Benjamin Johnson Carnegie Mellon University Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST.

Slides:

Advertisements

Similar presentations

A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.

Advertisements

Chapter 17: Making Complex Decisions April 1, 2004.

Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 10: Selfishness in packet.

Price Of Anarchy: Routing

EPFL, Lausanne, Switzerland Márk Félegyházi Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks – the Static Case Márk Félegyházi.

1 Combinatorial Agency with Audits Raphael Eidenbenz ETH Zurich, Switzerland Stefan Schmid TU Munich, Germany TexPoint fonts used in EMF. Read the TexPoint.

1 CS 6910: Advanced Computer and Information Security Lecture on 11/2/06 Trust in P2P Systems Ahmet Burak Can and Bharat Bhargava Center for Education.

Brian A. Harris-Kojetin, Ph.D. Statistical and Science Policy

Game Theoretical Models of Effort and Lobbying in a Heterogeneous CPR Setting Matthew Freeman Louisiana State University/LA Sea Grant Chris Anderson University.

Game Theory and Computer Networks: a useful combination? Christos Samaras, COMNET Group, DUTH.

Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyWEIS 2009 Presentation.

Network Security An Economics Perspective IS250 Spring 2010 John Chuang.

Fiscal Year 2008 Urban Areas Security Initiative Nonprofit Security Grant Program Investment Justification Questions, Criteria, and Prioritization Methodology.

Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyTRUST 2009 Presentation.

Gabriel Tsang Supervisor: Jian Yang.  Initial Problem  Related Work  Approach  Outcome  Conclusion  Future Work 2.

A Game Theoretic Approach to Provide Incentive and Service Differentiation in P2P Networks John C.S. Lui The Chinese University of Hong Kong Joint work.

On Species Preservation and Non- Cooperative Exploiters Lone Grønbæk Kronbak University of Southern Denmark Marko Lindroos University of Helsinki.

Selfish Caching in Distributed Systems: A Game-Theoretic Analysis By Byung-Gon Chun et al. UC Berkeley PODC’04.

THE PROBLEM OF MULTIPLE EQUILIBRIA NE is not enough by itself and must be supplemented by some other consideration that selects the one equilibrium with.

Dynamic Network Security Deployment under Partial Information George Theodorakopoulos (EPFL) John S. Baras (UMD) Jean-Yves Le Boudec (EPFL) September 24,

Rationality and information in games Jürgen Jost TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAA A A A AAA Max Planck.

A Game Theoretic Approach to Provide Incentive and Service Differentiation in P2P Networks Richard Ma, Sam Lee, John Lui (CUHK) David Yau (Purdue)

Modelling Large Games by Ehud Kalai Northwestern University.

Economics of Malware: Epidemic Risk Model, Network Externalities and Incentives. Marc Lelarge (INRIA-ENS) WEIS, University College London, June 2009.

Security Games in Online Advertising: Can Ads Help Secure the Web? Nevena Vratonjic Maxim Raya Jean-Pierre Hubaux June 2010, WEIS’10 David C. Parkes.

Opportunities & Implications for Turkish Organisations & Projects

1 Network Creation Game A. Fabrikant, A. Luthra, E. Maneva, C. H. Papadimitriou, and S. Shenker, PODC 2003 (Part of the Slides are taken from Alex Fabrikant’s.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Strategic Modeling of Information Sharing among Data Privacy Attackers Quang Duong, Kristen LeFevre, and Michael Wellman University of Michigan Presented.

By: Gang Zhou Computer Science Department University of Virginia 1 A Game-Theoretic Framework for Congestion Control in General Topology Networks SYS793.

Efficiency Loss in a Network Resource Allocation Game Paper by: Ramesh Johari, John N. Tsitsiklis [ Informs] Presented by: Gayatree Ganu.

10 Two-sided Platforms 1 Aaron Schiff ECON

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Mechanisms for Making Crowds Truthful Andrew Mao, Sergiy Nesterko.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Yitzchak Rosenthal P2P Mechanism Design: Incentives in Peer-to-Peer Systems Paper By: Moshe Babaioff, John Chuang and Michal Feldman.

© 2009 Institute of Information Management National Chiao Tung University Lecture Note II-3 Static Games of Incomplete Information Static Bayesian Game.

ISMA 2004 Workshop on Internet Signal Processing (WISP) 1 Perspectives on Resource Allocation Kameswari Chebrolu, Bhaskaran Raman, Ramesh R. Rao November.

Network Economics: two examples Marc Lelarge (INRIA-ENS) SIGMETRICS, London June 14, 2012.

Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.

A Game-Theoretic Model for Defending Against Malicious Users in RecDroid Bahman Rashidi December 5 th, 2014.

Hiding in the Mobile Crowd: Location Privacy through Collaboration.

Game-theoretic analysis tools Tuomas Sandholm Professor Computer Science Department Carnegie Mellon University.

The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:

1 International negotiations on post 2012 regime: general framework and the key questions Ruta Bubniene, Programme officer Reporting, Data and Analysis.

Network Economics -- Lecture 2: Incentives in P2P systems and reputation systems Patrick Loiseau EURECOM Fall 2012.

Coordination with Local Information Munther Dahleh Alireza Tahbaz-Salehi, John Tsitsiklis Spyros Zoumpouli.

Incentives for Sharing in Peer-to-Peer Networks By Philippe Golle, Kevin Leyton-Brown, Ilya Mironov, Mark Lillibridge.

Voter Turnout. Overview Recap the “Paradox” of Voting Incentives and Voter Turnout Voter Mobilization.

On Non-Cooperative Location Privacy: A Game-theoreticAnalysis

Information Theory for Mobile Ad-Hoc Networks (ITMANET): The FLoWS Project Competitive Scheduling in Wireless Networks with Correlated Channel State Ozan.

6 December On Selfish Routing in Internet-like Environments paper by Lili Qiu, Yang Richard Yang, Yin Zhang, Scott Shenker presentation by Ed Spitznagel.

Slide: 1 CEOS SIT Technical Workshop |Caltech, Pasadena, California, USA| September 2013 CEOS Work Plan Section 6.1 G Dyke CEOS ad hoc Working Group.

On Selfish Routing In Internet-like Environments Lili Qiu (Microsoft Research) Yang Richard Yang (Yale University) Yin Zhang (AT&T Labs – Research) Scott.

Sponsored by the U.S. Department of Defense © 2008 by Carnegie Mellon University page 1 Pittsburgh, PA The Implications of a Single Mobile Computing.

Rules of Participation in Framework Programme 7 Brussels Office Helmholtz Association of German Research Centres Rue du Trône 98 B-1050 Brüssel

MAIN RESULT: We assume utility exhibits strategic complementarities. We show: Membership in larger k-core implies higher actions in equilibrium Higher.

Fiscal Year 2007 Urban Area Security Initiative Nonprofit Security Grant Program Investment Justification Questions, Criteria, and Prioritization Methodology.

M9302 Mathematical Models in Economics Instructor: Georgi Burlakov 0.Game Theory – Brief Introduction Lecture

Utility Dependence in Correct and Fair Rational Secret Sharing Gilad Asharov Yehuda Lindell Bar-Ilan University, Israel.

Consider a very simple setting: a fish stock is harvested by two symmetric (identical) players, which can be fishermen or fleets. 2.1 A Simple Non-cooperative.

ENERGY MARKET REFORMS, R&D & INNOVATION, AND CHALLENGES: TURKISH EXPERIENCE Selahattin Murat ŞİRİN Expert Energy Market Regulatory Authority TURKEY.

Implementation in Bayes-Nash equilibrium

Lecture 1 Economic Analysis and Policies for Environmental Problems

For modeling conflict and cooperation Schwartz/Teneketzis

Implementation in Bayes-Nash equilibrium

The effect of punishment on cooperation in public good dilemmas with uncertainty about endowments Ori Weisel & Gary Bornstein Kyoto, August 2009.

Reward and punishment mechanism for research data sharing

Bayes Nash Implementation

Presentation transcript:

Benjamin Johnson Carnegie Mellon University Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, 2010 slideout of 16 1 Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information Benjamin Johnson, Jens Grossklags, Nicolas Christin, and John Chuang Published in: Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS) September 20-22, 2010, Athens, Greece.

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Security Experts a picture of dawn

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Security Experts Real security experts are multifaceted. This paper considers as “security experts” users who understand the interdependent nature of risks associated with various security scenarios. We assume generally that they are selfish. As to the usefulness of real security experts, we defer this study to future work.

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Outline Overview Security Games Methodology Results Implications Related Work

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Overview Research Question: To what extent does information security expertise help to make a network more secure? We address this question in a game-theoretic context using a stylized model from our prior work. We consider three distinct types of n-player security games, in each case expressing the expected security level of the network in terms of the number of (selfish) expert players. We find that, in all the games we studied, the addition of (selfish) experts to the user population reduces the overall security of the network. On the other hand, cooperative experts dramatically increase the overall security of the network.

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Security Games The Game Framework: There are n players. Player i chooses a protection level e i from [0,1], and consequently achieves the following utility: b is the cost of a full protection investment, (common knowledge to all players) L i is the expected loss suffered by player i if a successful attack occurs, (considered to be private knowledge to player i under conditions of limited information) H is a joint contribution function that defines how aggregate protection investments among all players mitigate against expected losses, (known to expert players).

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Security Games Three types of interdependency best shot weakest link total effort

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Security Games Expert vs naive players Expert players know the contribution function H and understand its effects. Naive players are myopic; they behave as if

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Security Games Complete vs incomplete information An expert with complete information knows the expected losses for all players. An expert with incomplete information knows her own expected loss L i but does not know the expected losses of other players. Experts assume that expected losses are independently and uniformly distributed in [0,1].

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Methodology The question: to what extent does information security expertise help to make a network more secure? The methodology: For each game and information condition, we derive conditions for existence of symmetric (Bayesian) Nash equilibria as a function of the protection cost b and the number of expert players k. Where these equilibrium conditions are met, we compute expected utilities for all players, as well as the overall security outcome. Finally, we determine the configuration yielding the expected social optimum, and we propose a system of side payments between experts to facilitate this configuration.

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Results In the Best Shot game, experts have a strong incentive to free-ride (Tragedy of the commons). Adding experts decreases the likelihood that the network is protected. (b = protection cost)

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Results Protection equilibria in the Weakest Link game only exist when protection costs are small; and the problem is exacerbated by the addition of expert players. (b = protection cost)

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Results In the Total Effort game, the individual benefit of an investment is always proportional to a 1/N fraction of the investment’s cost, regardless of the actions of other players. Experts understand this feature and consequently do not protect unless protection costs are low. (b = protection cost)

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Implications (In several contexts), security experts are useful when (and only when) they collaborate. When security is divided among independent agencies, it is important to develop mechanisms for facilitating interagency collaboration. User education should focus on the collaborative nature of security.

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Related Publications J. Grossklags, N. Christin, and J. Chuang. Secure or Insure? A Game-Theoretic Analysis of Information Security Games. WWW'08. J. Grossklags, B. Johnson. Uncertainty in The Weakest Link Security Game. GAMENETS '09. J. Grossklags, B. Johnson and N. Christin. When Information Improves Information Security. FC’10. J. Grossklags, B. Johnson and N. Christin. The Price of Uncertainty in Security Games. WEIS’09/SPRINGER’10. B. Johnson, J. Grossklags, N. Christin and J. Chuang. Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information. ESORICS’10. B. Johnson, J. Grossklags, N. Christin and J. Chuang. Uncertainty in Interdependent Security Games. GAMESEC’10.

Benjamin Johnson Carnegie Mellon University out of 16slide Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST November 11, Questions? This research was partially supported by CyLab at Carnegie Mellon under grant DAAD from the Army Research Office, and by the National Science Foundation under ITR award CCF (TRUST).