The structure and topology of rooted weighted trees modeling layered cyber-security systems

In this paper we consider a layered-security model in which the containers and their nestings are given in the form of a rooted tree $T$. A {\em cyber-security model\/} is an ordered three-tuple $M = (T, C, P)$ where $C$ and $P$ are multisets of {\em penetration costs\/} for the containers and {\em target-acquisition values\/} for the prizes that are located within the containers, respectively, both of the same cardinality as the set of the non-root vertices of $T$. The problem that we study is to assign the penetration costs to the edges and the target-acquisition values to the vertices of the tree $T$ in such a way that minimizes the total prize that an attacker can acquire given a limited {\em budget}. For a given assignment of costs and target values we obtain a {\em security system}, and we discuss three types of them: {\em improved}, {\em good}, and {\em optimal}. We show that in general it is not possible to develop an optimal security system for a given cyber-security model $M$. We define P- and C-models where the penetration costs and prizes, respectively, all have unit value. We show that if $T$ is a rooted tree such that any P- or C-model $M = (T,C,P)$ has an optimal security system, then $T$ is one of the following types: (i) a rooted path, (ii) a rooted star, (iii) a rooted 3-caterpillar, or (iv) a rooted 4-spider. Conversely, if $T$ is one of these four types of trees, then we show that any P- or C-model $M = (T,C,P)$ does have an optimal security system\@. Finally, we study a duality between P- and C-models that allows us to translate results for P-models into corresponding results for C-models and vice versa. The results obtained give us some mathematical insights into how layered-security defenses should be organized.