Our recent work “A Game-Theoretic Approach for Security Control Selection” is now available online. In this paper, we propose a game-theoretic approach for selecting effective combinations of security controls based on expected attacker profiles and a set budget. The control selection problem is set up as a two-person zero-sum one-shot game. Valid control combinations for selection are generated using an algebraic formalism to account for dependencies among selected controls. We demonstrate the proposed approach on an illustrative financial system used in government departments under four different scenarios. The results illustrate how a security analyst can use the proposed approach to guide and support decision-making in the control selection activity when developing secure systems. This paper was presented at the 15th International Symposium on Games, Automata, Logics, and Formal Verification (GandALF 2024) in June 2024. See Publications for more details!
Home / Publication / New Publication: A Game-Theoretic Approach for Security Control Selection
New Publication: A Game-Theoretic Approach for Security Control Selection