turoff in 1972 entitled, “An Alternative Approach to Cross Impact Analysis” Used for determining influences between events Uses the Delphi Method to help generate group statistics for impact (Turoff, 1970) The Cross Impact analysis provides the mathematical base The Delphi method provides the ideas on how to use experts to form the set of probabilities

7 Cross Impact Analysis Inputs
A set of base events The probability of each base event occurring independent of the other events, Pi The set of probabilities for all other events where an individual base event is certain to occur, Rij The set of probabilities for all other events where an individual base event is certain to never occur, Sij

8 Cross Impact Analysis Outputs
The relative impact of one event on another, Cij The influence by external events not entered, Gi

9 The Hacking Game Components
Security System Component Library Game Definition Event Library Cross Impact Calculation Engine Players Security in in .Net and included role definition, management, Username assignment, password to user, Apply for Username, etc. Probabilities Teams Results Survey

10 The Hacking Game Components
Security and roles Player/team management Game Definition with Budgets Components Events Probabilities Calculation Engine Results reporting Survey/evaluation Security limits access based on the type of player Players sign-up through the username/log-in management system Define the game as single or multi-user, allocate the budgets Enter the components that will be acted upon, for example a server or a firewall Enter the events, for example a Denial of Service attack. This creates the base set of events. Probabilities, Pi, Rij, Sij The results are calculated The results are shown The game is evaluated.

11 Technology Used Code Framework: ASP.NET 2.0
Development Environment: Visual Studio 2005 Language: Visual Basic, VB.NET Database: MS SQLServer 2000 ASP.NET provides many useful controls such as login to minimize the amount of code written. Visual Studio 2005 allows for local testing by providing Internet Information Service (IIS) on your laptop, desktop, etc. My company grew from dBase to FoxPro to Visual FoxPro. Visual basic is very close in structure and syntax to these legacy languages. SQLServer provides an enterprise scale data repository.

12 Future Work Complete development of the model
Field test and evaluate the game Expand the use of the approach to non-network hacking environments that feature an offense/defense structure Protect chemical plants from terrorism Launch a new product against a business competitor

13 Acknowledgements This research is fully supported by Hendela System Consultants, Inc, Little Falls, NJ ( The opinions expressed are those of the authors and may not reflect those of the corporate sponsor.

14 Selected References Aloysius, J. A. (2002). "Research Joint Ventures: A Cooperative Game for Competitors." European Journal of Operational Research 136(3): Berlekamp, E., Conway, J, and Guy, R. (1982). Winning Ways for your Mathematical Plays, Academic Press.

15 Selected References Garcia, D. D., David Ganet, Peter Henderson (2003). "Everything you Always Wanted to Know about Game Theory (But were Afraid to Ask)." SIGCSE (1): Nash, J. F. (1951). "Non-Cooperative Games." Annals of Mathematics Journal 54(1951):

16 Selected References Turoff, M, (1970). “The Design of a Policy Delphi”, Technology Forecasting and Social Change, 2(2). Turoff, M, (1972). “An alternative approach to Cross Impact Analysis." Technology Forecasting and Social Change”, 3,

Download ppt "The Hacking Game: Cross-Impact Analysis Tool"

Similar presentations

Quantitative Techniques An Introduction

Quantitative Techniques An Introduction
ICT Work Programme 2011-12 NCP Infoday 23 June Maria Geronymaki DG INFSO.H.2 ICT for Government & Public Services Objective.

ICT Work Programme NCP Infoday 23 June Maria Geronymaki DG INFSO.H.2 ICT for Government & Public Services Objective.
Introduction to Theories of Public Policy

Introduction to Theories of Public Policy
Introduction to Game theory Presented by: George Fortetsanakis.

Introduction to Game theory Presented by: George Fortetsanakis.
(C) Murray Turoff 20061 Planning as Gaming or Gaming as Planning Murray Turoff, Michael Chumer Starr Roxanne Hiltz Information Systems Department.

(C) Murray Turoff Planning as Gaming or Gaming as Planning Murray Turoff, Michael Chumer Starr Roxanne Hiltz Information Systems Department.
1 Fabrizio Sestini New Paradigms and Experimental Facilities DG Information Society and Media The views expressed in this presentation are those of the.

1 Fabrizio Sestini New Paradigms and Experimental Facilities DG Information Society and Media "The views expressed in this presentation are those of the.
CSE3030Lecture 11 Know Your User The First Slogan.

CSE3030Lecture 11 Know Your User The First Slogan.
Playing Konane Mathematically with Combinatorial Game Theory

Playing Konane Mathematically with Combinatorial Game Theory
Scenario Construction Via Cross Impact Prof. Victor A. Bañuls Management Department Pablo de Olavide University Seville, Spain

Scenario Construction Via Cross Impact Prof. Victor A. Bañuls Management Department Pablo de Olavide University Seville, Spain
Secure Software Development Security Operations Chapter 9 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.

Secure Software Development Security Operations Chapter 9 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.
© 2003 Turoff 1 The Nature of Information Systems and Employment in IS Murray Turoff Information Systems Department.

© 2003 Turoff 1 The Nature of Information Systems and Employment in IS Murray Turoff Information Systems Department.
Scenario Construction Via Cross Impact Prof. Victor A. Bañuls Management Department Pablo de Olavide University Seville, Spain

Scenario Construction Via Cross Impact Prof. Victor A. Bañuls Management Department Pablo de Olavide University Seville, Spain
Lesson-7 Players in the Systems Game

Lesson-7 Players in the Systems Game
Introduction Nichalin S. Summerfield Ph.D. Candidate in Management (Operations Management), Expected December 2010. Dissertation Title: Games of Decentralized.

Introduction Nichalin S. Summerfield Ph.D. Candidate in Management (Operations Management), Expected December Dissertation Title: Games of Decentralized.
Research Impact Alexandra Byrnes, Research Publication Officer Rio

Research Impact Alexandra Byrnes, Research Publication Officer Rio
Thinking of a Master´s?. MAIN FEATURES OF THE PROGRAM WHAT IS IT ABOUT? It provides a sound understanding of economics and its applications. Students.

Thinking of a Master´s?. MAIN FEATURES OF THE PROGRAM WHAT IS IT ABOUT? It provides a sound understanding of economics and its applications. Students.
CSC230 Software Design (Engineering)

CSC230 Software Design (Engineering)
2 This statement shows how important the education process is which prepares the next generation of engineers to fulfill the industry needs. But this.

2 This statement shows how important the education process is which prepares the next generation of engineers to fulfill the industry needs. But this.
Web-based Technology Web-based Project Management Application (WPMA) for Dredging Projects By GUSTAVO VECINO Civil Engineer February 2013.

Web-based Technology Web-based Project Management Application (WPMA) for Dredging Projects By GUSTAVO VECINO Civil Engineer February 2013.
Annual SERC Research Review - Student Presentation, October 5-6, 2011 1 Extending Model Based System Engineering to Utilize 3D Virtual Environments Peter.

Annual SERC Research Review - Student Presentation, October 5-6, Extending Model Based System Engineering to Utilize 3D Virtual Environments Peter.

Similar presentations

Ads by Google