Managing the weakest link: A game-theoretic approach for the mitigation of insider threats

Laszka A., Johnson B., Schöttle P., Grossklags J., Böhme R.


Abstract
We introduce a two-player stochastic game for modeling secure team selection to add resilience against insider threats. A project manager, Alice, has a secret she wants to protect but must share with a team of individuals selected from within her organization; while an adversary, Eve, wants to learn this secret by bribing one potential team member. Eve does not know which individuals will be chosen by Alice, but both players have information about the bribeability of each potential team member. Specifically, the amount required to successfully bribe each such individual is given by a random variable with a known distribution but an unknown realization. We characterize best-response strategies for both players, and give necessary conditions for determining the game's equilibria. We find that Alice's best strategy involves minimizing the information available to Eve about the team composition. In particular, she should select each potential team member with a non-zero probability, unless she has a perfectly secure strategy. In the special case where the bribeability of each employee is given by a uniformly-distributed random variable, the equilibria can be divided into two outcomes - either Alice is perfectly secure, or her protection is based only on the randomness of her selection. © 2013 Springer-Verlag.

Keywords
Access Control; Computer Security; Cyberespionage; Game Theory; Insider Threats



Publication type
Research article in proceedings (conference)

Peer reviewed
Yes

Publication status
Published

Year
2013

Conference
18th European Symposium on Research in Computer Security, ESORICS 2013

Venue
Egham, Großbritannien

Journal
Lecture notes in computer science

Start page
273

End page
290

Volume
null

Title of series
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Language
English

ISSN
1611-3349

ISBN
9783642402029

DOI

Full text