Formally modeling deceptive patches using a game-based approach

The paradigm that deceptive data, tools and behavior are difficult to distinguish from their legitimate counterparts is intuitively understood, but a formal representation of why deception works and its impact on the security provided by patches is lacking. As an emerging research area, it is important to develop this strong foundation from which to reason about the security impact of proposed techniques. Thus, we present a number of deceptive models that represent a variety of deceptive patches to move toward a formal model of deception. These models identify theoretically secure techniques as well as those that fall short of theoretical security. For techniques that fall short, additional analysis shows they could still be effective in practice. In this research, we first introduce formal game-based security definitions that capture the technique's claimed security impact and present a general game-based model using these definitions. We then apply this general model to faux, obfuscated, and active response patches to formally analyze their security impact. Finally, we discuss whether these ideal properties of deceptive systems can be achieved in reality. (C) 2018 Elsevier Ltd. All rights reserved.