Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University

Motivation 2

Auditing  Permissive real time access control policy  Inspect accesses after occurrence  Find and punish policy violators  How does it help?  Deter potential violators  Take remedial measures to prevent future losses 3

Auditing for Policy Enforcement HIPAA GLBA EU Data Protection Directive 4

Auditing in Practice  FairWarning Audit Tool for hospitals  Flags all celebrity record accesses as suspicious  Place traffic police at strategic locations  Intelligent heuristics, but, no mathematical model or guarantees 5

Why study Audit Process?  Optimize costs expended in auditing  Audits costs money  Prevent violations  Decide appropriate punishment for deterrence  Efficiently computable audit strategies  Enable cost-optimal prioritized inspections 6

Outline  Simple rational game model  Example  Main Algorithm for computing equilibrium  Example  Future Work 7

Simple Rational Model 8 Utility when audited Utility when unaudited

Punishment as an Action  High Punishment: Hostile Work Environment  Low Punishment: No incentive to follow policy. x 9 Simple Rational Model

Stackelberg Equilibrium Concept 10 Simple Rational Model

Small example Example Defender’s utility Adversary’s utility 11

Example contd. 12 Example

Computing Optimal Defender Strategy 13 Quadratic Non-convex Simple Rational Model

Properties of Optimal Point 14 Tight Constraints Main Algorithm

Main Idea in Algorithm 15 Main Algorithm

16 Main Algorithm

Main Theorem 17 Main Algorithm

Varying cost of punishment Example

Future Work  Studying security games variations in audit games  Budget-constrained defender  Combinatorial constraints on use of defender resources  Varying punishment with violation severity  Validation:  Simulation: studying effect of various parameters  Real world case study 19 Future Work

Conclusion 20 First model of auditing and first step toward a computationally feasible solution of audit games. Research at the intersection of AI and security & privacy holds lot of promise, given the encouraging precedent set by the deployment of security games algorithms

Extensions 21 Extensions