Mathematical Modeling of Deception Project

Research Goal

Deception has long been a tool in computer security, but always on an ad hoc basis. Cliff Stoll used it to help catch an attacker snooping in a computer system at the Lawrence Berkeley Laboratory. Stoll used a technique that foreshadowed "honey pots," the best example of which is Fred Cohen's Deception Tool Kit. The DTK creates an illusion of a system or network (depending on the configuration). The goals of these mechanisms are threefold: (1) To encourage the attacker to waste resources attacking something that does not exist; (2) to prevent the attacker from gaining access to the actual system resources and/or data; and (3) to provide a forum for analyzing the attacker's goals and methodologies. This project aims to analyze the mathematics of deception in computer security.


Expected Results

We plan to obtain examples of computer intrusions in which deception played a role. Our goal is to detemrine the purpose of the deception, whether is was effective, and what were the costs. We can use this to tune our cost models and test our formalism.


Sandia National Laboratories


Contact person:
Matt Bishop

last modified 3/29/02