Threats from Inside:
Dynamic Utility (Mis)Alignments in an Agent based Model

William Casey¹, Jose Andre Morales¹⁺, and Bud Mishra²
 

¹Software Engineering Institute, Carnegie Mellon University, USA

wcasey@cmu.edu, jamorales@cert.org

²NYU Courant Institute, New York University, USA

mishra@nyu.edu

Abstract

We envision a game theoretic model of an organization so as to devise new mechanisms to improve compliance and reduce various insider threats – be it intentional or unintentional, while paying proportional attention to various intertwined issues: namely in the form of deception, privacy, trust, global utilities and stability. For this purpose, we primarily rely on a realistic formulation of classical information-asymmetric signaling games, in a repeated form, while allowing the agents to dynamically vary their strategic choices as their utilities get (mis)aligned. To better understand the multifaceted security concerns in existing and emerging multi-agent interactions within an organization, we map, model and analyze various challenging scenarios of threats: namely, those by design or those by negligence. We also describe a bridge to the future by investigating the extendability of the proposed mechanisms in a specific embodiment, where available meta-data is mined to model behavioral propensities of the agents. Simulation and empirical analysis indicate promising results for this approach to deliver new mechanisms and control regimes.

 

Keywords: Insider threat, game theory, signaling games, identity deception deterrence,
utility alignment

 

+: Corresponding author: Jose Andre Morales
Software Engineering Institute 4500 Fifth ave, Pittsburgh, PA 15213, Tel: +1-(412) 268-5800

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)

Vol. 7, No. 1, pp. 97-117, March 2016 [pdf]