Compliance control: Managed vulnerability surface in social-technological systems via signaling games

Will Casey, Quanyan Zhu, Jose Andre Morales, Bud Mishra

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The agents of an organization, in fulfillment of their tasks, generate a cyber-physical-human trace, which is amenable to formal analysis with modal logic to verify safety and liveness properties. Trusted but non-trustworthy agents within an organization may attempt to conceal their true intentions, develop deceptive strategies, and exploit the organization-a scenario modeled here as a basic compliance signaling game. The challenge for the organization, only partially informed of its own true state, is in measuring and estimating its own safety and liveness properties as accurately as possible-the subject of this paper. To improve measurements, we suggest counter strategies where the organization presents honey objectives on a closely monitored attack surface to elicit exploitive actions and to estimate its own safety properties, an activity required for an adaptive response aiming to manage an organization's vulnerability and safety surfaces. We expand the basic game to a system of social-technological agents and tailor the encounter structure of evolutionary games to one that best fits a typical organization. Focusing on these double-sided signaling games (compliance and measure) within a system of social-technological agents, we outline a simple gradient ascent-based control mechanism and report on its ability to select and stabilize desirable equilibria despite the typical non-stationarity and chaos within evolutionary game systems. We clarify the design of our feedback-driven control system by using behavioral sensing, estimation and numerical optimization, and actuation with micro-incentives.

Original languageEnglish (US)
Title of host publicationMIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015
PublisherAssociation for Computing Machinery, Inc
Pages53-62
Number of pages10
ISBN (Electronic)9781450338240
DOIs
StatePublished - Oct 16 2015
Event7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015 - Denver, United States
Duration: Oct 12 2015 → …

Publication series

NameMIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015

Other

Other7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015
CountryUnited States
CityDenver
Period10/12/15 → …

ASJC Scopus subject areas

  • Information Systems
  • Computer Science Applications

Fingerprint Dive into the research topics of 'Compliance control: Managed vulnerability surface in social-technological systems via signaling games'. Together they form a unique fingerprint.

  • Cite this

    Casey, W., Zhu, Q., Morales, J. A., & Mishra, B. (2015). Compliance control: Managed vulnerability surface in social-technological systems via signaling games. In MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015 (pp. 53-62). (MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015). Association for Computing Machinery, Inc. https://doi.org/10.1145/2808783.2808788