@InProceedings{BVDGx12,
author = { Kevin D. Bowers and Marten van Dijk and Robert Griffin and Ari Juels and Alina Oprea and
Ronald L. Rivest and Nikos Triandopoulos },
title = { Defending against the Unknown Enemy: Applying {FlipIt} to System Security },
booktitle = { Proc. GameSec 2012 },
urla = { GameSec'12 },
OPTyear = { 2012 },
OPTmonth = { November 5--6, },
eventtitle = { GameSec'12 },
eventdate = { 2012-11-05/2012-11-06 },
date = { 2012-11-05 },
venue = { Budapest, Hungary },
publisher = { Springer },
editor = { Jens Grossklags and Jean Walrand },
number = { 7638 },
series = { Lecture Notes in Computer Science },
pages = { 248--263 },
doi = { 10.1007/978-3-642-34266-0_15 },
urla = { GameSec'12 },
urlb = { ePrint(extended-version) },
abstract = {
Most cryptographic systems carry the basic assumption that
entities are able to preserve the secrecy of their keys. With attacks today
showing ever increasing sophistication, however, this tenet is eroding.
``Advanced Persistent Threats'' (APTs), for instance, leverage zero-day exploits
and extensive system knowledge to achieve full compromise of cryptographic keys
and other secrets. Such compromise is often silent, with defenders failing to
detect the loss of private keys critical to protection of their systems. The
growing virulence of today's threats clearly calls for new models of defenders'
goals and abilities.
\par
In this paper, we explore applications of FlipIt, a novel game-theoretic model
of system defense introduced in [14]. In FlipIt, an attacker periodically gains
complete control of a system, with the unique feature that system compromises
are stealthy, i.e., not immediately detected by the system owner, called the
defender. We distill out several lessons from our study of FlipIt and demonstrate
their application to several real-world problems, including password reset policies,
key rotation, VM refresh and cloud auditing.
},
}