Recently the analytic and modeling framework of modern game theory has yielded powerful and elegant tools for considering security and the effects of non-cooperative and adversarial types. While conventional security aims at preventing an anticipated set of forbidden actions that make up the respective security model, game- and decision theory take a different and more economic viewpoint: security is not the absence of threats, but the point where the cost of an attack outweighs than the gains. Starting from a game- and decision-theoretic root thus achieves the most elegant form of security, by analyzing and creating incentives to actively encourage honest behaviors rather than preventing maliciousness. In other words, game theory helps designing “self-enforcing security”. At the same time, the economic approach to security is essential as it parallels the evolution of today's attackers. Cybercrime has grown into a full-featured economy, maintaining black markets, supply chains, and widely resembling an illegal counterpart of the crucial software market. Traditional security remains an important fundament to tackle the issue from below, but game and decision theory offers a top-down view by adopting the economic and strategic view of the attackers too, and as such complements purely technological security means.
The purpose of this special issue in Computers and Security is to gather the latest advances in game-theoretic approach to security and disseminate new ideas and experiences in this emerging field to a broad audience. We encourage the submission of papers with new results, methods or applications of game theory to security. In particular, the topics of interest include (but are not limited to):
- Game theory, control, and mechanism design for security and privacy
- Decision making for cybersecurity and security requirements engineering
- Security and privacy for emerging technologies, such as
- Internet-of-Things,
- cyber-physical systems,
- cloud computing,
- resilient control systems,
- critical infrastructures,
- cryptocurrencies, and distributed ledger technologies.
- Pricing, economic incentives, security investments, and cyber insurance for dependable and secure systems
- Risk assessment and security risk management
- Security and privacy of wireless and mobile communications
- Socio-technological and behavioral approaches to security
- Empirical and experimental studies with game, control, or optimization theory-based analysis for security and privacy
- Rational cryptography, including theoretical and case study contributions
- Threat intelligence, adversarial machine learning and the role of AI in system security