1 / 10

Incentive Compatible Assured Information Sharing

Incentive Compatible Assured Information Sharing. Murat Kantarcioglu. Incentive Issues in Assured Information Sharing. Misaligned incentives could be a significant problem in Information Security. Software bugs vs. Software companies’ incentives

chaela
Download Presentation

Incentive Compatible Assured Information Sharing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Incentive Compatible Assured Information Sharing Murat Kantarcioglu

  2. Incentive Issues in Assured Information Sharing • Misaligned incentives could be a significant problem in Information Security. • Software bugs vs. Software companies’ incentives • Incentive issues in information sharing have been explored to some extent • Incentive issues in file sharing p2p networks • Assured information sharing creates new challenges • Security considerations vs. Utility

  3. Understanding the Utility of Assured Information Sharing • Utility depends on many factors (not an exclusive list.) • Possible monetary payments for sharing data • Possible non-monetary benefits for sharing data • The data provided by the other participants. • Cost of not sharing • Cost of sharing • Cost of potential misuse • Cost of other parties cheating • Probability of misuse • Cost of enforcing security policies • Overall, our goal is to design systems to make sure that the expected benefit of assured information sharing is bigger than expected cost.

  4. Reducing the Cost of Assured Information Sharing • Reduce the probability of misuse • Share the data with only trusted sources • Future work: Seeing data as a sort of credit, we are working on new approaches based similar to “credit scores” used in practice. • Do not share the data directly but enable the computation of the end results. • Secure multi-party computation based approaches (Need to consider the “cost” of secure multi-party based approaches.) • Do not share correct data and still get the benefits. !!

  5. Reducing the Cost of Assured Information Sharing • Verify that the other participants do not lie about their data. • If the data is revealed as it is • Trust but verify • Our initial results: DKE ’08 , DBSEC ‘07 • If the data is not revealed (e.g., SMC techniques are used) • Non-cooperative computing • Mechanism design • SMC with rational adversaries.

  6. Non-cooperatively Computable Functions • Proposed by Shoham and Tennenholtz in 2005 • A function evaluation game for function f for where each xi belongs to different participants. • Assumes that each participating party values correctness over exclusivity. • Certain functions are not in NCC. • Some functions are not in NCC • Future work: Analyze important knowledge discovery functions to see which ones are in NCC.

  7. Incentive Compatible Functions • It is known that if the participants value correctness over everything else than the solution is easy. • If summation result is used for something critical task then each participant will reveal its correct value. • Our initial results for supply chain management • MSOM ’08 • Future work: Add additional incentives to increase the utility of the correct results.

  8. Possible Incentives for Assured Information Sharing • Payments/Rewards based on the goodness of the final result. • Future directions: Mechanisms for distributed data mining. • Final payments for a party P could be based on the accuracy of the final classifier and the accuracy of the classifier without the data provided by P • Future directions: Mechanisms without money.

  9. Reputation based Incentives • Reputation based approaches work in many different tasks. • eBay • Peer-to-peer systems • Building distributed reputation systems for assured information sharing. • Incentives could be set based on reputations. • Future directions: Create secure distributed reputation management system where non-sharing parties could be audited. • Future directions: Integrate such systems in AIS life cycle management framework.

  10. Behavioral Economics • Better understanding of human behavior in assured information sharing environments by designing various experiments. • Future work: Assured information sharing games • Give each participant, a share of the puzzle • Adjust game settings to see the effects of • Possible security policies • Possible end game incentives • Possible social relationships • Possible incentives during game playing

More Related