This book presents a compendium of selected game- and decision-theoretic models to achieve and assess the security of critical infrastructures. Given contemporary reports on security incidents of various kinds, we can see a paradigm shift to attacks of an increasingly heterogeneous nature, combining different techniques into what we know as an advanced persistent threat. Security precautions must match these diverse threat patterns in an equally diverse manner; in response, this book provides a wealth of techniques for protection and mitigation. Much traditional security research has a narrow focus on specific attack scenarios or applications, and strives to make an attack "practically impossible." A more recent approach to security views it as a scenario in which the cost of an attack exceeds the potential reward. This does not rule out the possibility of an attack but minimizes its likelihood to the least possible risk. The book follows this economic definition of security, offering a management scientific view that seeks a balance between security investments and their resulting benefits. It focuses on optimization of resources in light of threats such as terrorism and advanced persistent threats. Drawing on the authors' experience and inspired by real case studies, the book provides a systematic approach to critical infrastructure security and resilience. Presenting a mixture of theoretical work and practical success stories, the book is chiefly intended for students and practitioners seeking an introduction to game- and decision-theoretic techniques for security. The required mathematical concepts are self-contained, rigorously introduced, and illustrated by case studies. The book also provides software tools that help guide readers in the practical use of the scientific models and computational frameworks.

This book provides an overview of state-of-the-art implementations of quantum random number generators (QRNGs), and especially examines their relation to classical statistical randomness models and numerical techniques for computing random numbers. The reader - who ideally has a background in classical statistics, computer science, or cryptography - is introduced to the world of quantum bits step by step, and explicit relations between QRNGs and their classical counterparts are identified along the way. Random number generation is a major pillar of cryptography. Capitalizing on the randomness inherent in quantum phenomena is a rapidly evolving branch of quantum cryptography with countless applications for the future. The value of quantum randomness for cryptographic purposes is empirically demonstrated in statistical evaluations of QRNGs' performance compared to classical techniques for true and pseudorandom number generation. The book then provides an overview of technical implementations of QRNGs, before a concluding discussion of major achievements and remaining obstacles in the field rounds out the coverage, while also opening the door for future research directions.

This book constitutes the refereed proceedings of the 8th International Conference on Decision and Game Theory for Security, GameSec 2017, held in Vienna, Austria, in October 2017. The 24 revised full papers presented together with 4 short papers were carefully reviewed and selected from 71 submissions.The papers address topics such as Game theory and mechanism design for security and privacy; Pricing and economic incentives for building dependable and secure systems; Dynamic control, learning, and optimization and approximation techniques; Decision making and decision theory for cybersecurity and security requirements engineering; Socio-technological and behavioral approaches to security; Risk assessment and risk management; Security investment and cyber insurance; Security and privacy for the Internet-of-Things (IoT), cyber-physical systems, resilient control systems; New approaches for security and privacy in cloud computing and for critical infrastructure; Security and privacy of wireless and mobile communications, including user location privacy; Game theory for intrusion detection; and Empirical and experimental studies with game-theoretic or optimization analysis for security and privacy.

The chapters in this volume explore how various methods from game theory can be utilized to optimize security and risk-management strategies. Emphasizing the importance of connecting theory and practice, they detail the steps involved in selecting, adapting, and analyzing game-theoretic models in security engineering and provide case studies of successful implementations in different application domains. Practitioners who are not experts in game theory and are uncertain about incorporating it into their work will benefit from this resource, as well as researchers in applied mathematics and computer science interested in current developments and future directions. The first part of the book presents the theoretical basics, covering various different game-theoretic models related to and suitable for security engineering. The second part then shows how these models are adopted, implemented, and analyzed. Surveillance systems, interconnected networks, and power grids are among the different application areas discussed. Finally, in the third part, case studies from business and industry of successful applications of game-theoretic models are presented, and the range of applications discussed is expanded to include such areas as cloud computing, Internet of Things, and water utility networks.