benjamin johnson carnegie mellon university are security experts useful? bayesian nash equilibria...
TRANSCRIPT
Benjamin JohnsonCarnegie Mellon
University
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
slide out of 161
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with
Limited InformationBenjamin Johnson, Jens Grossklags, Nicolas Christin, and John Chuang
Published in: Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS) September 20-22, 2010, Athens, Greece.
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
2
Security Experts
• a picture of dawn
• http://www.cs.berkeley.edu/~daw/
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
3
Security Experts• Real security experts are multifaceted.
• This paper considers as “security experts” users who understand the interdependent nature of risks associated with various security scenarios.
• We assume generally that they are selfish.
• As to the usefulness of real security experts, we defer this study to future work.
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
4
Outline
• Overview
• Security Games
• Methodology
• Results
• Implications
• Related Work
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
5
Overview• Research Question: To what extent does information security
expertise help to make a network more secure?
• We address this question in a game-theoretic context using a stylized model from our prior work.
• We consider three distinct types of n-player security games, in each case expressing the expected security level of the network in terms of the number of (selfish) expert players.
• We find that, in all the games we studied, the addition of (selfish) experts to the user population reduces the overall security of the network.
• On the other hand, cooperative experts dramatically increase the overall security of the network.
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
6
Security Games• The Game Framework: There are n players. Player i
chooses a protection level ei from [0,1], and consequently achieves the following utility:
• b is the cost of a full protection investment, (common knowledge to all players)
• Li is the expected loss suffered by player i if a successful attack occurs, (considered to be private knowledge to player i under conditions of limited information)
• H is a joint contribution function that defines how aggregate protection investments among all players mitigate against expected losses, (known to expert players).
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
7
Security Games• Three types of interdependency
• best shot
• weakest link
• total effort
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
8
Security Games
• Expert vs naive players
• Expert players know the contribution function H and understand its effects.
• Naive players are myopic; they behave as if
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
9
Security Games
• Complete vs incomplete information
• An expert with complete information knows the expected losses for all players.
• An expert with incomplete information knows her own expected loss Li but does not know the expected losses of other players.
• Experts assume that expected losses are independently and uniformly distributed in [0,1].
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
10
Methodology• The question: to what extent does information security
expertise help to make a network more secure?
• The methodology:
• For each game and information condition, we derive conditions for existence of symmetric (Bayesian) Nash equilibria as a function of the protection cost b and the number of expert players k.
• Where these equilibrium conditions are met, we compute expected utilities for all players, as well as the overall security outcome.
• Finally, we determine the configuration yielding the expected social optimum, and we propose a system of side payments between experts to facilitate this configuration.
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
11
Results
• In the Best Shot game, experts have a strong incentive to free-ride (Tragedy of the commons). Adding experts decreases the likelihood that the network is protected.
(b = protection cost)
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
12
Results
• Protection equilibria in the Weakest Link game only exist when protection costs are small; and the problem is exacerbated by the addition of expert players.
(b = protection cost)
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
13
Results
• In the Total Effort game, the individual benefit of an investment is always proportional to a 1/N fraction of the investment’s cost, regardless of the actions of other players. Experts understand this feature and consequently do not protect unless protection costs are low.
(b = protection cost)
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
14
Implications• (In several contexts), security experts
are useful when (and only when) they collaborate.
• When security is divided among independent agencies, it is important to develop mechanisms for facilitating interagency collaboration.
• User education should focus on the collaborative nature of security.
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
15
Related Publications• J. Grossklags, N. Christin, and J. Chuang. Secure or Insure? A Game-Theoretic
Analysis of Information Security Games. WWW'08.
• J. Grossklags, B. Johnson. Uncertainty in The Weakest Link Security Game. GAMENETS '09.
• J. Grossklags, B. Johnson and N. Christin. When Information Improves Information Security. FC’10.
• J. Grossklags, B. Johnson and N. Christin. The Price of Uncertainty in Security Games. WEIS’09/SPRINGER’10.
• B. Johnson, J. Grossklags, N. Christin and J. Chuang. Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information. ESORICS’10.
• B. Johnson, J. Grossklags, N. Christin and J. Chuang. Uncertainty in Interdependent Security Games. GAMESEC’10.
Benjamin JohnsonCarnegie Mellon
University out of 16slide
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited
Information
TRUSTNovember 11, 2010
16
Questions?
• This research was partially supported by CyLab at Carnegie Mellon under grant DAAD19-02-1-0389 from the Army Research Office, and by the National Science Foundation under ITR award CCF-0424422 (TRUST).