TASHAROK: Using Mechanism Design for Enhancing Security Resource Allocation in Interdependent Systems

Mustafa Abdallah; Daniel Woods; Parinaz Naghizadeh; Issa Khalil; Timothy Cason; Shreyas Sundaram; Saurabh Bagchi

doi:10.1109/SP46214.2022.9833591

TASHAROK: Using Mechanism Design for Enhancing Security Resource Allocation in Interdependent Systems

Mustafa Abdallah, Daniel Woods, Parinaz Naghizadeh, Issa Khalil, Timothy Cason, Shreyas Sundaram, Saurabh Bagchi

Qatar Computing Research Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

10 Citations (Scopus)

Abstract

We consider interdependent systems managed by multiple defenders that are under the threat of stepping-stone attacks. We model such systems via game-theoretic models and incorporate the effect of behavioral probability weighting that is used to model biases in human decision-making, as descended from the field of behavioral economics. We then incorporate into our framework called TASHAROK, two types of tax-based mechanisms for such interdependent security games where the central regulator incentivizes defenders to invest well in securing their assets so as to achieve the socially optimal outcome. We first show that due to the nature of our interdependent security game, no reliable tax-based mechanism can incentivize the socially optimal investment profile while maintaining a weakly balanced budget. We then show the effect of behavioral probability weighting bias on the amount of taxes paid by defenders, and prove that higher biases make defenders pay more taxes under the two mechanisms. We then explore voluntary participation in tax-based mechanisms. To evaluate our mechanisms, we use four representative real-world interdependent systems where we compare the game-theoretic optimal investments to the socially optimal investments under the two mechanisms. We show that the mechanisms yield higher decrease in the social cost for behavioral decision-makers compared to rational decision-makers.

Original language	English
Title of host publication	Proceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	249-266
Number of pages	18
ISBN (Electronic)	9781665413169
DOIs	https://doi.org/10.1109/SP46214.2022.9833591
Publication status	Published - 2022
Event	43rd IEEE Symposium on Security and Privacy, SP 2022 - San Francisco, United States Duration: 23 May 2022 → 26 May 2022

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
Volume	2022-May
ISSN (Print)	1081-6011

Conference

Conference	43rd IEEE Symposium on Security and Privacy, SP 2022
Country/Territory	United States
City	San Francisco
Period	23/05/22 → 26/05/22

Keywords

Attack graphs.
Behavioral decision-making
Interdependent systems
Mechanism design
Security games

Access to Document

10.1109/SP46214.2022.9833591

Cite this

Abdallah, M., Woods, D., Naghizadeh, P., Khalil, I., Cason, T., Sundaram, S., & Bagchi, S. (2022). TASHAROK: Using Mechanism Design for Enhancing Security Resource Allocation in Interdependent Systems. In Proceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022 (pp. 249-266). (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2022-May). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SP46214.2022.9833591

@inproceedings{9ef3d5d80de345f78f74ddb5237aa940,

title = "TASHAROK: Using Mechanism Design for Enhancing Security Resource Allocation in Interdependent Systems",

abstract = "We consider interdependent systems managed by multiple defenders that are under the threat of stepping-stone attacks. We model such systems via game-theoretic models and incorporate the effect of behavioral probability weighting that is used to model biases in human decision-making, as descended from the field of behavioral economics. We then incorporate into our framework called TASHAROK, two types of tax-based mechanisms for such interdependent security games where the central regulator incentivizes defenders to invest well in securing their assets so as to achieve the socially optimal outcome. We first show that due to the nature of our interdependent security game, no reliable tax-based mechanism can incentivize the socially optimal investment profile while maintaining a weakly balanced budget. We then show the effect of behavioral probability weighting bias on the amount of taxes paid by defenders, and prove that higher biases make defenders pay more taxes under the two mechanisms. We then explore voluntary participation in tax-based mechanisms. To evaluate our mechanisms, we use four representative real-world interdependent systems where we compare the game-theoretic optimal investments to the socially optimal investments under the two mechanisms. We show that the mechanisms yield higher decrease in the social cost for behavioral decision-makers compared to rational decision-makers.",

keywords = "Attack graphs., Behavioral decision-making, Interdependent systems, Mechanism design, Security games",

author = "Mustafa Abdallah and Daniel Woods and Parinaz Naghizadeh and Issa Khalil and Timothy Cason and Shreyas Sundaram and Saurabh Bagchi",

note = "Publisher Copyright: {\textcopyright} 2022 IEEE.; 43rd IEEE Symposium on Security and Privacy, SP 2022 ; Conference date: 23-05-2022 Through 26-05-2022",

year = "2022",

doi = "10.1109/SP46214.2022.9833591",

language = "English",

series = "Proceedings - IEEE Symposium on Security and Privacy",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "249--266",

booktitle = "Proceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022",

address = "United States",

}

Abdallah, M, Woods, D, Naghizadeh, P, Khalil, I, Cason, T, Sundaram, S & Bagchi, S 2022, TASHAROK: Using Mechanism Design for Enhancing Security Resource Allocation in Interdependent Systems. in Proceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022. Proceedings - IEEE Symposium on Security and Privacy, vol. 2022-May, Institute of Electrical and Electronics Engineers Inc., pp. 249-266, 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, United States, 23/05/22. https://doi.org/10.1109/SP46214.2022.9833591

TASHAROK: Using Mechanism Design for Enhancing Security Resource Allocation in Interdependent Systems. / Abdallah, Mustafa; Woods, Daniel; Naghizadeh, Parinaz et al.
Proceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022. Institute of Electrical and Electronics Engineers Inc., 2022. p. 249-266 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2022-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - TASHAROK

T2 - 43rd IEEE Symposium on Security and Privacy, SP 2022

AU - Abdallah, Mustafa

AU - Woods, Daniel

AU - Naghizadeh, Parinaz

AU - Khalil, Issa

AU - Cason, Timothy

AU - Sundaram, Shreyas

AU - Bagchi, Saurabh

PY - 2022

Y1 - 2022

N2 - We consider interdependent systems managed by multiple defenders that are under the threat of stepping-stone attacks. We model such systems via game-theoretic models and incorporate the effect of behavioral probability weighting that is used to model biases in human decision-making, as descended from the field of behavioral economics. We then incorporate into our framework called TASHAROK, two types of tax-based mechanisms for such interdependent security games where the central regulator incentivizes defenders to invest well in securing their assets so as to achieve the socially optimal outcome. We first show that due to the nature of our interdependent security game, no reliable tax-based mechanism can incentivize the socially optimal investment profile while maintaining a weakly balanced budget. We then show the effect of behavioral probability weighting bias on the amount of taxes paid by defenders, and prove that higher biases make defenders pay more taxes under the two mechanisms. We then explore voluntary participation in tax-based mechanisms. To evaluate our mechanisms, we use four representative real-world interdependent systems where we compare the game-theoretic optimal investments to the socially optimal investments under the two mechanisms. We show that the mechanisms yield higher decrease in the social cost for behavioral decision-makers compared to rational decision-makers.

AB - We consider interdependent systems managed by multiple defenders that are under the threat of stepping-stone attacks. We model such systems via game-theoretic models and incorporate the effect of behavioral probability weighting that is used to model biases in human decision-making, as descended from the field of behavioral economics. We then incorporate into our framework called TASHAROK, two types of tax-based mechanisms for such interdependent security games where the central regulator incentivizes defenders to invest well in securing their assets so as to achieve the socially optimal outcome. We first show that due to the nature of our interdependent security game, no reliable tax-based mechanism can incentivize the socially optimal investment profile while maintaining a weakly balanced budget. We then show the effect of behavioral probability weighting bias on the amount of taxes paid by defenders, and prove that higher biases make defenders pay more taxes under the two mechanisms. We then explore voluntary participation in tax-based mechanisms. To evaluate our mechanisms, we use four representative real-world interdependent systems where we compare the game-theoretic optimal investments to the socially optimal investments under the two mechanisms. We show that the mechanisms yield higher decrease in the social cost for behavioral decision-makers compared to rational decision-makers.

KW - Attack graphs.

KW - Behavioral decision-making

KW - Interdependent systems

KW - Mechanism design

KW - Security games

UR - http://www.scopus.com/inward/record.url?scp=85135893765&partnerID=8YFLogxK

U2 - 10.1109/SP46214.2022.9833591

DO - 10.1109/SP46214.2022.9833591

M3 - Conference contribution

AN - SCOPUS:85135893765

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 249

EP - 266

BT - Proceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 23 May 2022 through 26 May 2022

ER -

Abdallah M, Woods D, Naghizadeh P, Khalil I, Cason T, Sundaram S et al. TASHAROK: Using Mechanism Design for Enhancing Security Resource Allocation in Interdependent Systems. In Proceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022. Institute of Electrical and Electronics Engineers Inc. 2022. p. 249-266. (Proceedings - IEEE Symposium on Security and Privacy). doi: 10.1109/SP46214.2022.9833591

TASHAROK: Using Mechanism Design for Enhancing Security Resource Allocation in Interdependent Systems

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this