Add to collection(s) Add to saved
  1. Business
  2. Finance
  3. Investing

Foundations for Risk Management of IT Security

advertisement 
Risk Models and Controlled
Mitigation of IT Security
R. Ann Miura-Ko
Stanford University
February 27, 2009
Attackers and Defenders
Denial of
Policies
Service
Firewalls
Viruses and
Worms
Backup /
Redundancy
Data sniffing /
spoofing
Defenders
Intrusion
Detection
Unauthorized
Access
Anti-Virus
Software
Port scanning
Authentication /
Authorization
Malware /
Trojans
Encryption
Malicious
Attackers
Thesis Overview
• Mathematical modeling of IT Risk encompasses a large and
relatively uncharted territory
• Modeled selected anchor points within the space focused on
different levels of decision making:
Inter-Organization and
Industry level Investments
How do organizations invest their
limited resources given the
relationships they have with one
another?
Enterprise level resource
allocation
Given an IT budget, how should a
manager spend those resources
over time?
Physical layer control
How do you design the physical
infrastructure to meet reliability and
security requirements?
Motivating Example: Web Authentication
• Same / similar username
and password for multiple
sites
• Security not equally
important to all sites
Shared risk for all
Literature Background
• Interdependent Security
▫ IT Security Leads to Externalities: Camp (2004)
▫ Tipping Point for Investments: Kunreuther and Heal
(2003)
▫ Free Riding: Varian (2004)
• Network Game Theory
▫ Network Games: Galeotti et al. (2006)
▫ Linear Influence Network Games: Balleste and CalvoArmengol (2007)
Model Fundamentals
• Companies make investments in security
• Companies have complex interdependencies
▫ Complementarities and competition
▫ Leads to positive and negative interactions
Who invests and how much?
 Can we improve this equilibrium?
What does the model say about policy?


Network Model
• Network = Directed Graph
-.1
-.1
-.1
.2
.1
-.1 .1
-.1
.2
.2
-.1
.1
-.1
-.1 .2
-.1
-.1
▫ Nodes = Decision making
agents
▫ Links = influence / interaction
▫ Weights = degree of influence
.1
.1
.2
Incentive Model
• Each agent, i, selects
investment, xi
• Security of i determined by
total effective investment:
-.1
-.1
• Cost of investment:
• Net benefit:
.2
.1
-.1 .1
-.1
.2
.2
-.1
.1
-.1
-.1 .2
-.1
• Benefit received by agent i:
-.1
-.1
.1
.1
.2
How will agents react?
• Single stage game of complete information
• All agents maximize their utility function:
• bi is where the marginal cost = marginal benefit for
agent i
• If neighbor’s contribution >
bi, xi=0
• If neighbor’s contribution <
bi, xi = difference
slope = ci
Vi
bi
xi
What is an equilibrium?
• Nash Equilibrium
▫ Stable point (vector of investments) at which no
agent has incentive to change their current
strategy
▫ This happens when:
▫ Leverage Linear Complementarity literature
Existence and Uniqueness
• Proposition 1: If W is strictly diagonally
dominant,
, then there
exists a unique Nash Equilibrium for the
proposed game
• Proof: Follows from standard LCP results which
states that any P matrix (one with positive
principal minors) will have a unique solution to
the optimization problem. We simply show that
a W matrix is a P matrix.
Convergence
• Proposition 2: If W is strictly diagonally dominant,
, then asynchronous best
response dynamics converges to the unique Nash
Equilibrium from any starting point x(0)>0. The best
response dynamics are described by:
• Proof: Follows from standard LCP results which
provides a synchronous algorithm. Using the
Asynchronous Convergence Theorem (Bertsekas),
we can establish that the ABRD also converges
Free Riding
• One measure of contribution relative to what they
Impact of
need, free riding index:
neighbors’
investments
Investment
made by i with
no neighbors
• Another measure of relative contribution allows for
network effects to be taken into account, fair share
index:
Contribution of player i
in networked
environment
Contribution of player i
if all players are
isolated
Web Authentication Example
• Utility function:
-.1 -.1-.1
-.1
-.1
-.1
-.1
-.1
.2 .2
.1
.1
-.1-.1
.1 .1
.2
.2
.2
-.1
-.1
.1
.1
-.1 .2
-.1
.1
-.1
-.1 -.1
-.1 -.1
-.1 .2
.1
.2
.1
.2
.1
.2
Improving the Equilibrium
• Theorem 1: Suppose xi > 0 and xj> 0 for some
i≠j. Then, there exists continuous trajectories,
W(t) = (wkl(t)) and x∗(t) = (xk(t)) with t∈ [0, T ]
such that:
1.
2.
3.
4.
5.
x∗(0) = x∗ , W(0) = W
x∗(t) is the (unique) equilibrium under W(t) ∀ t
xi(t) and xj(t) are strictly decreasing in t
xk(t) is constant for all k∉{i, j} and all t
W(t) is component-wise differentiable and
increasing in t (weakly, in magnitude)
Improving the Equilibrium
• Proof sketch of Theorem 1:
▫ Observe: if the effective
investments over the purple
links are not changed, the
investments in Group B will
not change
▫ Pick 2 nodes: i,j
▫ For k∉{i.j}
3
5
2
6
1
Group A
4
Group B
Improvements to Equilibrium
• A linear increase in the strength of the links
results in a nonlinear decrease in investments
between nodes 1 and 2
Qualitative Implications
• For web authentication:
▫ Should high risk organizations subsidize the IT
budgets of low risk organizations (e.g. Citibank
works with non-profits to aid their authentication
efforts)?
▫ Should government label websites by risk factor
so users know which sites they can safely group
together with a single password?
Related documents
principles of macroeconomics exam 1 study guide 1. (1 question, 5
principles of macroeconomics exam 1 study guide 1. (1 question, 5
Instructors Notes
Instructors Notes
Physics 108
Physics 108
Chapter 6 Questions
Chapter 6 Questions
UNIT 14 Exercises
UNIT 14 Exercises
proj_2
proj_2
Peer Effects and the Promise of Social Mobility: ∗ Chris Bidner
Peer Effects and the Promise of Social Mobility: ∗ Chris Bidner
Incomplete Contracts in Dynamic Games Bård Harstad () 6 July 2010
Incomplete Contracts in Dynamic Games Bård Harstad () 6 July 2010
Download
advertisement