audit games jeremiah blocki, nicolas christin, anupam datta, ariel d. procaccia, arunesh sinha 1...
DESCRIPTION
Auditing Permissive real time access control policy Inspect accesses after occurrence Find and punish policy violators How does it help? Deter potential violators Take remedial measures to prevent future losses 3TRANSCRIPT
![Page 1: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/1.jpg)
1
Audit Games
Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha
Carnegie Mellon University
![Page 2: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/2.jpg)
2
Motivation
![Page 3: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/3.jpg)
3
Auditing Permissive real time access control policy Inspect accesses after occurrence Find and punish policy violators
How does it help? Deter potential violators Take remedial measures to prevent future losses
![Page 4: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/4.jpg)
4
Auditing for Policy Enforcement
HIPAA
GLBA
EU Data Protection Directive
![Page 5: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/5.jpg)
5
Auditing in Practice FairWarning Audit Tool for hospitals
Flags all celebrity record accesses as suspicious Place traffic police at strategic locations
Intelligent heuristics, but, no mathematical model or guarantees
![Page 6: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/6.jpg)
6
Why study Audit Process? Optimize costs expended in auditing
Audits costs money
Prevent violations Decide appropriate punishment for deterrence
Efficiently computable audit strategies Enable cost-optimal prioritized inspections
![Page 7: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/7.jpg)
7
Outline Simple rational game model
Example
Main Algorithm for computing equilibrium Example
Future Work
![Page 8: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/8.jpg)
8
Simple Rational ModelSimple Rational Model
Adversary: violation, fined if detected Utility when target is attacked
targets
inspection𝑝1 𝑝2 𝑝3 𝑝4
Utility when auditedUtility when unaudited
![Page 9: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/9.jpg)
9
Punishment as an Action
High Punishment: Hostile Work Environment
Low Punishment: No incentive to follow policy.
x
Simple Rational Model
![Page 10: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/10.jpg)
10
Stackelberg Equilibrium Concept Defender commits to a randomized resource
allocation strategy (’s and ) Adversary plays best response to that
strategy
For defender Stackelberg better than Nash eq.
Goal Compute optimal defender strategy
Simple Rational Model
![Page 11: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/11.jpg)
11
Small exampleExample
2 2 31 0.1 0.5
Utility audited ()Utility unaudited ()
0.25 0.5 0.251 1 1
Utility audited ()Utility unaudited ()
Defender’s utility
Adversary’s utility
𝑝𝑖𝑈𝑎 ,𝐷 ( 𝑡𝑖 )+ (1−𝑝𝑖)𝑈𝑢 ,𝐷 (𝑡𝑖 )−𝑎0𝑥
𝑝𝑖(𝑈𝑎 , 𝐴(𝑡 𝑖) – 𝑥 )+ (1−𝑝𝑖)𝑈𝑢 , 𝐴(𝑡 𝑖)
= 0.5
![Page 12: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/12.jpg)
12
Example contd.Example
Defender’s Stackelberg strategy (utility )
Adversary’s strategy: Attack target
Fix , equivalent to security games (utility )
0.285 0.43 0.285
0.43 0.57 0 0.25
![Page 13: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/13.jpg)
13
Computing Optimal Defender StrategySolve optimization problems for all and pick the best solution
subject to
and ’s lie on the probability simplexand
QuadraticNon-
convex
Simple Rational Model
![Page 14: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/14.jpg)
Properties of Optimal Point
14
Problem
𝑥
𝑝𝑖
TightConstraint
s
𝐶1
𝐶2𝐶3
𝐶41
1
Main Algorithm
![Page 15: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/15.jpg)
15
Main Idea in Algorithm
Iterate over regions, solve sub-problems Set probabilities to zero for curves that lie above & make other
constraints tight Pick best solution of all
𝑥
𝛿=−3𝛿=−2𝛿=−1
𝛿=1− Δn 1
1
Main Algorithm
![Page 16: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/16.jpg)
16
Solving Sub-problem 1.Objective can reduced to a polynomial function of
2. Find potential points of maxima by finding roots
3. Take the maximum over all values from steps 2
Splitting circle method: approximate real roots with precision in time polynomial in input size and
Main Algorithm
![Page 17: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/17.jpg)
17
Main Theorem The problem can be approximated to an
additive ϵ factor in time using the splitting circle method, where K is the bit precision of inputs.
Main Algorithm
![Page 18: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/18.jpg)
18
0.285 0.43 0.285 0
Varying cost of punishment , medium cost of punishment
, high cost of punishment
, low cost of punishment
0.43 0.57 0 0.25
0.46 0.54 0 0.99
Example
![Page 19: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/19.jpg)
19
Future Work Studying security games variations in audit
games Budget-constrained defender Combinatorial constraints on use of defender
resources
Varying punishment with violation severity
Validation: Simulation: studying effect of various parameters Real world case study
Future Work
![Page 20: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/20.jpg)
20
Conclusion
First model of auditing and first step toward a computationally
feasible solution of audit games.
Research at the intersection of AI and security & privacy holds lot of promise, given the encouraging precedent set by the deployment of security games
algorithms
![Page 21: Audit Games Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, Arunesh Sinha 1 Carnegie Mellon University](https://reader036.vdocument.in/reader036/viewer/2022062523/5a4d1afa7f8b9ab0599836eb/html5/thumbnails/21.jpg)
21
Extensions inspections performed by single resource
Probability sum to : Each inspection’s probability distribution is Decompose using Birkhoff-von Neumann
decomposition
Zero violations by the adversary With no punishment Adds an additional non-convex constraint Handled in almost same way as the other
constraints
Extensions