Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security An Economics Perspective IS250 Spring 2010 John Chuang.

Published byCarmel Lindsey Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security An Economics Perspective IS250 Spring 2010 John Chuang."— Presentation transcript:

1 Network Security An Economics Perspective IS250 Spring 2010 John Chuang

2 2 Rational Decision-Making in Information Security  Step 1. One defender -Security investment as risk management -Cost benefit analysis; expected value -Risk attitudes and deviations from expected utility  Step 2. Many defenders -Interdependent security: Weakest link, best shot, and total effort  Step 3. Many forms of attacks and defenses -Weakest target -Protection versus insurance (public versus private goods) -Limited information

3 John Chuang3 How Secure is Secure?  Are we investing too little in security? Are we investing too much?  Security investment as risk management -In traditional engineering: -Risk = probability of accident * losses per accident -Can interpret risk as expected loss -Perform cost-benefit analysis of risk-mitigation alternatives -Example: highway safety regulation often uses $1 million per statistical death in analysis

4 John Chuang4 Cost Benefit Analysis  Scenario 1: -New technology promises to fix a vulnerability -Loss in event of security breach: L -Probability of breach: p -Cost of security mechanism: c -Q: should CSO invest in security mechanism?  Scenario 2: -Webpage asks you to type in your social security number -Value derived from completing this transaction: v -Probability of theft: p -Loss in event of identity theft: L -Q: should you enter the information? -A: invest if pL > c ; else do not invest -A: provide personal information if v > pL; else do not What assumptions are made here?

5 John Chuang5 Challenges  Difficulty in risk assessment -Especially for events with very low probability (p) and/or very high loss (L) -p *L may be off by orders of magnitude  Users may not (want to) maximize expected utility -Risk attitudes: risk neutral, risk averse, or risk seeking -Hyperbolic discounting -Small immediate payoff preferred over large payoff in the future -Framing and Prospect Theory

6 John Chuang6 Risk Attitude  Offer 1: -Choice 1: win $10 with certainty -Choice 2: 50% chance of winning $20  Offer 2: -Choice 1: win $1 million with certainty -Choice 2: 50% chance of winning $2 million

7 John Chuang7 Hyperbolic Discounting  Discounted utility, U =   t ·u t (x) where  is discount factor  Would you prefer $50 today; or $100 a year from today?  Would you prefer $50 five years from now, or $100 six years from now?  Humans prefer smaller payoffs immediately over larger payoffs in the future -Or: unwilling to make sacrifices now for payoffs down the road  Privacy: humans often give away personal information in exchange for small discounts or prizes

8 John Chuang8 Prospect Theory Kahneman and Tversky  Choice 1: win $500 with certainty  Choice 2: 50% chance of winning $1000  Choice 1: lose $500 with certainty  Choice 2: 50% chance of losing $1000 84% 70%

9 John Chuang9 Asian Disease Experiment Kahneman and Tversky  Imagine that the U.S. is preparing for the outbreak of an unusual Asian disease, which is expected to kill 600 people.  Program A: 200 people will be saved  Program B: 33% chance all 600 people will be saved; 67% chance nobody will be saved  Program A: 400 people will die  Program B: 33% chance nobody will die; 67% chance all 600 people will die 72% 78%

10 John Chuang10 WTA-WTP Gap  WTA: Willingness to accept a proposal to sell good already owned  WTP: Willingness to pay for good not already owned  Privacy study: -“When 25 Cents is too much: An Experiment on Willingness- To-Sell and Willingness-To- Protect Personal Information” (Grossklags & Acquisti, 2007)  Finding: subjects willing to sell personal information for $1/$0.25, but not willing to spend $1/$0.25 to protect information -Information: quiz performance, body weight

11 John Chuang11 Rational Decision-Making in Information Security  Step 1. One defender -Security investment as risk management -Cost benefit analysis; expected value -Risk attitudes and deviations from expected utility  Step 2. Many defenders -Interdependent security: Weakest link, best shot, and total effort  Step 3. Many forms of attacks and defenses -Weakest target -Protection versus insurance (public versus private goods) -Limited information

12 John Chuang12 Interdependent Security  Common adage: “A system is only as secure as its weakest link” -Security of entire system depends on that of individual components -Security of individual players depends on security decisions of other players best shot total effort weakest link attacker defenders

13 John Chuang13 Interdependent Security  Utility function of player i: U i = M − p·L (1 − H(e i, e −i )) − b·e i -where M is initial endowment, b is cost of protection, e i is protection level chosen by player i, and H is protection function  Different protection functions for different attack/defense scenarios: -Weakest link: H(e i, e −i )= min(e i, e −i ) -Best shot: H(e i, e −i )= max(e i, e −i ) -Total effort: H(e i, e −i )= Sum(e i )  Varian, 2002: Security becomes a public good -Well known result: free-riding, leading to suboptimal provisioning of the public good

14 John Chuang14 Rational Decision-Making in Information Security  Step 1. One defender -Security investment as risk management -Cost benefit analysis; expected value -Risk attitudes and deviations from expected utility  Step 2. Many defenders -Interdependent security: Weakest link, best shot, and total effort  Step 3. Many forms of attacks and defenses -Weakest target -Protection versus insurance (public versus private goods) -Limited information

15 John Chuang15 Protection vs. Insurance  Individual players may invest in protection to reduce the probability of loss (p) -Examples: firewall, anti-virus software, patching  Individual players may invest in insurance to reduce the magnitude of loss (L) -Examples: data backup (self-insurance), cyber-insurance (market insurance)

16 John Chuang16 Protection vs. Insurance  Protection only: U i = M − p·L (1 − H(e i, e −i )) − b·e i  Insurance only: U i = M − p·L (1 − s i ) − c·s i  Both available: U i = M − p·L (1 − H(e i, e −i ))·(1 − s i ) − b·e i − c·s i  where M is initial endowment, b is cost of protection, c is cost of insurance, e i and s i are the protection and insurance levels chosen by player i, and H is protection function  Q: How should player allocate budget between e i (protection) and s i (insurance)?  Note: protection is a public good, whereas insurance is a private good

17 John Chuang17 Results  Total effort: -Depending on b, c, and p·L, Nash Equilibria can be to secure (full protection), to insure (full insurance), or to ignore (passivity)  Best shot: -No protection equilibrium, unless players can coordinate  Weakest link: -Depending on b, c, and p·L, Nash Equilibria can be to secure (multiple protection equilibria, all unstable), to insure (full insurance), or to ignore (passivity) -As N increases, protection equilibria collapse to either full insurance or passivity.  Weakest target: -Pure NE does not exist; mixed NE exists. -As N increases, full insurance becomes less likely -Security level in NE may be higher than in social optimum, due to effect of strategic uncertainty

18 John Chuang18 In the Lab Setting…  Three players choose protection and insurance levels -Payoffs based on weakest link game  Player A experimented throughout  Player B quickly learns and settles into individually rational strategy (full insurance no protection); reinforced by compromise at around round 65  Player C largely settles into individually rational strategy after round 50

19 John Chuang19 Weakest Target  Attacker compromises player(s) with minimum protection level; all other players unharmed -H(e i, e −i ) = 0 if e i = min(e i, e −i ); 1 otherwise attacker defenders

20 John Chuang20 Weakest Target with Mitigation  Attacker compromises player(s) with minimum protection level; all other players unharmed -H(e i, e −i ) = 0 if e i = min(e i, e −i ); 1 otherwise  WT with mitigation: -H(e i, e −i ) = 1 - e i if e i = min(e i, e −i ); 1 otherwise attacker defenders

21 John Chuang21 Results  Total effort: -Depending on b, c, and p·L, Nash Equilibria can be to secure (full protection), to insure (full insurance), or to ignore (passivity)  Best shot: -No protection equilibrium, unless players can coordinate  Weakest link: -Depending on b, c, and p·L, Nash Equilibria can be to secure (multiple protection equilibria, all unstable), to insure (full insurance), or to ignore (passivity) -As N increases, protection equilibria collapse to either full insurance or passivity.  Weakest target: -Pure NE does not exist; mixed NE exists. -As N increases, full insurance becomes less likely -Security level in NE may be higher than in social optimum, due to effect of strategic uncertainty

22 John Chuang22 Summary  Network security is as much about economic incentives as it is about technological mechanisms  It is challenging for individuals to make the right decisions regarding security  Solutions may include economic instruments for coordination, risk pooling; policy instruments for assignment of liability; and design principles that nudge individuals toward secure choices

23 John Chuang23 To Explore Further  http://netecon.berkeley.edu/security- economics/  Workshops on Economics and Information Security (WEIS)

Download ppt "Network Security An Economics Perspective IS250 Spring 2010 John Chuang."

Similar presentations

A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.

A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.
N-Player Games. A symmetric N-person game. 1)All players have same strategy sets 2)If you switch two players strategies, you switch their payoffs and.

N-Player Games. A symmetric N-person game. 1)All players have same strategy sets 2)If you switch two players strategies, you switch their payoffs and.
CPS 296.1 Bayesian games and their use in auctions Vincent Conitzer

CPS Bayesian games and their use in auctions Vincent Conitzer
3. Basic Topics in Game Theory. Strategic Behavior in Business and Econ Outline 3.1 What is a Game ? 3.1.1 The elements of a Game 3.1.2 The Rules of the.

3. Basic Topics in Game Theory. Strategic Behavior in Business and Econ Outline 3.1 What is a Game ? The elements of a Game The Rules of the.
Stackelberg -leader/follower game 2 firms choose quantities sequentially (1) chooses its output; then (2) chooses it output; then the market clears This.

Stackelberg -leader/follower game 2 firms choose quantities sequentially (1) chooses its output; then (2) chooses it output; then the market clears This.
1 Decision Making and Utility Introduction –The expected value criterion may not be appropriate if the decision is a one-time opportunity with substantial.

1 Decision Making and Utility Introduction –The expected value criterion may not be appropriate if the decision is a one-time opportunity with substantial.
Chapter 6 Game Theory © 2006 Thomson Learning/South-Western.

Chapter 6 Game Theory © 2006 Thomson Learning/South-Western.
Choices Involving Risk

Choices Involving Risk
Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.

Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.
Project Management Risk Management. Outline 1.Introduction 2.Definition of Risk 3.Tolerance of Risk 4.Definition of Risk Management 5.Certainty, Risk,

Project Management Risk Management. Outline 1.Introduction 2.Definition of Risk 3.Tolerance of Risk 4.Definition of Risk Management 5.Certainty, Risk,
Chapter Thirty-Three Law and Economics. Effects of Laws u Property right assignments affect –asset, income and wealth distributions; v e.g. nationalized.

Chapter Thirty-Three Law and Economics. Effects of Laws u Property right assignments affect –asset, income and wealth distributions; v e.g. nationalized.
Benjamin Johnson Carnegie Mellon University Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST.

Benjamin Johnson Carnegie Mellon University Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST.
Chapter 6 © 2006 Thomson Learning/South-Western Game Theory.

Chapter 6 © 2006 Thomson Learning/South-Western Game Theory.
Econ 2610: Principles of Microeconomics Yogesh Uppal

Econ 2610: Principles of Microeconomics Yogesh Uppal
Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyWEIS 2009 Presentation.

Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyWEIS 2009 Presentation.
CHAPTER 14 Utility Axioms Paradoxes & Implications.

CHAPTER 14 Utility Axioms Paradoxes & Implications.
Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyTRUST 2009 Presentation.

Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyTRUST 2009 Presentation.
Prospect Theory, Framing and Behavioral Traps Yuval Shahar M.D., Ph.D. Judgment and Decision Making in Information Systems.

Prospect Theory, Framing and Behavioral Traps Yuval Shahar M.D., Ph.D. Judgment and Decision Making in Information Systems.
Decision making and economics. Economic theories Economic theories provide normative standards Expected value Expected utility Specialized branches like.

Decision making and economics. Economic theories Economic theories provide normative standards Expected value Expected utility Specialized branches like.

Similar presentations

Ads by Google