Team for Research in
Ubiquitous Secure Technology

The Price of Uncertainty in Security Games
Jens Grossklags, Benjamin Johnson, Nicolas Christin

Citation
Jens Grossklags, Benjamin Johnson, Nicolas Christin. "The Price of Uncertainty in Security Games". Proceedings (online) of the 8th Workshop on Economics of Information Security, June, 2009.

Abstract
In the realm of information security, lack of information about other users’ incentives in a network can lead to inefficient security choices and reductions in individuals’ payoffs. We propose, contrast and compare three metrics for measuring the price of uncertainty due to the departure from the payoff-optimal security outcomes under complete information. Per the analogy with other efficiency metrics, such as the price of anarchy, we define the price of uncertainty as the maximum discrepancy in expected payoff in a complete information environment versus the payoff in an incomplete information environment. We consider difference, payoff-ratio, and cost-ratio metrics as canonical nontrivial measurements of the price of uncertainty. We conduct an algebraic, numerical, and graphical analysis of these metrics applied to different well-studied security scenarios proposed in prior work (i.e., best shot, weakest-link, and total effort). In these scenarios, we study how a fully rational expert agent could utilize the metrics to decide whether to gather information about the economic incentives of multiple nearsighted and naive agents. We find substantial differences between the various metrics and evaluate the appropriateness for security choices in networked systems.

Electronic downloads

Citation formats  
  • HTML
    Jens Grossklags, Benjamin Johnson, Nicolas Christin. <a
    href="http://www.truststc.org/pubs/659.html"
    >The Price of Uncertainty in Security Games</a>,
    Proceedings (online) of the 8th Workshop on Economics of
    Information Security, June, 2009.
  • Plain text
    Jens Grossklags, Benjamin Johnson, Nicolas Christin.
    "The Price of Uncertainty in Security Games".
    Proceedings (online) of the 8th Workshop on Economics of
    Information Security, June, 2009.
  • BibTeX
    @inproceedings{GrossklagsJohnsonChristin09_PriceOfUncertaintyInSecurityGames,
        author = {Jens Grossklags and Benjamin Johnson and Nicolas
                  Christin},
        title = {The Price of Uncertainty in Security Games},
        booktitle = {Proceedings (online) of the 8th Workshop on
                  Economics of Information Security},
        month = {June},
        year = {2009},
        abstract = {In the realm of information security, lack of
                  information about other users’ incentives in a
                  network can lead to inefficient security choices
                  and reductions in individuals’ payoffs. We
                  propose, contrast and compare three metrics for
                  measuring the price of uncertainty due to the
                  departure from the payoff-optimal security
                  outcomes under complete information. Per the
                  analogy with other efficiency metrics, such as the
                  price of anarchy, we define the price of
                  uncertainty as the maximum discrepancy in expected
                  payoff in a complete information environment
                  versus the payoff in an incomplete information
                  environment. We consider difference, payoff-ratio,
                  and cost-ratio metrics as canonical nontrivial
                  measurements of the price of uncertainty. We
                  conduct an algebraic, numerical, and graphical
                  analysis of these metrics applied to different
                  well-studied security scenarios proposed in prior
                  work (i.e., best shot, weakest-link, and total
                  effort). In these scenarios, we study how a fully
                  rational expert agent could utilize the metrics to
                  decide whether to gather information about the
                  economic incentives of multiple nearsighted and
                  naive agents. We find substantial differences
                  between the various metrics and evaluate the
                  appropriateness for security choices in networked
                  systems.},
        URL = {http://www.truststc.org/pubs/659.html}
    }
    

Posted by Nicolas Christin on 28 Mar 2010.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.