Mathematical Modeling of Deception (Sandia)

Mathematical Modeling of Deception Project

Research Goal

Deception has long been a tool in computer security, but always on an ad hoc basis. Cliff Stoll used it to help catch an attacker snooping in a computer system at the Lawrence Berkeley Laboratory. Stoll used a technique that foreshadowed "honey pots," the best example of which is Fred Cohen's Deception Tool Kit. The DTK creates an illusion of a system or network (depending on the configuration). The goals of these mechanisms are threefold: (1) To encourage the attacker to waste resources attacking something that does not exist; (2) to prevent the attacker from gaining access to the actual system resources and/or data; and (3) to provide a forum for analyzing the attacker's goals and methodologies. This project aims to analyze the mathematics of deception in computer security.

Approach

To define deception rigorously, using a Turing machine approach (or some other, equivalent formalism).

We intend to take a risk analysis approach to examining "cost" based upon risk, effort needed to impose the deception and maintain the façade, and combine these factors with the probability of the attacker determining the deception and what costs may accrue as a result. We will describe cost in terms of both the attacker and defender. One hope is to maximize the former while minimizing the later.

Expected Results

Contact person:
Matt Bishop
bishop@cs.ucdavis.edu

last modified 3/29/02