Presentation is loading. Please wait.

Presentation is loading. Please wait.

Regret Minimizing Audits: A Learning-theoretic Basis for Privacy Protection Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha Carnegie Mellon.

Published byBrice Potter Modified over 9 years ago

Similar presentations

Presentation on theme: "Regret Minimizing Audits: A Learning-theoretic Basis for Privacy Protection Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha Carnegie Mellon."— Presentation transcript:

1 Regret Minimizing Audits: A Learning-theoretic Basis for Privacy Protection Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha Carnegie Mellon University

2 Motivation Goal: treatment Rigid access control hinders treatment Permissive access control ⇒ human in the loop ⇒ privacy violations Breach 2

3 A real problem 3

4 Enforcement Using Audits Permissive access control ◦ If in doubt allow access Log the accesses Review the accesses later and find violations Adhoc approaches in practice ◦ FairWarning audit tool implements simple heuristics, e.g., flag all celebrity access 4

5 Humans are the weakest link 5 Design an audit mechanism robust to irresponsible/careless human behavior Audit based enforcement involves human participation ◦ Employees trusted to act responsibly

6 Desiderata Principled study of the audit process ◦ A model (including humans) for audit process ◦ Properties of the audit mechanism ◦ Audit mechanism which provably satisfies the property 6

7 Audit Algorithm by Example OverviewAudit ModelLow Regret Algorithm Auditing budget: $3000/ cycle Cost for one inspection: $ 1 00 Only 30 inspections per cycle Auditor 1 00 accesses 30 accesses 70 accesses Access divided into 2 types Reputation Loss from 1 violation (internal, external) $500, $ 1 000 $250, $500

8 Audit Algorithm Choices 8 Only 30 inspections Employee incentive unknown 0 10102030 20 10100 Consider 4 possible allocations of the available 30 inspections 1.0 Weights Choose allocation probabilistically based on weights OverviewAudit ModelLow Regret Algorithm

9 No. of Access Audit Algorithm Run 9 0 10102030 20 10100 0.5 2.01.5 Updated weights Observed Loss $2000$ 1 500$ 1 000 $750$ 1 250 $ 1 500 Learn from experience: weights updated using observed and estimated loss 2 4 Actual Violation Ext. Caught Int. Caught 1 1 1 2 30 70 OverviewAudit ModelLow Regret Algorithm Estimated Loss

10 Main Contributions  A game model for the audit process  Defining a desirable property of audit mechanisms, namely low regret  An efficient audit mechanism RMA that provably achieves low regret o Better bound on regret than existing algorithms that achieve low regret 10 OverviewAudit ModelLow Regret Algorithm

11 Repeated Game Model Game model Typical actions in one round ◦ Emp action: (access, violate) = ([30,70], [2,4]) ◦ Org action: inspection = ([ 1 0,20]) Inspect Reputation loss Audit Cost Access, Violate One audit cycle (round) 11 Imperfection OverviewAudit ModelLow Regret Algorithm

12 Game Payoffs Organization’s payoff ◦ Audit cost depends on the number of inspections ◦ Reputation loss depends on the number of violations caught Employee’s payoff unknown ◦ Guarantees of any audit mechanism in this model holds irrespective of behavior of the employee Reputation loss Audit cost 12 OverviewAudit ModelLow Regret Algorithm

13 Regret by Example $5 $6 $0$5 1 2 3,1 3, 2 Payoff of Org only Players Emp Org: s Round 1 3, 1 2 ( 1 ) Round 2 3,2 1 (-5) Total Payoff Unknown -4 Org : s 1 1 (2) 1 (-5) -3 Total regret(s, s 1 ) = (–5) – (–6) = 1 regret(s, s 1 ) = 1 /2 Strategy: outputs an action for every round Emp Org 13 Players Emp Org:s Round 1 3, 1 2 ( $6 ) Round 2 3, 2 1 ( $0) Total Payoff Unknown $6 Org:s 1 1 ($5) 1( $0) $5 OverviewAudit ModelLow Regret Algorithm

14 Meaning of Regret Low regret of s w.r.t. s 1 means s performs as well as s 1 Desirable property of an audit mechanism ◦ Low regret w.r.t all strategies in a given set of strategies ◦ regret → 0 as T → ∞ 14 OverviewAudit ModelLow Regret Algorithm

15 Regret minimization Multiplicative weight update (MWU) ◦ standard algorithm that achieves low regret w.r.t. to all strategies in a given set The regret bound of MWU is  N: number of strategies in the given set  T: number of rounds of the game  All payoffs scaled to lie in [0, 1 ] Why not MWU? ◦ Imperfect information, unavailable strategies 15 OverviewAudit ModelLow Regret Algorithm

16 Regret Minimizing Audits (RMA) 16 New audit cycle starts. Find AWAKE Pick s in AWAKE with probability D t (s) ∝ w s Update weight* of strategies s in AWAKE Estimate payoff vector Pay using Pay(s) Violation caught; obtain payoff Pay(s) w s = 1 for all strategies s * OverviewAudit ModelLow Regret Algorithm

17 Guarantees of RMA With probability RMA achieves the regret bound ◦ N is the set of strategies ◦ T is the number of rounds ◦ All payoffs scaled to lie in [0, 1 ] Better bound than any existing algorithm 17 OverviewAudit ModelLow Regret Algorithm

18 Take Away Message Future Work ◦ Evaluation over real hospital audit logs ◦ Analyze performance with more complex adversary models  Worst case + rational Optimize costs, given imperfect nature of periodic audits in a setting with adaptive adversaries (employees) whose incentives are not known. 18

19 19

Download ppt "Regret Minimizing Audits: A Learning-theoretic Basis for Privacy Protection Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha Carnegie Mellon."

Similar presentations

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.
QoS-based Management of Multiple Shared Resources in Dynamic Real-Time Systems Klaus Ecker, Frank Drews School of EECS, Ohio University, Athens, OH {ecker,

QoS-based Management of Multiple Shared Resources in Dynamic Real-Time Systems Klaus Ecker, Frank Drews School of EECS, Ohio University, Athens, OH {ecker,
Adaptive Regret Minimization in Bounded Memory Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha 1 GameSec 2013 – Invited Paper.

Adaptive Regret Minimization in Bounded Memory Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha 1 GameSec 2013 – Invited Paper.
TAU Agent Team: Yishay Mansour Mariano Schain Tel Aviv University TAC-AA 2010.

TAU Agent Team: Yishay Mansour Mariano Schain Tel Aviv University TAC-AA 2010.
Lecturer: Moni Naor Algorithmic Game Theory Uri Feige Robi Krauthgamer Moni Naor Lecture 8: Regret Minimization.

Lecturer: Moni Naor Algorithmic Game Theory Uri Feige Robi Krauthgamer Moni Naor Lecture 8: Regret Minimization.
A Prior-Free Revenue Maximizing Auction for Secondary Spectrum Access Ajay Gopinathan and Zongpeng Li IEEE INFOCOM 2011, Shanghai, China.

A Prior-Free Revenue Maximizing Auction for Secondary Spectrum Access Ajay Gopinathan and Zongpeng Li IEEE INFOCOM 2011, Shanghai, China.
DARWIN: Distributed and Adaptive Reputation Mechanism for Wireless Ad- hoc Networks CHEN Xiao Wei, Cheung Siu Ming CSE, CUHK May 15, 2008 This talk is.

DARWIN: Distributed and Adaptive Reputation Mechanism for Wireless Ad- hoc Networks CHEN Xiao Wei, Cheung Siu Ming CSE, CUHK May 15, 2008 This talk is.
Delay bounded Routing in Vehicular Ad-hoc Networks Antonios Skordylis Niki Trigoni MobiHoc 2008 Slides by Alex Papadimitriou.

Delay bounded Routing in Vehicular Ad-hoc Networks Antonios Skordylis Niki Trigoni MobiHoc 2008 Slides by Alex Papadimitriou.
A Simple Distribution- Free Approach to the Max k-Armed Bandit Problem Matthew Streeter and Stephen Smith Carnegie Mellon University.

A Simple Distribution- Free Approach to the Max k-Armed Bandit Problem Matthew Streeter and Stephen Smith Carnegie Mellon University.
Study Group Randomized Algorithms 21 st June 03. Topics Covered Game Tree Evaluation –its expected run time is better than the worst- case complexity.

Study Group Randomized Algorithms 21 st June 03. Topics Covered Game Tree Evaluation –its expected run time is better than the worst- case complexity.
Game Theory 1. Game Theory and Mechanism Design Game theory to analyze strategic behavior: Given a strategic environment (a “game”), and an assumption.

Game Theory 1. Game Theory and Mechanism Design Game theory to analyze strategic behavior: Given a strategic environment (a “game”), and an assumption.
Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.

Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.
Regret Minimizing Audits: A Learning-theoretic Basis for Privacy Protection Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha Carnegie Mellon.

Regret Minimizing Audits: A Learning-theoretic Basis for Privacy Protection Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha Carnegie Mellon.
Regret Minimization and the Price of Total Anarchy Paper by A. Blum, M. Hajiaghayi, K. Ligett, A.Roth Presented by Michael Wunder.

Regret Minimization and the Price of Total Anarchy Paper by A. Blum, M. Hajiaghayi, K. Ligett, A.Roth Presented by Michael Wunder.
Online learning, minimizing regret, and combining expert advice

Online learning, minimizing regret, and combining expert advice
No-Regret Algorithms for Online Convex Programs Geoffrey J. Gordon Carnegie Mellon University Presented by Nicolas Chapados 21 February 2007.

No-Regret Algorithms for Online Convex Programs Geoffrey J. Gordon Carnegie Mellon University Presented by Nicolas Chapados 21 February 2007.
1 Regret-based Incremental Partial Revelation Mechanism Design Nathanaël Hyafil, Craig Boutilier AAAI 2006 Department of Computer Science University of.

1 Regret-based Incremental Partial Revelation Mechanism Design Nathanaël Hyafil, Craig Boutilier AAAI 2006 Department of Computer Science University of.
R EGRET M INIMIZATION IN B OUNDED M EMORY G AMES Jeremiah Blocki Nicolas Christin Anupam Datta Arunesh Sinha Work in progress.

R EGRET M INIMIZATION IN B OUNDED M EMORY G AMES Jeremiah Blocki Nicolas Christin Anupam Datta Arunesh Sinha Work in progress.
Questions?. Setting a reward function, with and without subgoals Difference between agent and environment AI for games, Roomba Markov Property – Broken.

Questions?. Setting a reward function, with and without subgoals Difference between agent and environment AI for games, Roomba Markov Property – Broken.
Achieving Byzantine Agreement and Broadcast against Rational Adversaries Adam Groce Aishwarya Thiruvengadam Ateeq Sharfuddin CMSC 858F: Algorithmic Game.

Achieving Byzantine Agreement and Broadcast against Rational Adversaries Adam Groce Aishwarya Thiruvengadam Ateeq Sharfuddin CMSC 858F: Algorithmic Game.

Similar presentations

Ads by Google