Basics

You are playing as the blue player. While you, the blue player, always start in control the red player can play a flip and gain control at any time. The state of the board is obscured in grey (Fog of War). You and the red player only learn the state of the game by playing ‘flip’. You can gain control by playing ‘flip’. The game ends after 10 seconds.
The computer makes random moves. That means that some rounds only a few and in other rounds many.

Objective of the game

The objective of the game is to win as many points as possible. To win you want to be in control for as long as possible using as few flips (moves) as possible.

Points

A player gains 100 points per second that that player is in control.
A player loses 100 points when that player plays ‘flip’.

Moves

The only move available to either the red or the blue player is to play ‘flip’. If you are in control and you play ‘flip’ you remain in control.
If you are not in control and you play ‘flip’ you regain control. One on player can be in control at a time.

The Board

The board displays the current known information about the game. Each ‘flip’ played is marked with a circle.
You can only see information that was revealed by your flips. The scores are updated when you play a ‘flip’ and reveal the current state of the game.
Blue rectangles represent periods of time in which you, the blue player, had control. Red rectangles represent periods of time in which the red player was in control.
The score is given in the upper right hand corner.

Strategies

You can select different strategies for each player.
The strategy selected controls when an action/flip will be initiated by the player.
Following strategies are available:

Human

Strictly speaking not a strategy but an option for Player Blue to let you perform the flips manually. You need to hit the "Flip" button to... flip.
This option is not available for Player Red.

Random

As the name suggests, the moves are initiated after a random amount of time passed. This may mean that a lot of moves are performed during a round or only a few.

Random fast

Random... but faster (=more moves per round) than the normal Random strategy.

Random with minimum 10 moves

Moves are initiated randomly but happen at least 10 times per round.
Think of this as a mix of periodic moves but with some random variance. Some moves may happen earlier, some later than a "pure" periodic strategy.

Periodic A

Moves are initiated in a well-defined interval. Exactly 10 moves per round.

Periodic B

Moves are initiated in a well-defined interval. Exactly 10 moves per round... but slightly after a move initiated by Period A.
Choose A and B for the players and see why e.g. periodic password changes provide no benefit in terms of security.

---

Costs

The default game is symmetric: Player Blue and Player Red have exactly the same costs and benefits.
You can setup the game so that the players have different costs and benefits.
You can use this to show that e.g. a lower move cost allows a player to make more moves that are within "budget" and therefore force the other player out.

Move cost Flip

This is the cost per action/flip.
If the "Move cost Reveal" is zero, the "Move cost Flip" is deducted from the accumulated benefit every time a player makes a move.
If (and only if!) the "Move cost Reveal" is greater than zero, the Move Cost Flip only is deducted from the players accumulated benefit if the move actually caused a flip.

Move cost Reveal

The cost for a move that reveals the current state of the board (= who controls the board).
If the board belongs to the player that made the move, only the reveal costs are deducted from the accumulated benefit.
However, if the move reveals that the board is under control of the opposing player, the "Move cost Flip" and the "Move cost Reveal" are deducted from the accumulated benefit of the player that initiated the move.

---

Benefit

This is the imaginary benefit gained per time slice the player has control over the board.

---

Fog of War

If Player Blue is human, the Fog of War is enabled by default but can we switched off.
If enabled, the fog of war hides the current status of the board from the players until they make a move.
For computer vs. computer games, the fog of war is disabled.

Game theory is the the branch of mathematics concerned with the analysis of strategies for dealing with competitive situations where the outcome of a participant's choice of action depends on the actions of other participants. Game theory has been applied to contexts in war, business, and biology... and (IT-)security.

RSA FlipIt is a game where two players (attacker and defender) compete over a resource. FlipIt was developed by the RSA Labatories and Ron Rivest in 2012. The orginal paper is available here.

What made FlipIt special at that time was, that the players can move at any time and that the opponent's moves are hidden until a player makes their move. That is very different from other games where players move one after the other and the result of any move is visible to the other player(s).

The benefit for each player is directly related to the time that player has control over the resource. The resource could be anything but the original idea of FlipIt was, that this is about e.g. a server, a cryptographic key management system etc. To model real-life scenarios more closely, each move has a cost associated to it. The cost per move ensures, that the players cannot simply play multiple moves in rapid succession. If they would do that, all of their benefits are likely to be consumed by the costs of those moves.

FlipIt gives us a couple of lessons about the resources we defend (or attack... this knowledge isn't just for defenders):

1. One should always assume complete compromise of the resource e.g. complete loss of control over a server, cryptographic key, Helms Deep, etc.
2. Agressive play of one player can force the opponent out of the game. That is thanks to the costs of each move. If the defender's costs are lower than that of the attacker, the defender can play faster. The attacker will soon reach a point where it is no longer sensible to continue as there is no profit to be made any longer.
The defender should therefore "rig" the system so that the defender's move costs are lower and therefore the attackers move costs are higher.
3. Visibility into the state of the resource is important. The more visibility a player has, the more efficiently the defender's moves can be performed. No move is wasted, no unneeded costs occur.

This online FlipIt game tries to visualize the game under various assumptions:

• The attacker can play according to various strategies: random, periodic, random-with-minium-moves
• The defender can use the same strategies or be controled by a human (assumption: that is you).

By adjusting one's strategy (when to move) and the various costs and the benefit, you can see for yourself that:

• Moving more often results in more time the resource is under control
• Having low move-costs does make a difference. This includes having the option to have a (relatively low) move costs for "Reveal" moves - this option allows a player to incur lower costs per move as just checking wether the resource is still under control by the player is cheaper than the costs of flipping the resource regardless of it's state.
• Periodic moves are a bad idea. Make your moves unpredictable. That could mean completely random or at least in a pattern that cannot be easily guessed. Moves could be based on memoryless exponential distribution for example.