Defending against the Unknown Enemy: Applying FlipIt to System Security

  • Kevin D. Bowers
  • Marten van Dijk
  • Robert Griffin
  • Ari Juels
  • Alina Oprea
  • Ronald L. Rivest
  • Nikos Triandopoulos
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7638)


Most cryptographic systems carry the basic assumption that entities are able to preserve the secrecy of their keys. With attacks today showing ever increasing sophistication, however, this tenet is eroding. “Advanced Persistent Threats” (APTs), for instance, leverage zero-day exploits and extensive system knowledge to achieve full compromise of cryptographic keys and other secrets. Such compromise is often silent, with defenders failing to detect the loss of private keys critical to protection of their systems. The growing virulence of today’s threats clearly calls for new models of defenders’ goals and abilities.

In this paper, we explore applications of FlipIt, a novel game-theoretic model of system defense introduced in [14]. In FlipIt, an attacker periodically gains complete control of a system, with the unique feature that system compromises are stealthy, i.e., not immediately detected by the system owner, called the defender. We distill out several lessons from our study of FlipIt and demonstrate their application to several real-world problems, including password reset policies, key rotation, VM refresh and cloud auditing.


Cloud Provider Cloud Service Provider Move Cost Security Game Advance Persistent Threat 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: Proc. 14th ACM Conference on Computer and Communication Security, CCS (2007)Google Scholar
  2. 2.
    Barker, E., Barker, W., Polk, W., Smid, M.: Recommendation for key management II: Best practices for key management organization. NIST SP (2/3), 1–79 (2005)Google Scholar
  3. 3.
    Juels, A., Kaliski, B.: PORs: Proofs of retrievability for large files. In: Proc. 14th ACM Conference on Computer and Communication Security (CCS), pp. 584–597 (2007)Google Scholar
  4. 4.
    Katz, J.: Bridging Game Theory and Cryptography: Recent Results and Future Directions. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 251–272. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Mailath, G.J., Samuelson, L.: Repeated Games and Reputations: Long-run relationships, Oxford (2006)Google Scholar
  6. 6.
    Manshaei, M., Zhu, Q., Alpcan, T., Basar, T., Hubaux, J.P.: Game Theory Meets Network Security and Privacy. Technical report, EPFL (2010)Google Scholar
  7. 7.
    Moore, T., Friedman, A., Procaccia, A.: Would a “cyber warrior” protect us? Exploring trade-offs between attack and defense of information systems. In: NSPW, pp. 85–94 (2010)Google Scholar
  8. 8.
    Myerson, R.B.: Game Theory—Analysis of Conflict. Harvard University Press (1997)Google Scholar
  9. 9.
    Nguyen, K.C., Alpcan, T., Basar, T.: Security games with incomplete information. In: Proc. IEEE International Conference on Communications, ICC (2009)Google Scholar
  10. 10.
    Pavlovic, D.: Gaming security by obscurity, CoRR abs/1109.5542 (2011)Google Scholar
  11. 11.
    Radzik, T.: Results and problems in games of timing. Statistics, Probability and Game Theory 30 (1996)Google Scholar
  12. 12.
    Rivest, R.L.: Illegitimi non carborundum. Invited keynote talk given at CRYPTO 2011 (August 15, 2011),
  13. 13.
    Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: Int. Conf. on System Sciences (HICSS), pp. 1–10 (2010)Google Scholar
  14. 14.
    van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: FlipIt: The game of “stealthy takeover”. To appear in Journal of Cryptology (2012)Google Scholar
  15. 15.
    Witty, R.J., Brittain, K., Allen, A.: Justify identity management investment with metrics. Gartner Group report (February 23, 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Kevin D. Bowers
    • 1
  • Marten van Dijk
    • 1
  • Robert Griffin
    • 2
  • Ari Juels
    • 1
  • Alina Oprea
    • 1
  • Ronald L. Rivest
    • 3
  • Nikos Triandopoulos
    • 1
  1. 1.RSA LaboratoriesCambridgeUSA
  2. 2.RSA, The Security Division of EMCZurichSwitzerland
  3. 3.MITCambridgeUSA

Personalised recommendations