Compliance control: Managed vulnerability surface in social-technological systems via signaling games

Will Casey; Quanyan Zhu; Jose Andre Morales; Bud Mishra

doi:10.1145/2808783.2808788

Compliance control: Managed vulnerability surface in social-technological systems via signaling games

Will Casey, Quanyan Zhu, Jose Andre Morales, Bud Mishra

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The agents of an organization, in fulfillment of their tasks, generate a cyber-physical-human trace, which is amenable to formal analysis with modal logic to verify safety and liveness properties. Trusted but non-trustworthy agents within an organization may attempt to conceal their true intentions, develop deceptive strategies, and exploit the organization-a scenario modeled here as a basic compliance signaling game. The challenge for the organization, only partially informed of its own true state, is in measuring and estimating its own safety and liveness properties as accurately as possible-the subject of this paper. To improve measurements, we suggest counter strategies where the organization presents honey objectives on a closely monitored attack surface to elicit exploitive actions and to estimate its own safety properties, an activity required for an adaptive response aiming to manage an organization's vulnerability and safety surfaces. We expand the basic game to a system of social-technological agents and tailor the encounter structure of evolutionary games to one that best fits a typical organization. Focusing on these double-sided signaling games (compliance and measure) within a system of social-technological agents, we outline a simple gradient ascent-based control mechanism and report on its ability to select and stabilize desirable equilibria despite the typical non-stationarity and chaos within evolutionary game systems. We clarify the design of our feedback-driven control system by using behavioral sensing, estimation and numerical optimization, and actuation with micro-incentives.

Original language	English (US)
Title of host publication	MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015
Publisher	Association for Computing Machinery, Inc
Pages	53-62
Number of pages	10
ISBN (Electronic)	9781450338240
DOIs	https://doi.org/10.1145/2808783.2808788
State	Published - Oct 16 2015
Event	7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015 - Denver, United States Duration: Oct 12 2015 → …

Publication series

Name	MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015

Other

Other	7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015
Country	United States
City	Denver
Period	10/12/15 → …

ASJC Scopus subject areas

Information Systems
Computer Science Applications

Access to Document

10.1145/2808783.2808788

Fingerprint Dive into the research topics of 'Compliance control: Managed vulnerability surface in social-technological systems via signaling games'. Together they form a unique fingerprint.

Cite this

Casey, W., Zhu, Q., Morales, J. A., & Mishra, B. (2015). Compliance control: Managed vulnerability surface in social-technological systems via signaling games. In MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015 (pp. 53-62). (MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015). Association for Computing Machinery, Inc. https://doi.org/10.1145/2808783.2808788

Compliance control : Managed vulnerability surface in social-technological systems via signaling games. / Casey, Will; Zhu, Quanyan; Morales, Jose Andre; Mishra, Bud.

MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015. Association for Computing Machinery, Inc, 2015. p. 53-62 (MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Casey, W, Zhu, Q, Morales, JA & Mishra, B 2015, Compliance control: Managed vulnerability surface in social-technological systems via signaling games. in MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015. MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015, Association for Computing Machinery, Inc, pp. 53-62, 7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015, Denver, United States, 10/12/15. https://doi.org/10.1145/2808783.2808788

Casey W, Zhu Q, Morales JA, Mishra B. Compliance control: Managed vulnerability surface in social-technological systems via signaling games. In MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015. Association for Computing Machinery, Inc. 2015. p. 53-62. (MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015). https://doi.org/10.1145/2808783.2808788

Casey, Will ; Zhu, Quanyan ; Morales, Jose Andre ; Mishra, Bud. / Compliance control : Managed vulnerability surface in social-technological systems via signaling games. MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015. Association for Computing Machinery, Inc, 2015. pp. 53-62 (MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015).

@inproceedings{0863202255a545178960e5a3d29717f7,

title = "Compliance control: Managed vulnerability surface in social-technological systems via signaling games",

abstract = "The agents of an organization, in fulfillment of their tasks, generate a cyber-physical-human trace, which is amenable to formal analysis with modal logic to verify safety and liveness properties. Trusted but non-trustworthy agents within an organization may attempt to conceal their true intentions, develop deceptive strategies, and exploit the organization-a scenario modeled here as a basic compliance signaling game. The challenge for the organization, only partially informed of its own true state, is in measuring and estimating its own safety and liveness properties as accurately as possible-the subject of this paper. To improve measurements, we suggest counter strategies where the organization presents honey objectives on a closely monitored attack surface to elicit exploitive actions and to estimate its own safety properties, an activity required for an adaptive response aiming to manage an organization's vulnerability and safety surfaces. We expand the basic game to a system of social-technological agents and tailor the encounter structure of evolutionary games to one that best fits a typical organization. Focusing on these double-sided signaling games (compliance and measure) within a system of social-technological agents, we outline a simple gradient ascent-based control mechanism and report on its ability to select and stabilize desirable equilibria despite the typical non-stationarity and chaos within evolutionary game systems. We clarify the design of our feedback-driven control system by using behavioral sensing, estimation and numerical optimization, and actuation with micro-incentives.",

author = "Will Casey and Quanyan Zhu and Morales, {Jose Andre} and Bud Mishra",

year = "2015",

month = oct,

day = "16",

doi = "10.1145/2808783.2808788",

language = "English (US)",

series = "MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015",

publisher = "Association for Computing Machinery, Inc",

pages = "53--62",

booktitle = "MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015",

note = "7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015 ; Conference date: 12-10-2015",

}

TY - GEN

T1 - Compliance control

T2 - 7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015

AU - Casey, Will

AU - Zhu, Quanyan

AU - Morales, Jose Andre

AU - Mishra, Bud

PY - 2015/10/16

Y1 - 2015/10/16

N2 - The agents of an organization, in fulfillment of their tasks, generate a cyber-physical-human trace, which is amenable to formal analysis with modal logic to verify safety and liveness properties. Trusted but non-trustworthy agents within an organization may attempt to conceal their true intentions, develop deceptive strategies, and exploit the organization-a scenario modeled here as a basic compliance signaling game. The challenge for the organization, only partially informed of its own true state, is in measuring and estimating its own safety and liveness properties as accurately as possible-the subject of this paper. To improve measurements, we suggest counter strategies where the organization presents honey objectives on a closely monitored attack surface to elicit exploitive actions and to estimate its own safety properties, an activity required for an adaptive response aiming to manage an organization's vulnerability and safety surfaces. We expand the basic game to a system of social-technological agents and tailor the encounter structure of evolutionary games to one that best fits a typical organization. Focusing on these double-sided signaling games (compliance and measure) within a system of social-technological agents, we outline a simple gradient ascent-based control mechanism and report on its ability to select and stabilize desirable equilibria despite the typical non-stationarity and chaos within evolutionary game systems. We clarify the design of our feedback-driven control system by using behavioral sensing, estimation and numerical optimization, and actuation with micro-incentives.

AB - The agents of an organization, in fulfillment of their tasks, generate a cyber-physical-human trace, which is amenable to formal analysis with modal logic to verify safety and liveness properties. Trusted but non-trustworthy agents within an organization may attempt to conceal their true intentions, develop deceptive strategies, and exploit the organization-a scenario modeled here as a basic compliance signaling game. The challenge for the organization, only partially informed of its own true state, is in measuring and estimating its own safety and liveness properties as accurately as possible-the subject of this paper. To improve measurements, we suggest counter strategies where the organization presents honey objectives on a closely monitored attack surface to elicit exploitive actions and to estimate its own safety properties, an activity required for an adaptive response aiming to manage an organization's vulnerability and safety surfaces. We expand the basic game to a system of social-technological agents and tailor the encounter structure of evolutionary games to one that best fits a typical organization. Focusing on these double-sided signaling games (compliance and measure) within a system of social-technological agents, we outline a simple gradient ascent-based control mechanism and report on its ability to select and stabilize desirable equilibria despite the typical non-stationarity and chaos within evolutionary game systems. We clarify the design of our feedback-driven control system by using behavioral sensing, estimation and numerical optimization, and actuation with micro-incentives.

UR - http://www.scopus.com/inward/record.url?scp=84956705805&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84956705805&partnerID=8YFLogxK

U2 - 10.1145/2808783.2808788

DO - 10.1145/2808783.2808788

M3 - Conference contribution

AN - SCOPUS:84956705805

T3 - MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015

SP - 53

EP - 62

BT - MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015

PB - Association for Computing Machinery, Inc

Y2 - 12 October 2015

ER -