158,299 research outputs found
Audit Games with Multiple Defender Resources
Modern organizations (e.g., hospitals, social networks, government agencies)
rely heavily on audit to detect and punish insiders who inappropriately access
and disclose confidential information. Recent work on audit games models the
strategic interaction between an auditor with a single audit resource and
auditees as a Stackelberg game, augmenting associated well-studied security
games with a configurable punishment parameter. We significantly generalize
this audit game model to account for multiple audit resources where each
resource is restricted to audit a subset of all potential violations, thus
enabling application to practical auditing scenarios. We provide an FPTAS that
computes an approximately optimal solution to the resulting non-convex
optimization problem. The main technical novelty is in the design and
correctness proof of an optimization transformation that enables the
construction of this FPTAS. In addition, we experimentally demonstrate that
this transformation significantly speeds up computation of solutions for a
class of audit games and security games
Social Pressure in Opinion Games
Motivated by privacy and security concerns in online social networks, we study the role of social pressure in opinion games. These are games, important in economics and sociology, that model the formation of opinions in a social network. We enrich the definition of (noisy) best-response dynamics for opinion games by introducing the pressure, increasing with time, to reach an agreement. We prove that for clique social networks, the dynamics always converges to consensus (no matter the level of noise) if the social pressure is high enough. Moreover, we provide (tight) bounds on the speed of convergence; these bounds are polynomial in the number of players provided that the pressure grows sufficiently fast. We finally look beyond cliques: we characterize the graphs for which consensus is guaranteed, and make some considerations on the computational complexity of checking whether a graph satisfies such a condition
Secure Identification in Social Wireless Networks
The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices.
The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPP‟s Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future
Automatic Verification of Concurrent Stochastic Systems
Automated verification techniques for stochastic games allow formal reasoning
about systems that feature competitive or collaborative behaviour among
rational agents in uncertain or probabilistic settings. Existing tools and
techniques focus on turn-based games, where each state of the game is
controlled by a single player, and on zero-sum properties, where two players or
coalitions have directly opposing objectives. In this paper, we present
automated verification techniques for concurrent stochastic games (CSGs), which
provide a more natural model of concurrent decision making and interaction. We
also consider (social welfare) Nash equilibria, to formally identify scenarios
where two players or coalitions with distinct goals can collaborate to optimise
their joint performance. We propose an extension of the temporal logic rPATL
for specifying quantitative properties in this setting and present
corresponding algorithms for verification and strategy synthesis for a variant
of stopping games. For finite-horizon properties the computation is exact,
while for infinite-horizon it is approximate using value iteration. For
zero-sum properties it requires solving matrix games via linear programming,
and for equilibria-based properties we find social welfare or social cost Nash
equilibria of bimatrix games via the method of labelled polytopes through an
SMT encoding. We implement this approach in PRISM-games, which required
extending the tool's modelling language for CSGs, and apply it to case studies
from domains including robotics, computer security and computer networks,
explicitly demonstrating the benefits of both CSGs and equilibria-based
properties
Cyber-Detective: a game for cyber crime prevention
Technologies are increasingly becoming a part of the daily lives of younger generations and with no
supervised usage of these technologies, teenagers are exposed to various threats. To raise the awareness
of teenagers in ages between 14 and 17 years old, and to provide a methodological tool for educational
professionals working with the young and even for enforcement professionals investigating the
cyber cases, an educational game about cyber security was designed and prototyped.
A detective game was devised, where the player takes the role of a detective to investigate a cyber
crime. To solve the case, the player must play several mini-games, where each one explores a specific
thematic about cyber security. For example, in the prototype, the situation that the detective needs
to solve is a ransomware case. The situations are introduced by a tridimensional animation, which
appears as a cutscene introducing the game scene. It is an animation where one can see a teen trying
to buy a pair of sneakers online and after downloading an application suggested in the website, his
mobile phone is locked. Thus, he decides to search help from the police, where the detective will try
to solve the problem. For that, the player has to solve several mini-games about sharing information
in social networks, phishing and the importance of creating strong passwords. In these mini-games
the player makes decisions and learns based on that, i.e., at the end of each mini-game each decision
is explained to the player regardless of the choice being correct or incorrect. This way, the player is
always informed of the various situations that can occur based on their behavior/decisions online.
The prototype was developed for mobile devices and some preliminary tests were performed with
teenagers. The tests showed that the teenagers improved their cyber security knowledge after playing
the game.
A cyber security educational game can be used as a tool for younger generations because it uses the
technologies that are part of their daily lives and can contribute to the growing of their cyber security
awareness.
In the future, we hope to develop the full game, where other thematic will be included, namely, talking
with strangers in social networks, dangers related with the webcam and microphone, online piracy and
cyber bullying.info:eu-repo/semantics/publishedVersio
Game Theory Meets Network Security: A Tutorial at ACM CCS
The increasingly pervasive connectivity of today's information systems brings
up new challenges to security. Traditional security has accomplished a long way
toward protecting well-defined goals such as confidentiality, integrity,
availability, and authenticity. However, with the growing sophistication of the
attacks and the complexity of the system, the protection using traditional
methods could be cost-prohibitive. A new perspective and a new theoretical
foundation are needed to understand security from a strategic and
decision-making perspective. Game theory provides a natural framework to
capture the adversarial and defensive interactions between an attacker and a
defender. It provides a quantitative assessment of security, prediction of
security outcomes, and a mechanism design tool that can enable
security-by-design and reverse the attacker's advantage. This tutorial provides
an overview of diverse methodologies from game theory that includes games of
incomplete information, dynamic games, mechanism design theory to offer a
modern theoretic underpinning of a science of cybersecurity. The tutorial will
also discuss open problems and research challenges that the CCS community can
address and contribute with an objective to build a multidisciplinary bridge
between cybersecurity, economics, game and decision theory
- …