STAST-2012

Optimal Security Investments in Networks of Varying Size and Topology
Alan Nochenson C.F. Larry Heimann Slides for a paper presented at: Socio-Technical Aspects of Security and Trust 2012 Harvard University, Cambridge, MA

The problem of interdependent security

Previous research Kunreuther and Heal (2003) Model internal and external
risks faced by a set of airlines sharing airport facilities

risks faced by a set of airlines sharing airport facilities Heal and Kunreuther (2003) Revises previous model to account for heterogeneous populations

risks faced by a set of airlines sharing airport facilities Heal and Kunreuther (2003) Revises previous model to account for heterogeneous populations Grossklags, et al. (2008) Expand by adding additional security games, such as weakest-link and total-effort games

risks faced by a set of airlines sharing airport facilities Heal and Kunreuther (2003) Revises previous model to account for heterogeneous populations Grossklags, et al. (2008) Expand by adding additional security games, such as weakest-link and total-effort games Johnson, et al. (2010) Examine how infection probabilities can be reasonably estimated

risks faced by a set of airlines sharing airport facilities Heal and Kunreuther (2003) Revises previous model to account for heterogeneous populations Grossklags, et al. (2008) Expand by adding additional security games, such as weakest-link and total-effort games Johnson, et al. (2010) Examine how infection probabilities can be reasonably estimated Heimann and Nochenson (2012) Introduces loss proﬁles to capture differing degrees of loss suffered upon failure

The case for virus protection Alice A = worth of
Alice’s computer C = cost of full protection p = probability of suffering loss

The case for virus protection Alice

Two players Bob

Generalizing to n players Network with n players The utility
for player i

Player value and network size Mancur Olson’s classic work on
group behavior provides insight on people’s behavior in computer networks ... 1. Heterogeneous networks are more likely to be protected 2. Larger networks end up with less total protection

Impact of network topology Star Network

Impact of network topology Fully Connected Network

Other network topologies Ring Network Tree Network Bus Network

Future research • More work on topology and security decisions
• Intelligent attackers

Questions? These slides are available online at: https://speakerdeck.com/u/profh/p/stast-2012 Speaker Deck

STAST-2012

STAST-2012

profh

More Decks by profh

Other Decks in Research

Featured

Transcript

Optimal Security Investments in Networks of Varying Size and Topology

The problem of interdependent security

Previous research Kunreuther and Heal (2003) Model internal and external

Previous research Kunreuther and Heal (2003) Model internal and external

Previous research Kunreuther and Heal (2003) Model internal and external

Previous research Kunreuther and Heal (2003) Model internal and external

Previous research Kunreuther and Heal (2003) Model internal and external

The case for virus protection Alice A = worth of

The case for virus protection Alice

The case for virus protection Alice

Two players Bob

Two players Bob

Generalizing to n players Network with n players The utility

Player value and network size Mancur Olson’s classic work on

Impact of network topology Star Network

Impact of network topology Fully Connected Network

Other network topologies Ring Network Tree Network Bus Network

Future research • More work on topology and security decisions

Questions? These slides are available online at: https://speakerdeck.com/u/profh/p/stast-2012 Speaker Deck