Jingsha He,Shunan Ma,Bin Zhao

2013-01-01

Abstract:Access control is an important security mechanism that is used to limit user access to information and resources and to prevent malicious users from making unauthorized access. Traditional access control models are well suited for centralized and relatively static environments in which information about subjects and objects are known in priori, but they can hardly meet the needs of open and dynamic network environments. Access control in open network environments must therefore adapt to dynamic addition and deletion of subjects and objects. In this paper, we use game theory to analyze trust-based access control to help compute trust values that involve several factors. By viewing access control as a game played between the requester and the provider entities, we can develop strategies that would motivate subjects to make honest access to objects continuously to get the most payoffs.

Ming Zhao,Jinqiang Ren,Huiping Sun,Suming Li,Zhong Chen

DOI: https://doi.org/10.1109/icycs.2008.226

2008-01-01

Abstract:In ubiquitous computing environment, resources become invisible, heterogeneous and anywhere. Traditional access control mechanism could not handle such dynamic and complex environment. In our proposed work, we view access control mechanism as a non-cooperative game. Thus, a game theoretic model for access control has been proposed to assist such mechanism. Different from traditional one, which depended on complex policies for decision-making, our model uses game theory to evaluate all possible results and select the most expected one as final decision. In the end, a practical example has been presented and its result shows that our access control model is more suitable for nowadays dynamic access control environment.

Yi-xuan ZHANG,Jing-sha HE,Bin ZHAO

2014-01-01

Abstract:Access control technology is an important information security technology to protect the sensitive information and critical resources in computer system and network.But traditional access control methods could only respond to access requests of users passively and can’t meet the changing dynamic network environment.In order to improve the ability to respond to malicious attacks and threats in access control system,a security mechanism is designed,which is suitable for access control,based on non-cooperative game theory in the game.When the subject makes an access request to the object,there will be a non-cooperative game between them to get Nash equilibrium.Then the security mechanism will compare the probabilities in the Nash equilibrium to the setting thresholds to get the conclusion that whether to authorize the subject or not.Experiment proves the effectiveness of the security mechanisms.

Shengbing Zhang,Wandong Cai,Yongjun Li

DOI: https://doi.org/10.3969/j.issn.1000-2758.2011.04.028

2011-01-01

Xibei Gongye Daxue Xuebao/Journal of Northwestern Polytechnical University

Abstract:Aim: The introduction of the full paper discusses what we believe to be the shortcomings of existing access control methods and then proposes the research metioned in the title. Section 1 , 2 and 3 explain our game-theory based access control method and evaluate it with an example. Section 1 is entitled the confidence model of social network. Section 2 is entitled the game-theory based strategy for access control of social network; its core consists of: (1) the definitions of six symbols for game-theory based parameters; (2) the derivation and analysis of game-theory based payoff matrix of requestors and that of authorized users. Section 3 presents an example, whose results are presented in Table 1 and Fig. 1; there are five confidence levels and six game-theory based parameters whose symbols have been defined previously; these results and their analysis show preliminarily that our game-theory based access control method is indeed suitable for social network.

Yixuan Zhang,Jingsha He

DOI: https://doi.org/10.1109/iccsnt.2015.7490907

2015-01-01

Abstract:Access control has been widely used to protect sensitive information and critical resources and to counter malicious attacks in computer systems and networks. There are three main traditional access control models in the past—discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC). But these models can only assign rights according to the existing access control policy, which is stoical and reactive. To make access control more proactive, some experts propose some access control models based on game theory. But complex calculations when subjects make access requests will affect the access performance and reduce the access efficiency. To solve these problems, we propose an access control model based on stochastic game in this paper. At first, we introduce a strategy selection problem of object mathematically in this model, and then describe the model in detail on how to solve this problem. We also prove the existence of Nash equilibrium in the model. At last, we make an experiment to show the advantages of this model. We prove that our model is more proactive to the threats and attacks in network than traditional access control models.

Jingsha He,Bin Zhao,Yixuan Zhang

DOI: https://doi.org/10.14257/ijgdc.2015.8.4.03

2015-01-01

International Journal of Grid and Distributed Computing

Abstract:Access control, what is a core technology in information security, has been widely used cloud web. It is used to distribute objects' resources to subjects according to some principles. But until now, most traditional access control models are focused on the distributional principles; the security of systems is always ignored. Protecting data and resources in computers from threats and attacks is also an important aspect in access control, especially in cloud web where there are a great deal of threats and attacks. In this paper, we introduce the present situation and related work of access control. Then we analyze the security problems in computer systems with traditional access control model, and get the prisoner's dilemma in it through Nash equilibrium. To solve this dilemma, we applied repeated-game theory to access control and build a new model RTAC. The ultimate goal of RTAC is to encourage subjects' honest accesses and discourage subjects' malicious accesses through Nash equilibrium. At last, we perform some experiments and show the advantages of RTAC over the traditional access control model.

Jiajun Shen,Dongqin Feng

DOI: https://doi.org/10.1080/00207721.2017.1406555

IF: 2.648

2018-01-01

International Journal of Systems Science

Abstract:In this paper, the cross-layer security problem of cyber-physical system (CPS) is investigated from the game-theoretic perspective. Physical dynamics of plant is captured by stochastic differential game with cyber-physical influence being considered. The sufficient and necessary condition for the existence of state-feedback equilibrium strategies is given. The attack-defence cyber interactions are formulated by a Stackelberg game intertwined with stochastic differential game in physical layer. The condition such that the Stackelberg equilibrium being unique and the corresponding analytical solutions are both provided. An algorithm is proposed for obtaining hierarchical security strategy by solving coupled games, which ensures the operational normalcy and cyber security of CPS subject to uncertain disturbance and unexpected cyberattacks. Simulation results are given to show the effectiveness and performance of the proposed algorithm.

Jingwei LIU,Jingju LIU,Yuliang LU,Bin YANG

2017-01-01

Journal of Computer Applications

Abstract:Game theory is a mathematical theory and method to study the phenomenon of struggle or competition.It has become a hot spot of network security research in the application of game theory to the study of network security situation awareness.This paper reviewed the general research methods of network situation awareness and their shortcomings,analyzed the game features of network security,gave the network security situation game model,discussed the application of game theory in the network security situation awareness and analyzed its advantages and disadvantages,pointed out some possible research directions in the future.

Hongfa Ding,Changgen Peng,Youliang Tian,Shuwen Xiang

DOI: https://doi.org/10.1109/NaNA.2019.00052

2019-01-01

Abstract:More and more security and privacy issues are arising as new technologies, such as big data and cloud computing, are widely applied in nowadays. For decreasing the privacy breaches in access control system under opening and cross-domain environment. In this paper, we suggest a game and risk based access model for privacy preserving by employing Shannon information and game theory. After defining the notions of Privacy Risk and Privacy Violation Access, a high-level framework of game theoretical risk based access control is proposed. Further, we present formulas for estimating the risk value of access request and user, construct and analyze the game model of the proposed access control by using a multi-stage two player game. There exists sub-game perfect Nash equilibrium each stage in the risk based access control and it's suitable to protect the privacy by limiting the privacy violation access requests.

Zhao Bin,Xiao Chuangbai,Zhang Wenyin,Gu Xue

DOI: https://doi.org/10.11999/JEIT180406

2019-01-01

Abstract:Trust based access control is a research hotspot in open network that access control is one of the importation technology of information security. For the interactive access behaviors of non-honest cooperation between network interactive entities in open network, the dynamic game access control model is established based on trust, and interactive entities are encouraged to rationally choose strategies expected by the system (the designer) driven by its own benefits through the designed mechanism. Taking benefits as the driven force, the mechanism rewards the honest nodes and punishes and restrains the non-honest nodes, and then reaches the general state of equalization between entities which meets the goal. The simulation experiment and result analysis show that the incentive and restraint mechanism is valid and necessary on the issue of non-honest access between network interactive entities.

Yi-xuan Zhang,Jing-sha He,Ruo-hong Liu

DOI: https://doi.org/10.14257/ijunesst.2015.8.4.01

2015-01-01

Abstract:Access control is the basic of information security.It is always used to protect sensitive information and critical resources from malicious attacks.But the traditional access control models are more adapt to closed network environment.And there are more and more unknown threats and attacks in the open networks, especially the mobile networks.To solve this problem, we propose a new access control model which is applicable to the open mobile networks by using non-zero-sum game theory in this paper.The model is composed by six modules: access evaluation module, access permission determination module, non-zero-sum game theory analysis module, decision-making module, result evaluation module, access feedback module and a prior information database.And in this model, the subjects will choose to be more honest when they make access requests because they all want to get more permission next time.Then we do some experiments to prove this fact.

Nafei Zhu,Fangbo Cai,Jingsha He,Yixuan Zhang,Wenxin Li,Zhao Li

DOI: https://doi.org/10.1007/s10586-018-2018-1

2018-01-01

Cluster Computing

Abstract:Access control is an important security mechanism for the protection of sensitive information and critical system resources. While it has been well-known that traditional access control models (TACMs), such as DAC, MAC, RBAC, etc., are not well suited for open networks due to the lack of dynamism in the management of access privileges, pro-active or dynamic access control models (PACMs) developed in recent years generally suffer from performance problems due to complex evaluation performed prior to access authorization. In game theory based dynamic access control models, which are one type of dynamic models, each access is modeled as a game that is played between the accessing subject and the accessed or protected object and the result of the play serves as the basis for making the authorization decision. Thus, delay is unavoidably introduced into the authorization process due to such pre-access evaluation. To overcome the shortcomings of TACMs and PACMs simultaneously, in this paper, we propose a new access control model called ISAC that, unlike all present access control models, is used not as a mechanism for access authorization but one for dynamic management of access privileges upon the completion of each access with the result being an updated set of access privileges for the accessing subject and used for updating the corresponding access control list for the subject. Access authorization will still be performed in the same way as that in the traditional access control models. Thus, ISAC offers the advantages of both traditional access control models in performance and pro-active access control models in dynamism. We will apply incomplete information static game to the development of ISAC in which we will show that there exists at least one Bayesian Nash equilibrium for the game play, which is the theoretical foundation for ISAC. We will also describe a framework design and an example implementation to illustrate the application of ISAC to access control. At last, we will present some experimental results to show that while maintaining the effectiveness of dynamic access control through the management of access privileges, ISAC can achieve the performance of traditional access control models.

Kaixing Huang,Chunjie Zhou,Yuanqing Qin,Weixun Tu

DOI: https://doi.org/10.1109/tie.2019.2907451

IF: 7.7

2019-01-01

IEEE Transactions on Industrial Electronics

Abstract:Current security measures in industrial cyber-physical systems (ICPS) lack the active decision capability to defend against highly-organized cyber-attacks. In this paper, a security decision-making approach based on stochastic game model is proposed to characterize the interaction between attackers and defenders in ICPSs and generate optimal defense strategies to minimize system losses. The major distinction of this approach is that it presents a practical way to build a cross-layer security game model for ICPSs by means of quantitative vulnerability analysis and time-based unified payoff quantification. A case study on a hardware-in-the-loop simulation testbed is carried out to demonstrate the feasibility of the proposed approach.

Jing-Sha He,Yi-Xuan Zhang,Shi-Yi Zhou,Ruo-Hong Liu

2014-01-01

Abstract:Access control is a core security technology to protect sensitive information and critical resources and to counter malicious attacks in computer systems and networks. During the past few decades, many access control models have been developed, such as discretionary access control (DAC), mandatory access control (MAC), role-based access control (RBAC) and so on. In this paper, we discuss the prisoner's dilemma in these models and propose a solution with trust to solve this problem. Then we make a simulation to compare the new access control models with the solution to the traditional ones.

Yixuan Zhang,Jingsha He,Bin Zhao,Zhiqing Huang,Ruohong Liu

DOI: https://doi.org/10.1016/j.cose.2014.12.001

IF: 5.105

2014-01-01

Computers & Security

Abstract:Access control is a core security technology which has been widely used in computer systems and networks to protect sensitive information and critical resources and to counter malicious attacks. Although many access control models have been developed in the past, such as discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC), these models are designed primarily as a defensive measure in that they are used for examining access requests and making authorization decisions based on established access control policies. As the result, even after a malicious access is identified, the requester can still keep issuing more malicious access requests without much fear of punitive consequences from the access control system in subsequent accesses. Such access control may be acceptable in closed systems and networks but is not adequate in open systems and networks where the real identities and other critical information about requesters may not be known to the systems and networks. In this paper, we propose to design pro-active access control so that access control systems can respond to malicious access pro-actively to suit the needs of open systems and networks. We will first apply some established principles in the Game Theory to analyze current access control models to identify the limitations that make them inadequate in open systems and networks. To design pro-active access control (PAC), we incorporate a constraint mechanism that includes feedback and evaluation components and show based on the Game Theory how to make such access control respond to malicious access in a pro-active manner. We also present a framework design of PAC and demonstrate through the implementation of trust-based access control the feasibility of design, implementation and application of pro-active access control. Such kind of models and mechanisms can serve as the foundation for the design of access control systems that will be made more effective in deterring malicious attacks in open systems and networks. (C) 2014 Elsevier Ltd. All rights reserved.

Yan Li,Jinqiang Ren,Huiping Sun,Haining Luo,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-10240-0_8

2009-01-01

Abstract:With development of grid technology, sensitive data protection becomes a difficult task for accesses from heterogeneous domains. Moreover, anonymity and unknown peers worsen security problems. Traditional access control mechanisms are not suitable to distributed environment. Several models and mechanisms make use of trust evaluation to assist access control decision. But few explicitly consider trust and risk as two separate factors which affect interactions between peers. In this paper, we present an access control mechanism which considers both trust and risk as two vital parameters. We also introduce static game model with incomplete information to analyze the optimal decision. In addition, a new model of trust evaluation is proposed to represent the confidence in the peer. To appease people's anxiety about loss, a model of risk assessment is also presented to indicate impacts on resources. At the end of this paper, to describe how our mechanism works, a scenario is provided.

Yuan Wang,Yongjun Wang,Jing Liu,Zhijian Huang,Peidai Xie

DOI: https://doi.org/10.1109/DSC.2016.90

2016-01-01

Abstract:Cyber security has been heavily studied in both industry and academia, but the traditional security technology is still facing unprecedented challenges in the background of massive and complicated network traffic. Game theory as a mathematical model of conflict and cooperation between intelligent rational decision-makers has great potential to improve cyber security. This paper describes a focused literature survey of game theoretic methods for cyber security applications. The methods are classified according to their security application scenarios, and we also present their advantages and limitations respectively. Then we discuss the difficulties and challenges confronting researchers, and in addition, we propose some directions for further research on game theory as applied to cyber security from both the mathematics perspective and security perspective.

Meng Xianghong,Wang Xiaoli

DOI: https://doi.org/10.4028/www.scientific.net/amm.446-447.1625

2013-01-01

Applied Mechanics and Materials

Abstract:The interactions between attackers and network administrator are modeled as a non-zero-sum dynamic game with incomplete information. Strategies taken by offenders and defenders are dynamic game processes which are mutually dependable and constantly repeated. This paper uses game theory to analyze the model and process of offense and defense counterwork, and suggests that information security problems can be studied from game theory's point of view.

Dylan Léveillé,Jason Jaskolka

DOI: https://doi.org/10.4204/EPTCS.409.11

2024-10-30

Abstract:Selecting the combination of security controls that will most effectively protect a system's assets is a difficult task. If the wrong controls are selected, the system may be left vulnerable to cyber-attacks that can impact the confidentiality, integrity and availability of critical data and services. In practical settings, it is not possible to select and implement every control possible. Instead considerations, such as budget, effectiveness, and dependencies among various controls, must be considered to choose a combination of security controls that best achieve a set of system security objectives. In this paper, we propose a game-theoretic approach for selecting effective combinations of security controls based on expected attacker profiles and a set budget. The control selection problem is set up as a two-person zero-sum one-shot game. Valid control combinations for selection are generated using an algebraic formalism to account for dependencies among selected controls. We demonstrate the proposed approach on an illustrative financial system used in government departments under four different scenarios. The results illustrate how a security analyst can use the proposed approach to guide and support decision-making in the control selection activity when developing secure systems.

Cryptography and Security,Computer Science and Game Theory

Hao Wu,Wei Wang,Changyun Wen,Zhengguo Li

DOI: https://doi.org/10.1016/j.ins.2018.04.051

IF: 8.1

2018-01-01

Information Sciences

Abstract:In this paper, a game theoretical analysis method is presented to provide the optimal security detection strategies for heterogeneous networked systems. A two-stage game model is firstly established, in which the attacker and defender are considered as two players. In the first stage, the two players make decisions on whether to execute the attack/monitoring actions or to keep silence for each network unit. In the second stage, two important strategic varibles, i.e. the attack intensity and detection threshold, are cautiously determined. The necessary and sufficient conditions to ensure the existence of the Nash equilibriums for the game with complete information are rigorously analyzed. The results reflect that with limited resources and capacities, the defender (attacker) tends to perform defense (attack) actions and further allocate more defense (less attack) resources to the units with larger assets. Besides, Bayesian and robust Nash equilibrium analysis is provided for the game with incomplete information. Finally, a sampling based Nash equilibrium verification and calculation approach is proposed for the game model with continuous kernels. Thus the convexity restrictions can be relaxed and the computational complexity is effectively reduced, with comparison to the existing recursive calculation methods. Numerical examples are given to validate our theoretical results.