Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions

Current threat models typically consider all possible ways an attacker can penetrate a system and assign probabilities to each path according to some metric (e.g. time-to-compromise). In this paper we discuss how this view hinders the realness of both technical (e.g. attack graphs) and strategic (e.g. game theory) approaches of current threat modeling, and propose to steer away by looking more carefully at attack characteristics and attacker environment. We use a toy threat model for ICS attacks to show how a realistic view of attack instances can emerge from a simple analysis of attack phases and attacker limitations.Comment: Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defens

A Survey of Interdependent Information Security Games

Risks faced by information system operators and users are not only determined by their own security posture, but are also heavily affected by the security-related decisions of others. This interdependence between information system operators and users is a fundamental property that shapes the efficiency of security defense solutions. Game theory is the most appropriate method to model the strategic interactions between these participants. In this survey, we summarize game-theoretic interdependence models, characterize the emerging security inefficiencies, and present mechanisms to improve the security decisions of the participants. We focus our attention on games with interdependent defenders and do not discuss two-player attackerdefender games. Our goal is to distill the main insights from the state-of-the-art and to identify the areas that need more attention from the research community

On non-cooperative genomic privacy

Over the last few years, the vast progress in genome sequencing has highly increased the availability of genomic data. Today, individuals can obtain their digital genomic sequences at reasonable prices from many online service providers. Individuals can store their data on personal devices, reveal it on public online databases, or share it with third parties. Yet, it has been shown that genomic data is very privacysensitive and highly correlated between relatives. Therefore, individuals’ decisions about how to manage and secure their genomic data are crucial. People of the same family might have very different opinions about (i) how to protect and (ii) whether or not to reveal their genome. We study this tension by using a game-theoretic approach. First, we model the interplay between two purely-selfish family members. We also analyze how the game evolves when relatives behave altruistically. We define closed-form Nash equilibria in different settings. We then extend the game to N players by means of multi-agent influence diagrams that enable us to efficiently compute Nash equilibria. Our results notably demonstrate that altruism does not always lead to a more efficient outcome in genomic-privacy games. They also show that, if the discrepancy between the genome-sharing benefits that players perceive is too high, they will follow opposite sharing strategies, which has a negative impact on the familial utility. © International Financial Cryptography Association 2015

Interdependent Privacy Games: The Case of Genomics

Over the last few years, the vast progress in genome sequencing has highly increased the availability of genomic data. Today, individuals can obtain their digital genomic sequences at reasonable prices from many online service providers. Individuals can store their data on personal devices, reveal it on public online databases, or share it with third parties. Yet, it has been shown that genomic data is very privacy-sensitive and highly correlated between relatives. Therefore, individuals' decisions about how to manage and secure their genomic data are crucial. People of the same family might have very different opinions about (i) how to protect and (ii) whether or not to reveal their genome. We study this tension by using a game-theoretic approach. First, we model the interplay between two purely-selfish family members. We also analyze how the game evolves when relatives behave altruistically. We define closed-form Nash equilibria in different settings. We then extend the game to N players by means of multi-agent influence diagrams that enable us to efficiently compute Nash equilibria. Our results notably demonstrate that altruism does not always lead to a more efficient outcome in genomic-privacy games. They also show that, if the discrepancy between the genome-sharing benefits that players perceive is too high, they will follow opposite sharing strategies, which has a negative impact on the familial utility

Big Data in MultiAgent Systems: Market Design Solutions

El objetivo principal de esta Tesis es presentar un conjunto de novedosos y diferentes métodos en los que los sistemas multiagente pueden jugar un papel clave en predicciones y modelos económicos en un amplio conjunto de contextos. La hipótesis principal es que los sistemas multiagente permiten la creación de modelos macroeconómicos con microfundamentos reales que son capaces de representar la economía en los diferentes niveles de acuerdo con diferentes propósitos y necesidades. La investigación se estructura en seis capítulos. El Capítulo 1 es una introducción teórica al resto de los capítulos que presentan aplicaciones empíricas. En él se compara los sistemas multiagente con dos alternativas: los modelos de equilibrio general computable y la econometría espacial. El resto de los capítulos son intencionadamente diferentes en sus objetivos y sus contenidos. Estas cinco aplicaciones incorporan diferentes tipos de agentes: incluyen individuos (2, 5, 6), familias (2, 5), empresas (3, 5, 6), establecimientos (5), instituciones financieras (6) y usuarios (4). En el ámbito espacial, la desagregación espacial es deliberadamente diferente en cada aplicación: El capítulo 4 no incluye el espacio, El capítulo 6 es una aplicación para la zona euro en su conjunto y en el capítulo 3 se toma España en su conjunto. Los capítulos 2 y 5 exploran las dos de las principales posibilidades para la incorporación del espacio en los sistemas multiagente: el capítulo 2 incluye las regiones NUTS 3 de la Unión Europea y en el capítulo 5 se geolocalizan los agentes. En el capítulo 2 se desarrolla un sistema multiagente que incluye a todos los individuos de la Unión Europea. Con este sistema podemos predecir la población a escala regional para toda la Unión Europea y cómo distintos niveles de crecimiento económico repercuten asimismo sobre el empleo. En el capítulo 3 se presenta un modelo de simulación con los principales puntos de vista de la teoría de negocios para estudiar el crecimiento empresarial y la demografía empresarial en un modelo evolutivo estocástico. El modelo que se presenta también muestra cómo las empresas se adaptan a los cambios en las características deseadas del producto y el efecto de la crisis sobre estas dinámicas. El capítulo 4 discute el papel clave de los incentivos en la seguridad de los sistemas de información. Trabajos anteriores realizan este estudio utilizando un enfoque de teoría de juegos, pero el capítulo muestra que un modelo basado en agentes es capaz de incluir la heterogeneidad y las interrelaciones entre los individuos, y no se centra en el equilibrio alcanzado sino en la dinámica antes de su aparición. El objetivo del capítulo 5 es el estudio de los efectos de la Ley para la Revitalización Comercial (Ley de Dinamización Comercial) que fue aprobada en la Comunidad de Madrid durante el año 2012. Por último, el objetivo del capítulo 6 es explicar los determinantes de la inflación y pronosticar la tasa de inflación en la zona euro en los próximos cinco años. Se predice una inflación para la zona euro creciente hasta 2018 con un límite cercano al 2,5% en tasa interanual siempre que no se produzcan perturbaciones externas relevantes

Essays in Applied and Computational Game Theory

University of Minnesota Ph.D. dissertation.June 2019. Major: Economics. Advisor: Jan Werner. 1 computer file (PDF); viii, 123 pages.This dissertation considers computational and applied aspects of cooperative and non-cooperative game theory. The first chapter discusses a novel applied game theory approach within the field of vulnerability disclosure policy. I introduce a three-player game between software vendors, software users, and a hacker in which software vendors attempt to protect software users by releasing updates, i.e. disclosing a vulnerability, and the hacker is attempting to exploit vulnerabilities in the software package to attack the software users. The software users must determine whether the protection offered by the update outweighs the cost of installing the update. Following the model set up, I describe why low-type software users, software users that do not get much value out of the software and are thus not very damaged by an attack, prefer Non-Disclosure, and Disclosure can only be an optimal policy in cases when the cost to the hacker of searching for a zero-day vulnerability is small. Many economic problems are inherently non-linear, so in the second chapter we introduce the MGBA, the Modular Groebner Basis Approach, which is a solution technique from Algebraic Geometry that can be used to ``triangularize'' polynomial systems. The MGBA is a computational tool that overcomes the typical computational problems of intermediate coefficient swell and solving for lucky primes that can limit the ability to compute Groebner bases. The Groebner basis is an all-solution computational technique that can be applied to many fields in economics. This chapter focuses on applying the MGBA to Bertrand games with multiple equilibria and a manifold approach to solving dynamic programming problems. Advances in computational power and techniques have greatly benefited both economic theory, in allowing economists to solve more realistic models, and data analysis, such as machine learning. However, the field of cooperative game theory has fallen behind. Therefore, in the final chapter, I introduce the compression value, a computationally efficient approximation technique for the non-transferable utility (NTU) Shapley value. This algorithm gives a reasonable approximation of the NTU Shapley value if the initial guess of Pareto weights is near the actual solution

When Others Impinge upon Your Privacy:Interdependent Risks and Protection in a Connected World

Privacy is defined as the right to control, edit, manage, and delete information about oneself and decide when, how, and to what extent this information is communicated to others. Therefore, every person should ideally be empowered to manage and protect his own data, individually and independently of others. This assumption, however, barely holds in practice, because people are by nature biologically and socially interconnected. An individual's identity is essentially determined at the biological and social levels. First, a person is biologically determined by his DNA, his genes, that fully encode his physical characteristics. Second, human beings are social animals, with a strong need to create ties and interact with their peers. Interdependence is present at both levels. At the biological level, interdependence stems from genetic inheritance. At the social level, interdependence emerges from social ties. In this thesis, we investigate whether, in today's highly connected world, individual privacy is in fact achievable, or if it is almost impossible due to the inherent interdependence between people. First, we study interdependent privacy risks at the social level, focusing on online social networks (OSNs), the digital counterpart of our social lives. We show that, even if an OSN user carefully tunes his privacy settings in order to not be present in any search directory, it is possible for an adversary to find him by using publicly visible attributes of other OSN users. We demonstrate that, in OSNs where privacy settings are not aligned between users and where some users reveal a (even limited) set of attributes, it is almost impossible for a specific user to hide in the crowd. Our navigation attack complements existing work on inference attacks in OSNs by showing how we can efficiently find targeted profiles in OSNs, which is a necessary precondition for any targeted attack. Our attack also demonstrates the threat on OSN-membership privacy. Second, we investigate upcoming interdependent privacy risks at the biological level. More precisely, due to the recent drop in costs of genome sequencing, an increasing number of people are having their genomes sequenced and share them online and/or with third parties for various purposes. However, familial genetic dependencies induce indirect genomic privacy risks for the relatives of the individuals who share their genomes. We propose a probabilistic framework that relies upon graphical models and Bayesian inference in order to formally quantify genomic privacy risks. Then, we study the interplay between rational family members with potentially conflicting interests regarding the storage security and disclosure of their genomic data. We consider both purely selfish and altruistic behaviors, and we make use of multi-agent influence diagrams to efficiently derive equilibria in the general case where more than two relatives interact with each other. We also propose an obfuscation mechanism in order to reconcile utility with privacy in genomics, in the context where all family members are cooperative and care about each other's privacy. Third, we study privacy-enhancing systems, such as anonymity networks, where users do not damage other users' privacy but are actually needed in order to protect privacy. In this context, we show how incentives based on virtual currency can be used and their amount optimized in order to foster cooperation between users and eventually improve everyone's privacy.[...