Managing the weakest link: A game-theoretic approach for the mitigation of insider threats

Laszka A., Johnson B., Schöttle P., Grossklags J., Böhme R.

Abstract
We introduce a two-player stochastic game for modeling secure team selection to add resilience against insider threats. A project manager, Alice, has a secret she wants to protect but must share with a team of individuals selected from within her organization; while an adversary, Eve, wants to learn this secret by bribing one potential team member. Eve does not know which individuals will be chosen by Alice, but both players have information about the bribeability of each potential team member. Specifically, the amount required to successfully bribe each such individual is given by a random variable with a known distribution but an unknown realization. We characterize best-response strategies for both players, and give necessary conditions for determining the game's equilibria. We find that Alice's best strategy involves minimizing the information available to Eve about the team composition. In particular, she should select each potential team member with a non-zero probability, unless she has a perfectly secure strategy. In the special case where the bribeability of each employee is given by a uniformly-distributed random variable, the equilibria can be divided into two outcomes - either Alice is perfectly secure, or her protection is based only on the randomness of her selection. © 2013 Springer-Verlag.

Keywords
Access Control; Computer Security; Cyberespionage; Game Theory; Insider Threats