100 likes | 198 Views
Incentive Compatible Assured Information Sharing. Murat Kantarcioglu. Incentive Issues in Assured Information Sharing. Misaligned incentives could be a significant problem in Information Security. Software bugs vs. Software companies’ incentives
E N D
Incentive Compatible Assured Information Sharing Murat Kantarcioglu
Incentive Issues in Assured Information Sharing • Misaligned incentives could be a significant problem in Information Security. • Software bugs vs. Software companies’ incentives • Incentive issues in information sharing have been explored to some extent • Incentive issues in file sharing p2p networks • Assured information sharing creates new challenges • Security considerations vs. Utility
Understanding the Utility of Assured Information Sharing • Utility depends on many factors (not an exclusive list.) • Possible monetary payments for sharing data • Possible non-monetary benefits for sharing data • The data provided by the other participants. • Cost of not sharing • Cost of sharing • Cost of potential misuse • Cost of other parties cheating • Probability of misuse • Cost of enforcing security policies • Overall, our goal is to design systems to make sure that the expected benefit of assured information sharing is bigger than expected cost.
Reducing the Cost of Assured Information Sharing • Reduce the probability of misuse • Share the data with only trusted sources • Future work: Seeing data as a sort of credit, we are working on new approaches based similar to “credit scores” used in practice. • Do not share the data directly but enable the computation of the end results. • Secure multi-party computation based approaches (Need to consider the “cost” of secure multi-party based approaches.) • Do not share correct data and still get the benefits. !!
Reducing the Cost of Assured Information Sharing • Verify that the other participants do not lie about their data. • If the data is revealed as it is • Trust but verify • Our initial results: DKE ’08 , DBSEC ‘07 • If the data is not revealed (e.g., SMC techniques are used) • Non-cooperative computing • Mechanism design • SMC with rational adversaries.
Non-cooperatively Computable Functions • Proposed by Shoham and Tennenholtz in 2005 • A function evaluation game for function f for where each xi belongs to different participants. • Assumes that each participating party values correctness over exclusivity. • Certain functions are not in NCC. • Some functions are not in NCC • Future work: Analyze important knowledge discovery functions to see which ones are in NCC.
Incentive Compatible Functions • It is known that if the participants value correctness over everything else than the solution is easy. • If summation result is used for something critical task then each participant will reveal its correct value. • Our initial results for supply chain management • MSOM ’08 • Future work: Add additional incentives to increase the utility of the correct results.
Possible Incentives for Assured Information Sharing • Payments/Rewards based on the goodness of the final result. • Future directions: Mechanisms for distributed data mining. • Final payments for a party P could be based on the accuracy of the final classifier and the accuracy of the classifier without the data provided by P • Future directions: Mechanisms without money.
Reputation based Incentives • Reputation based approaches work in many different tasks. • eBay • Peer-to-peer systems • Building distributed reputation systems for assured information sharing. • Incentives could be set based on reputations. • Future directions: Create secure distributed reputation management system where non-sharing parties could be audited. • Future directions: Integrate such systems in AIS life cycle management framework.
Behavioral Economics • Better understanding of human behavior in assured information sharing environments by designing various experiments. • Future work: Assured information sharing games • Give each participant, a share of the puzzle • Adjust game settings to see the effects of • Possible security policies • Possible end game incentives • Possible social relationships • Possible incentives during game playing