A Mechanism Design Approach to Bandwidth Allocation in Tactical Data Networks

The defense sector is undergoing a phase of rapid technological advancement, in the pursuit of its goal of information superiority. This goal depends on a large network of complex interconnected systems - sensors, weapons, soldiers - linked through a maze of heterogeneous networks. The sheer scale and size of these networks prompt behaviors that go beyond conglomerations of systems or `system-of-systems\u27. The lack of a central locus and disjointed, competing interests among large clusters of systems makes this characteristic of an Ultra Large Scale (ULS) system. These traits of ULS systems challenge and undermine the fundamental assumptions of today\u27s software and system engineering approaches. In the absence of a centralized controller it is likely that system users may behave opportunistically to meet their local mission requirements, rather than the objectives of the system as a whole. In these settings, methods and tools based on economics and game theory (like Mechanism Design) are likely to play an important role in achieving globally optimal behavior, when the participants behave selfishly. Against this background, this thesis explores the potential of using computational mechanisms to govern the behavior of ultra-large-scale systems and achieve an optimal allocation of constrained computational resources Our research focusses on improving the quality and accuracy of the common operating picture through the efficient allocation of bandwidth in tactical data networks among self-interested actors, who may resort to strategic behavior dictated by self-interest. This research problem presents the kind of challenges we anticipate when we have to deal with ULS systems and, by addressing this problem, we hope to develop a methodology which will be applicable for ULS system of the future. We build upon the previous works which investigate the application of auction-based mechanism design to dynamic, performance-critical and resource-constrained systems of interest to the defense community. In this thesis, we consider a scenario where a number of military platforms have been tasked with the goal of detecting and tracking targets. The sensors onboard a military platform have a partial and inaccurate view of the operating picture and need to make use of data transmitted from neighboring sensors in order to improve the accuracy of their own measurements. The communication takes place over tactical data networks with scarce bandwidth. The problem is compounded by the possibility that the local goals of military platforms might not be aligned with the global system goal. Such a scenario might occur in multi-flag, multi-platform military exercises, where the military commanders of each platform are more concerned with the well-being of their own platform over others. Therefore there is a need to design a mechanism that efficiently allocates the flow of data within the network to ensure that the resulting global performance maximizes the information gain of the entire system, despite the self-interested actions of the individual actors. We propose a two-stage mechanism based on modified strictly-proper scoring rules, with unknown costs, whereby multiple sensor platforms can provide estimates of limited precisions and the center does not have to rely on knowledge of the actual outcome when calculating payments. In particular, our work emphasizes the importance of applying robust optimization techniques to deal with the uncertainty in the operating environment. We apply our robust optimization - based scoring rules algorithm to an agent-based model framework of the combat tactical data network, and analyze the results obtained. Through the work we hope to demonstrate how mechanism design, perched at the intersection of game theory and microeconomics, is aptly suited to address one set of challenges of the ULS system paradigm - challenges not amenable to traditional system engineering approaches

Anonymity and trust in the electronic world

Privacy has never been an explicit goal of authorization mechanisms. The traditional approach to authorisation relies on strong authentication of a stable identity using long term credentials. Audit is then linked to authorization via the same identity. Such an approach compels users to enter into a trust relationship with large parts of the system infrastructure, including entities in remote domains. In this dissertation we advance the view that this type of compulsive trust relationship is unnecessary and can have undesirable consequences. We examine in some detail the consequences which such undesirable trust relationships can have on individual privacy, and investigate the extent to which taking a unified approach to trust and anonymity can actually provide useful leverage to address threats to privacy without compromising the principal goals of authentication and audit. We conclude that many applications would benefit from mechanisms which enabled them to make authorization decisions without using long-term credentials. We next propose specific mechanisms to achieve this, introducing a novel notion of a short-lived electronic identity, which we call a surrogate. This approach allows a localisation of trust and entities are not compelled to transitively trust other entities in remote domains. In particular, resolution of stable identities needs only ever to be done locally to the entity named. Our surrogates allow delegation, enable role-based access control policies to be enforced across multiple domains, and permit the use of non-anonymous payment mechanisms, all without compromising the privacy of a user. The localisation of trust resulting from the approach proposed in this dissertation also has the potential to allow clients to control the risks to which they are exposed by bearing the cost of relevant countermeasures themselves, rather than forcing clients to trust the system infrastructure to protect them and to bear an equal share of the cost of all countermeasures whether or not effective for them. This consideration means that our surrogate-based approach and mechanisms are of interest even in Kerberos-like scenarios where anonymity is not a requirement, but the remote authentication mechanism is untrustworthy

Dealing With Misbehavior In Distributed Systems: A Game-Theoretic Approach

Most distributed systems comprise autonomous entities interacting with each other to achieve their objectives. These entities behave selfishly when making decisions. This behavior may result in strategical manipulation of the protocols thus jeopardizing the system wide goals. Micro-economics and game theory provides suitable tools to model such interactions. We use game theory to model and study three specific problems in distributed systems. We study the problem of sharing the cost of multicast transmissions and develop mechanisms to prevent cheating in such settings. We study the problem of antisocial behavior in a scheduling mechanism based on the second price sealed bid auction. We also build models using extensive form games to analyze the interactions of the attackers and the defender in a security game involving honeypots. Multicast cost sharing is an important problem and very few distributed strategyproof mechanisms exist to calculate the costs shares of the users. These mechanisms are susceptible to manipulation by rational nodes. We propose a faithful mechanism which uses digital signatures and auditing to catch and punish the cheating nodes. Such mechanism will incur some overhead. We deployed the proposed and existing mechanisms on planet-lab to experimentally analyze the overhead and other relevant economic properties of the proposed and existing mechanisms. In a second price sealed bid auction, even though the bids are sealed, an agent can infer the private values of the winning bidders, if the auction is repeated for related items. We study this problem from the perspective of a scheduling mechanism and develop an antisocial strategy which can be used by an agent to inflict losses on the other agents. In a security system attackers and defender(s) interact with each other. Examples of such systems are the honeynets which are used to map the activities of the attackers to gain valuable insight about their behavior. The attackers want to evade the honeypots while the defenders want them to attack the honeypots. These interesting interactions form the basis of our research where we develop a model used to analyze the interactions of an attacker and a honeynet system

Internet of Things From Hype to Reality

The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions

Guide to Options for ETD Programs

Dr. Martin Halbert of the University of North Texas documents the spectrum of ETD program implementation and offers guidance for academic decision-makers who are either creating or modifying ETD programs. Dr. Halbert identifies and offers in-depth analysis regarding the five key decisions that ETD programs must make. He also provides a literature review of publications, standards and reports that have been produced to date, and relates these to the key decisions