Towards formal analysis of insider threats for auctions

This paper brings together the world of insider threats and auctions. For online-auction systems, like eBay, but also for high-value one-off auction algorithms as they are used for selling radio wave frequencies, the use of rigorous machine supported modelling and verification techniques is meaningful to prove correctness and scrutinize vulnerability to security and privacy attacks. Surveying the threats in auctions and insider collusions, we present an approach to model and analyze auction protocols for insider threats using the interactive theorem prover Isabelle. As a case study, we use the cocaine auction protocol that represents a nice combination of cryptographic techniques, protocols, and privacy goals suitable for highlighting insider threats for auctions

Towards formal analysis of insider threats for auctions

This paper brings together the world of insider threats and auctions. For online-auction systems, like eBay, but also for high-value one-off auction algorithms as they are used for selling radio wave frequencies, the use of rigorous machine supported modelling and verification techniques is meaningful to prove correctness and scrutinize vulnerability to security and privacy attacks. Surveying the threats in auctions and insider collusions, we present an approach to model and analyze auction protocols for insider threats using the interactive theorem prover Isabelle. As a case study, we use the cocaine auction protocol that represents a nice combination of cryptographic techniques, protocols, and privacy goals suitable for highlighting insider threats for auctions

Insider threats for auctions: formalization, mechanized proof, and code generation

This paper applies machine assisted formal methods to explore insider threats for auctions. Auction systems, like eBay, are an important problem domain for formal analysis because they challenge modelling concepts as well as analysis methods. We use machine assisted formal modelling and proof in Isabelle to demonstrate how security and privacy goals of auction protocols can be formally verified. Applying the costly scrutiny of formal methods is justified for auctions since privacy and trust are prominent issues and auctions are sometimes designed for one-off occasions where high bids are at stake. For example, when radio wave frequencies are on sale, auctions are especially created for just one occasion where fair and consistent behaviour is required. Investigating the threats in auctions and insider collusions, we model and analyze auction protocols for insider threats using the interactive theorem prover Isabelle. We use the existing example of a fictitious cocaine auction protocol from the literature to develop and illustrate our approach. Combining the Isabelle Insider framework with the inductive approach to verifying security protocols in Isabelle, we formalize the cocaine auction protocol, prove that this formal definition excludes sweetheart deals, and also that collusion attacks cannot generally be excluded. The practical implication of the formalization is demonstrated by code generation. Isabelle allows generating code from constructive specifications into the programming language Scala. We provide constructive test functions for cocaine auction traces, prove within Isabelle that these functions conform to the protocol definition, and apply code generation to produce an implementation of the executable test predicate for cocaine auction traces in Scala

Insider threats for auctions: formalization, mechanized proof, and code generation

This paper applies machine assisted formal methods to explore insider threats for auctions. Auction systems, like eBay, are an important problem domain for formal analysis because they challenge modelling concepts as well as analysis methods. We use machine assisted formal modelling and proof in Isabelle to demonstrate how security and privacy goals of auction protocols can be formally verified. Applying the costly scrutiny of formal methods is justified for auctions since privacy and trust are prominent issues and auctions are sometimes designed for one-off occasions where high bids are at stake. For example, when radio wave frequencies are on sale, auctions are especially created for just one occasion where fair and consistent behaviour is required. Investigating the threats in auctions and insider collusions, we model and analyze auction protocols for insider threats using the interactive theorem prover Isabelle. We use the existing example of a fictitious cocaine auction protocol from the literature to develop and illustrate our approach. Combining the Isabelle Insider framework with the inductive approach to verifying security protocols in Isabelle, we formalize the cocaine auction protocol, prove that this formal definition excludes sweetheart deals, and also that collusion attacks cannot generally be excluded. The practical implication of the formalization is demonstrated by code generation. Isabelle allows generating code from constructive specifications into the programming language Scala. We provide constructive test functions for cocaine auction traces, prove within Isabelle that these functions conform to the protocol definition, and apply code generation to produce an implementation of the executable test predicate for cocaine auction traces in Scala

Explanation by automated reasoning using the Isabelle Infrastructure framework

In this paper, we propose the use of interactive the- orem proving for explainable machine learning. After presenting our proposition, we illustrate it on the dedicated application of explaining security attacks using the Isabelle Infrastructure framework and its process of dependability engineering. This formal framework and process provides the logics for specifi- cation and modeling. Attacks on security of the system are ex- plained by specification and proofs in the Isabelle Infrastructure framework. Existing case studies of dependability engineering in Isabelle are used as feasibility studies to illustrate how different aspects of explanations are covered by the Isabelle Infrastructure framework

Pandoras Box: Does Electronic Commerce Increase the Optimal Amount of Fraud?

Close business relationships are important in the food industry. However, the introduction of electronic commerce has emerged as a fundamental challenge to these relationships. In particular, retailers who start procuring private label food products in electronic auctions risk the termination of the relationships with their suppliers thus losing the value derived from these relationships. Instead, they move their focal interest towards single, unrelated transactions. The authors argue that this development increases the optimal amount of fraud in electronic commerce. In this context, they analyze the occurrence of opportunism.Relationships, information asymmetry, auctions, opportunism, economics of information, Marketing,

Exploring rationality of self awareness in social networking for logical modeling of unintentional insiders

Unawareness of privacy risks together with approval seeking motivations make humans enter too much detail into the likes of Facebook, Twitter, and Instagram. To test whether the rationality principle applies, we construct a tool that shows to a user what is known publicly on social networking sites about her. In our experiment, we check whether this revelation changes human behaviour. To extrapolate and generalize, we use the insights gained by practical experimentation. Unaware users can become targeted by attackers. They then become unintentional insid- ers. We demonstrate this by extending the Isabelle Insider framework to accommodate a formal model of unintentional insiders, an open problem with long standing

Exploring rationality of self awareness in social networking for logical modeling of unintentional insiders

Unawareness of privacy risks together with approval seeking motivations make humans enter too much detail into the likes of Facebook, Twitter, and Instagram. To test whether the rationality principle applies, we construct a tool that shows to a user what is known publicly on social networking sites about her. In our experiment, we check whether this revelation changes human behaviour. To extrapolate and generalize, we use the insights gained by practical experimentation. Unaware users can become targeted by attackers. They then become unintentional insid- ers. We demonstrate this by extending the Isabelle Insider framework to accommodate a formal model of unintentional insiders, an open problem with long standing

The vicious circles of control - regional governments and insiders in privatized Russian enterprises

How can one account for the puzzling behavior of insider-managers who, in stripping assets from the veryfirms they own, appear to be stealing from one pocket to fill the other? The authors suggest that such asset-stripping and failure to restructure are the consequences of interactions between insiders (manager-owners) and regional governments in a particular property rights regime. In this regime, the ability to realize value is limited by uncertainty and illiquidity, so managers have little incentive to increase value. As the central institutions that rule Russia have ceded their powers to the regions, regional governments have imposed various distortions on enterprises to protect local employment. Prospective outsider-investors doubt they can acquire the control rights they need for restructuring firms and doubt they can avoid the distortions regional governments impose on the firms in which they might invest. The result: little restructuring and little new investment. And regional governments, knowing the firms'taxable cash flows will have been reduced through cash flow diversion, have responded by collecting revenues in kind. To disentangle these vicious circles of control, the authors propose a pilot for transforming ownership in insider-dominated firms through a system of simultaneous tax-debt-for-equity conversion and resale through competitive auctions. The objective: to show regional governments, for example, that a more sustainable way to protect employment is to give managers incentives to increase enterprises'value by transferring effective control to investors. The proposed mechanism would provide cash benefits to insiders who agree to sell control to outside investors. The increased cash revenue (rather than in-kind or money surrogates) would enable regional governments to finance safety nets for the unemployed and to promote other regional initiatives.International Terrorism&Counterterrorism,Municipal Financial Management,Banks&Banking Reform,Economic Theory&Research,Payment Systems&Infrastructure,Municipal Financial Management,Economic Theory&Research,National Governance,Environmental Economics&Policies,Banks&Banking Reform

Privatization in the Russian Federation

The aim of this paper is providing an overview of the privatization process in the Russian Federation. The first section focuses on the experience with management and employee-buyouts in the Russian Federation, the second part explores two sides of the privatization process: the mass privatization and the voucher system.privatization, transition, Russian Federation, employee-buyouts, mass privatization, voucher system