Security Games over Lexicographic Orders

Security is rarely single-dimensional and is in most practical instances a tradeoff between dependent, and occasionally conflicting goals. The simplest method of multi-criteria optimization and games with vector-valued payoffs, is transforming such games into ones with scalar payoffs, and looking for Pareto-optimal behavior. This usually requires an explicit weighting of security goals, whereas practice often only lets us rank security goals in terms of importance, but hardly admits a crisp numerical weight being assigned. This work picks up the issue of optimizing security goals in descending order of importance, coming to the computation of an optimal solution w.r.t. lexicographic orders. This is interesting in two ways, as it (i) is theoretically nontrivial since lexicographic orders do not generally admit representations by continuous utility functions, hence render Nash’s classical result inapplicable, and (ii) practically relevant since it avoids ambiguities by subjective (and perhaps unsupported) importance weight assignments. We corroborate our results by giving numerical examples, showing a method to design zero-sum games with a set of a-priori chosen Nash equilibria. This simple instance of mechanism design may be of independent interest.

[1]  I. Stanimirović,et al.  COMPENDIOUS LEXICOGRAPHIC METHOD FOR MULTI-OBJECTIVE OPTIMIZATION , 2012 .

[2]  Casey Rothschild,et al.  Adversarial risk analysis with incomplete information: a level-k approach. , 2012, Risk analysis : an official publication of the Society for Risk Analysis.

[3]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[4]  Ehud D. Karnin,et al.  On secret sharing systems , 1983, IEEE Trans. Inf. Theory.

[5]  David Banks,et al.  Adversarial Risk Analysis , 2015, IWSPA@CODASPY.

[6]  I. V. Konnov On Lexicographic Vector Equilibrium Problems , 2003 .

[7]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[8]  Wolter Pieters,et al.  An Adversarial Risk Analysis Framework for Cybersecurity , 2019, Risk analysis : an official publication of the Society for Risk Analysis.

[9]  R. J. McEliece,et al.  On sharing secrets and Reed-Solomon codes , 1981, CACM.

[10]  D. Avis,et al.  Enumeration of Nash equilibria for two-player games , 2010 .

[11]  Peter C. Fishburn,et al.  LEXICOGRAPHIC ORDERS, UTILITIES AND DECISION RULES: A SURVEY , 1974 .

[12]  M. Grabisch The application of fuzzy integrals in multicriteria decision making , 1996 .

[13]  M. Ehrgott A Characterization of Lexicographic Max-Ordering Solutions , 1999 .

[14]  I. Glicksberg A FURTHER GENERALIZATION OF THE KAKUTANI FIXED POINT THEOREM, WITH APPLICATION TO NASH EQUILIBRIUM POINTS , 1952 .

[15]  Stefan Rass,et al.  Game Theory for Security and Risk Management: From Theory to Practice , 2018 .

[16]  Marco Cococcioni,et al.  Lexicographic multi-objective linear programming using grossone methodology: Theory and algorithm , 2018, Appl. Math. Comput..

[17]  Włodzimierz Ogryczak,et al.  Lexicographic Max-Min Optimization for Efficient and Fair Bandwidth Allocation , 2007 .

[18]  Sandro Etalle,et al.  Risk and Business Goal Based Security Requirement and Countermeasure Prioritization , 2011, BIR Workshops.

[19]  M. Ehrgott Discrete Decision Problems, Multiple Criteria Optimization Classes and Lexicographic Max-Ordering , 1998 .

[20]  H. Isermann Linear lexicographic optimization , 1982 .

[21]  J. Harsanyi Oddness of the number of equilibrium points: A new proof , 1973 .

[22]  Alexander Zelikovsky,et al.  Multiobjective Games and Determining Pareto-Nash Equilibria , 2005 .

[23]  Wlodzimierz Ogryczak,et al.  On Direct Methods for Lexicographic Min-Max Optimization , 2006, ICCSA.

[24]  Florian Volk,et al.  Security of Sanitizable Signatures Revisited , 2009, Public Key Cryptography.

[25]  Juho Kim,et al.  Security Requirements Prioritization Based on Threat Modeling and Valuation Graph , 2011, ICHIT.