Toward a Theory of Cyber Attacks
This work addresses the need for formal security guarantees in cybersecurity, though it appears incremental by applying existing modeling techniques to this domain.
The paper tackles the problem of analyzing defender-attacker interactions in cybersecurity by modeling them as Markov games and introducing a capacity region to assess security impacts, resulting in rigorous cryptographic guarantees that bound the probability of an attacker achieving objectives based on time budgets.
We provide a general methodology for analyzing defender-attacker based "games" in which we model such games as Markov models and introduce a capacity region to analyze how defensive and adversarial strategies impact security. Such a framework allows us to analyze under what kind of conditions we can prove statements (about an attack objective $k$) of the form "if the attacker has a time budget $T_{bud}$, then the probability that the attacker can reach an attack objective $\geq k$ is at most $poly(T_{bud})negl(k)$". We are interested in such rigorous cryptographic security guarantees (that describe worst-case guarantees) as these shed light on the requirements of a defender's strategy for preventing more and more the progress of an attack, in terms of the "learning rate" of a defender's strategy. We explain the damage an attacker can achieve by a "containment parameter" describing the maximally reached attack objective within a specific time window.