Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.

Slides:

Advertisements

Similar presentations

Market Enabling Network Architecture NSF FIND PI Meeting Arlington, VA June 27, 2007 John Musacchio Assistant Professor Technology and Information Management.

Advertisements

What to do in a crisis? Vassilis Tselios Centre for Urban and Regional Development Studies University of Newcastle upon Tyne 8 th European Week of Regions.

A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.

1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas.

Economic Incentives to Increase Security in the Internet: the Case for Insurance Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) IEEE INFOCOM, Rio 2009.

The Interaction between the Stock Market and Consumption: A Stochastic Factor Model Moawia Alghalith & Tracy Polius.

Diffusion and Cascading Behavior in Random Networks Marc Lelarge (INRIA-ENS) Columbia University Joint CS/EE Networking Seminar June 2, 2011.

Inefficiency of equilibria, and potential games Computational game theory Spring 2008 Michal Feldman TexPoint fonts used in EMF. Read the TexPoint manual.

1 The Monopolist's Market with Discrete Choices and Network Externality Revisited: Small-Worlds, Phase Transition and Avalanches in an ACE Framework. Denis.

Risk Models and Controlled Mitigation of IT Security R. Ann Miura-Ko Stanford University February 27, 2009.

6.896: Topics in Algorithmic Game Theory Lecture 20 Yang Cai.

Price Of Anarchy: Routing

USING LOTTERIES TO APPROXIMATE THE OPTIMAL REVENUE Paul W. GoldbergUniversity of Liverpool Carmine VentreTeesside University.

1 University of Southern California Keep the Adversary Guessing: Agent Security by Policy Randomization Praveen Paruchuri University of Southern California.

1 Strategic choice of financing systems in regulated and interconnected industries Anna BassaniniJerome Pouyet Rome & IDEICREST-LEI & CERAS-ENPC

Diffusion and Cascading Behavior in Random Networks Marc Lelarge (INRIA-ENS) WIDS MIT, May 31, 2011.

On Cheating in Sealed-Bid Auctions Ryan Porter Yoav Shoham Computer Science Department Stanford University.

Geoffrey Heal Graduate School of Business Columbia University Howard Kunreuther Center for Risk Management.

Regret Minimization and the Price of Total Anarchy Paper by A. Blum, M. Hajiaghayi, K. Ligett, A.Roth Presented by Michael Wunder.

Algorithms and Economics of Networks Abraham Flaxman and Vahab Mirrokni, Microsoft Research.

Benjamin Johnson Carnegie Mellon University Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST.

Efficient Control of Epidemics over Random Networks Marc Lelarge (INRIA-ENS) SIGMETRICS 09.

J. Laurent-Lucchetti (U. Bern) J. Leroux and B. Sinclair-Desgagné (HEC Montréal) Splitting an uncertain (natural) capital.

Cooperation in Anonymous Dynamic Social Networks Brendan Lucier University of Toronto Brian Rogers Northwestern University Nicole Immorlica Northwestern.

Software Diversity for Information Security Gaurav Kataria Carnegie Mellon University.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 A Preamble into Aligning Systems Engineering and Information Security Risk Dr. Craig.

ECONOMIC ASPECTS OF CYBERSECURITY

Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyWEIS 2009 Presentation.

Network Security An Economics Perspective IS250 Spring 2010 John Chuang.

Robust Allocation of a Defensive Budget Considering an Attacker’s Private Information Mohammad E. Nikoofal and Jun Zhuang Presenter: Yi-Cin Lin Advisor:

Geoffrey Heal Graduate School of Business Columbia University Howard Kunreuther Center for Risk Management.

Interdependent Security Games and Networks Networked Life CSE 112 Spring 2006 Prof. Michael Kearns.

Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyTRUST 2009 Presentation.

Optimal Marketing Strategies over Social Networks Jason Hartline (Northwestern), Vahab Mirrokni (Microsoft Research) Mukund Sundararajan (Stanford)

Ch.9 The Consumption Capital Asset Pricing Model 9.1 Introduction 9.2 The Representative Agent Hypothesis and Its Notion of Equilibrium 9.3 An Exchange.

Notes on Alesina and Angeletos on ‘Fairness and Redistribution’ Econ 594ER October 29, 2007.

Game Theory: Whirlwind Review Matrix (normal form) games, mixed strategies, Nash equil. –the basic objects of vanilla game theory –the power of private.

Dynamic Network Security Deployment under Partial Information George Theodorakopoulos (EPFL) John S. Baras (UMD) Jean-Yves Le Boudec (EPFL) September 24,

Vaccination Externalities Bryan L. Boulier Tejwant S. Datta† Robert S. Goldfarb‡ The George Washington University, †Albert Einstein Medical.

-1- Entrance of Cable TV Service Provider into Broadband Internet Service Market : Service Bundling and Role of Access Charge By Jae-Hyeon Ahn, Jungsuk.

Noam Nisan Non-price Equilibria in Markets of Discrete goods Avinatan Hassidim, Haim Kaplan, Yishay Mansour, Noam Nisan.

Economics of Malware: Epidemic Risk Model, Network Externalities and Incentives. Marc Lelarge (INRIA-ENS) WEIS, University College London, June 2009.

Allerton 2011 September 28 Mathias Humbert, Mohammad Hossein Manshaei, and Jean-Pierre Hubaux EPFL - Laboratory for Communications and Applications (LCA1)

Who Should be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments Terrence August Rady School of Management,

Economic Models & Approaches in Information Security for Computer Networks Authors: P. Souras et al. Submission: International Journal of Network Security.

2 Introduction: phase transition phenomena Phase transition: qualitative change as a parameter crosses threshold Matter temperature magnetism demagnetism.

1 Privacy-Preserving Distributed Information Sharing Nan Zhang and Wei Zhao Texas A&M University, USA.

Yitzchak Rosenthal P2P Mechanism Design: Incentives in Peer-to-Peer Systems Paper By: Moshe Babaioff, John Chuang and Michal Feldman.

Network Economics: two examples Marc Lelarge (INRIA-ENS) SIGMETRICS, London June 14, 2012.

1 Efficiency and Nash Equilibria in a Scrip System for P2P Networks Eric J. Friedman Joseph Y. Halpern Ian Kash.

Inoculation Strategies for Victims of Viruses and the Sum-of-Squares Partition Problem Kevin Chang Joint work with James Aspnes and Aleksandr Yampolskiy.

Endogenous Information and Self-Insurance In Insurance Markets: A Welfare Analysis F. Barigozzi University of Bologna D. Henriet Ecole Centrale Marseille,

Let the Pirates Patch? An Economic Analysis of Software Security Patch Restrictions Terrence August *Joint work with Tunay I. Tunca.

How tough should you be Inflation targeting, fiscal feedbacks, and multiple equilibria Alexandre Schwartsman Unibanco.

Is Deposit Insurance a Good Thing, and if so, Who should pay for it? Alan Morrison, Merton College & Saïd Business School, Oxford Lucy White, Harvard Business.

WEIS Economic Analysis of Incentives to Disclose Software Vulnerabilities Dmitri Nizovtsev Washburn University Marie Thursby Georgia Institute of.

6.853: Topics in Algorithmic Game Theory Fall 2011 Constantinos Daskalakis Lecture 22.

MAIN RESULT: We assume utility exhibits strategic complementarities. We show: Membership in larger k-core implies higher actions in equilibrium Higher.

Information Design: A unified Perspective cn

Information Design: A unified Perspective Prior information

Strategic Information Transmission

For modeling conflict and cooperation Schwartz/Teneketzis

Strategic Information Transmission

Effective Social Network Quarantine with Minimal Isolation Costs

Department of Computer Science University of York

Strategic Information Transmission

Saurabh Bagchi ECE & CS, Purdue University Joint work with:

Strategic Information Transmission

Gordon-Loeb Model for Cybersecurity Investments*

Comparative Cheap Talk

Presentation transcript:

Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.

Threats and Vulnerabilities Attacks are exogenous

Contribution (1) Optimal security investment for a single agent -Gordon and Loeb model, 1/e rule -Monotone comparative statics (2) Optimal security investment for an interconnected agent - Network externalities (3) Equilibrium analysis of the security game - Free-rider problem, Critical mass, PoA

(1) Single agent Two parameters: – Potential monetary loss: – Probability of security breach without additional security: Agent can invest to reduce the probability of loss to: Optimal investment:

(1) Gordon and Loeb Class of security breach probability functions: measure of the productivity of security. Gordon and Loeb (2002)

(1) Gordon and Loeb (cont.) vulnerability Optimal investment (size of potential loss fixed)

(1) Gordon and Loeb (cont.) Probability of loss for a given investment

(1) Gordon and Loeb (cont.) High vulnerability Low vulnerability

(1) Conditions for monotone investment If then is non-decreasing Augmenting return of investment with vulnerability: Extension to submodular functions.

(1) The 1/e rule If the function is log-convex in x then the optimal security investment is bounded by:,i.e of the expected loss

Contribution (1) Optimal security investment for a single agent -Gordon and Loeb model, 1/e rule -Monotone comparative statics (2) Optimal security investment for an interconnected agent - Network externalities (3) Equilibrium analysis of the security game - Free-rider problem, Critical mass, PoA

(2) Effect of the network Agent faces an internal risk and an indirect risk. Information available to the agent: in a poset (partially ordered set). Optimal security investment:

(2) How to estimate the probability of loss? Epidemic risk model Binary choice for protection Limited information on the network of contagion (physical or not): degree distribution. – Best guess: take a graph uniformly at random. Galeotti et al. (2010)

Attacker directly infects an agent N with prob. p. Each neighbor is contaminated with prob. q if in S or if in N. (2) Epidemic Model Attacker N S

(2) Monotone comparative statics If the function is strictly decreasing in for any then the optimal investment is non-decreasing. Equivalent to: Network externalities function is decreasing:

(2) Strong protection An agent investing in S cannot be harmed by the actions of others:. in previous equation. Decreasing network externalities function.

(2) Weak protection If, the network externalities function is:

Contribution (1) Optimal security investment for a single agent -Gordon and Loeb model, 1/e rule -Monotone comparative statics (2) Optimal security investment for an interconnected agent - Network externalities (3) Equilibrium analysis of the security game - Free-rider problem, Critical mass, PoA

(3) Fulfilled expectations equilibrium Concept introduced by Katz & Shapiro (85) Willingness to pay for the agent of type : multiplicative specification of network externalities, Economides & Himmelberg (95). C.d.f of types: % with Willingness to pay for the ‘last’ agent:

(3) Fulfilled expectations equilibrium In equilibrium, expectation are fulfilled: The willingness to pay is: Extension of Interdependent Security 2 players game introduced by Kunreuther & Heal (03).

(3) Critical mass Equilibria given by the fixed point equation

(3) Critical mass (cont.) Equilibria given by the fixed point equation fraction of population investing in security cost

(3) Critical mass (cont.) If only one type: willingness to pay = network externalities function. fraction of population investing in security cost

(3) Price of Anarchy The social welfare function: Because of the public and private externalities, agent under-invest in security (in all cases). Public externalities Private externalities

Conclusion Simple single agent model: 1/e rule – General conditions for monotone investment Interconnected agents: network externalities function – General conditions to align incentives Equilibrium analysis of the security game – Critical mass, PoA Extensions: In this talk, agent is risk-neutral. What happens if risk-adverse? Insurance?

Thank you! Feedbacks are welcome: