paper writing

Trade-off study between security and efficiency in networked control system

In this paper, we will discuss how to define security and how to measure the efficiency by our metrics of a specific networked control system. Besides, we propose a relation between these two notions using convex optimization. At last, we get a trade-off between security and efficiency in networked control system using parametric programming and differential geometry.

How is this networked control system?

Metrics for security:

Related work first:

There are many ways to quantitatively differentiate or measure the system security, accurately. [Stuart Schechter] from Harvard uses the cost to break into a system as an effective metric from the start of testing until product retirement, to find out how hard it is for real people to break into a system. It is an economic way to estimate an upper bound and a lower bound for every unique security vulnerability. [R. Ortalo and Y. Deswarte] also presents a method based on the privilege graph model for quantitatively evaluation of the security of information system. It includes two levels. In its design level, it uses security policy to denote the security objectives and in its second level, it uses a pragmatic evaluation technique to achieve a good compromise between security and efficiency in the information system. They also have another paper to presents the results of an experiment in security evaluation and validates the measures[1]. [Lingyu Wang] proposes a method using attack graphs to measure the global security of a network. It tries to integrate the measurement for individual vulnerabilities, resources, and configurations into a global measure based on a particular context. With such method, it can also provide the missing information among network components so as to consider potential attacks and their consequence in the context. These approaches have proposed their ways to evaluate modern IT systems. But, they fail to quantitatively define both the efficiency and security metrics for networked control systems.

Metrics for efficiency:

Related work first:

Analyzing efficiency in networked control system has been started three decades ago. [2,T.C.Yang] in his survey, proposed that most of networked control systems improve their efficiency, flexibility and reliability through common-bus network, reduced wiring and distributed intelligence so as to reduce the installation, reconfiguration and maintenance time and costs. [Derek, Emeka, Jia] in their SimTool paper, they only focus on run-time efficiency of the networked UAV system. Under kinds of network situations, like nominal case, with lots of background traffic and multi-hop network, this paper uses the run-time to denotes its efficiency and compare them. [3] Mei proposes that with the increase of the sampling period, the data packet dropout has to be decreased, therefore, the efficiency of NCS is increased. In a qualitative way, increasing sampling rate will increase the load of network and thus deteriorate its performance. They all illustrate a way to increase efficiency of networked control system. However, same as notion of security, they don’t have a quantitative way to evaluate the “efficiency”.

Their relation:

Get a Trade-off:

Conclusion:

Reference:

[1] Rodolphe. Ortalo, Yves. Deswarte, Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security.

[2] T.C.Yang, Networked control system: a brief survey

[3] Mei Yu, Long Wang, Stabilization of Networked Control Systems with Data Packet Dropout and Transmission Delays: Continuous-Time Case

To do: a trade-off study between efficiency (performance) and security level in intrusion detection network system

General idea: In intrusion detection network system (IDNS), each IDS could be viewed as a sensor which operate independently on their network. We will do an analytical study on a trade-off between security level and efficiency in IDNS. We will define our metrics for each notion, for example, efficiency may relate to the total resource consumption with respect to the allowed resource capacity. The performance of the whole system heavily relies on a trade-off between security enforcement and the usability of a system due to the size of signature database (since most of the existing IDS is signature-based not anomaly based system) and the number of the IDS configured on the network level (not the physical level). The performance of the system will degrade when more security is applied at all times, while the system is prone to attacks when the enforcement of security is overlooked. Hence, interesting questions arise : 1)whether there exists a solution that is both efficient and secure, which means it could be solved subject to a certain constraint. 2)whether there exists a trade-off relation between these two indexes, which remains a challenge in this field. I want to find a complete and generally applicable way to analyze this problem, and get their inside relation. It may lead to some fundamental limits in multi-tier secure networked control system design. In addition, if possible we can get the upper bound and lower bound for them.

Weekly Summary 08/01~08/11

During these two weeks, I have been looking into four papers related to game-theoretical model to balance the security enforcement and the performance of an information system. He also has a paper talking about tradeoff between security enforcement and control system accessibility. The authors usually solves the problem of limited resource allocation. It focuses on the configuration problem of the network level, where multiple IDS are deployed in an enterprise network.

The problems they are trying to solve are:

--limited resource against intrusion

We face malicious attackers from outside. We need to make some intrusion response against them, however, the resources allocated towards responding to attacks, such as IT security personnel, firewalls, and patch management systems, are growing slowly. There is a widening gap between them. In [4], the author only cares about the system administrator's time which in other words is the only resource considered. There is a big assumption that whenever the system's administrator is available, he can fix the intrusion by some actions or strategies.

--untrust IDS and no incentives

In collaborative intrusion detection networks, many proposed IDS system always assume that all IDS cooperate honestly. They are lack of trust management. Even in proposed trust-based IDN, they didn't have incentives in it. That means they haven't consider the situation when some ID only ask for assistance but never contribute. In [2], the author propose an incentive compatible resource allocation scheme to solve this problem.

--trade-off between efficiency and fairness

In intrusion detection and response field, people haven't found a way to better balance the system efficiency and fairness. Since the solution (Nash equilibrium) for noncooperative games may not result in an efficient solution. And, a common linear programming framework may result in an unfair solution in that some users may be assigned with full capacity but the others with none. In [3], the author has an analytical trade-off study between them, especially how he define the metrics to measure efficiency and fairness.

--trade-off between the security and accessibility for cps

There will be influence of cyber security policies on various control system performances. To solve such problem, the author[5] develops an optimal policy for a networked control system.

Four papers are:

[1].RRE A game theoretic intrusion response and recovery engine

[2].A game-theoretical approach to incentive design in collaborative intrusion detection networks

[3].A trade-off study between efficiency and fairness in communication networks

[4].Intrusion response as a resource allocation problem

[5].Towards a unifying security framework for Cyber-Physical Systems

My goal next week is to find a better game-theoretical

rethinking about paper: network security configurations---a nonzero-sum stochastic game approach

In this paper, the author presented an N+M-person stochastic game model for network security configurations to balance between the security and usability of complex cooperative networked control system. The paper focuses on the configuration problems of intrusion detection systems but we can see that the game-theoretic framework is general enough to be extended to address concerns regarding other network security problems, like intrusion response system, using to choose a best response method.

Besides, this paper has proposed a new notion of security capacity to denote the security performance, and characterize a feasibility problem of a nonlinear program. This notion could be further used to do as security metrics in problems like jamming and secure routing.

IDEA: we could extend this work to the case in which defenders and attackers have imperfect monitoring or partial observations of the states and consider games with asymmetric information between defenders and attackers.

DONE: a simple prisoner dilemma has been simulated in matlab. It's a two-player game with four types of payoffs. just a test, need to consider more about this.

TO DO tomorrow: paper reading on <A Game-Theoretical Approach to Incentive Design in Collaborative IDS Networks>, try to find out how to do such experiment.

To do: Game theory and implementation using Matlab

I found using game theory to model the network security configuration, trying to balance the security enforcement and the usability of a networked control system, interesting.

Tomorrow, I will try to implement prisoner's dilemma in matlab.

Game Theory meets Network Security and CPS

This guy from UIUC in Information Trust Group under the supervision of T. Basar, uses lots of game theory into intrusion detection, intrusion response system and CPS. It is a really new area, especially that the application of game theory to wireless networks is a relatively new area.

Quanyan Zhu from uiuc

He has a paper about understanding the tradeoff between security and control system accessibility. In CPS, they always differ in their security objectives, security architecture and quality-of-service requirements. To get a better tradeoff using our specific environment, maybe we could write a paper about it to solve similar problem.

reference:

cpsweek 2011

Towards a Unifying Security Framework for Cyber-physical system

To do tomorrow

another paper: network security configurations: a nonzero-sum stochastic game approach

Find drawbacks of recent research on intrusion response

In modeling system response to security threats, researchers have made extensive use of state-space models. Like the one we mentioned before, RRE: A game theoretic intrusion response and recovery engine, this paper uses the partially observable stochastic game model and extended attack tree called attack-response tree. I think the main drawback for this kind of discrete-time state space model is that they may suffer from state-space explosion.

IDEA1: we may extend some other combinatorial methods for modeling and analyzing cyber attacks and countermeasures to solve this state explosion problem.

Second, by using game theory to find the best defense from a pool of defense mechanisms, it is not a so good way actually. Complicated and consume lots of time and resource.

IDEA2: We could extend some other suitable algorithms which is less expensive compared to this kind of state-space based approach.

Another team has done a great work on this area. Dr. Kishor Trivedi