Decentralization in Security: Consequences and Incentive Design
Lead PI:
Yevgeniy Vorobeychik
Abstract

In security, our concern is typically with securing a particular network, or eliminating security holes in a particular piece of software.  These are important, but they miss the fact that being secure is fundamentally about security of all constituent parts, rather that any single part in isolation. In principle, if we can control all the pieces of a system, we can secure all possible channels of attack.  Typically, system and security design of various components are performed by different agents, having varying and often conflicting interests. Our goal is to develop this framework, and associated computational tools to address security holistically, accounting for incentives of all the parties.

In particular, the project aspires to investigate the many facets of decentralization in security. The overarching aim is to answer the following three questions in a variety of relevant settings: 1) what does decentralization of security decisions and associated incentive misalignment imply for overall system security; 2) in the world of decentralized security decisions, how should an organization optimally secure itself; and 3) how can one design incentives or constraints to improve the overall system security.  Much of the project focus will be on interdependence of security decisions, giving rise to competing decision externalities: positive externalities, where securing one’s system reduces exposure risk for others, and negative externalities, where security of one system incentivizes the attacker to attack another. The former will tend to lead to under-investment in security; the latter are expect to push organizations to invest too much.

Yevgeniy Vorobeychik

Yevgeniy Vorobeychik is an Assistant Professor of Computer Science and Computer Engineering at Vanderbilt University. Previously, he was a Principal Member of Technical Staff at Sandia National Laboratories. Between 2008 and 2010 he was a post-doctoral research associate at the University of Pennsylvania Computer and Information Science department. He received Ph.D. (2008) and M.S.E. (2004) degrees in Computer Science and Engineering from the University of Michigan, and a B.S. degree in Computer Engineering from Northwestern University. His work focuses on game theoretic modeling of security, algorithmic and behavioral game theory and incentive design, optimization, complex systems, epidemic control, network economics, and machine learning. Dr. Vorobeychik has published over 60 research articles on these topics. Dr. Vorobeychik was nominated for the 2008 ACM Doctoral Dissertation Award and received honorable mention for the 2008 IFAAMAS Distinguished Dissertation Award. In 2012 he was nominated for the Sandia Employee Recognition Award for Technical Excellence. He was also a recipient of a NSF IGERT interdisciplinary research fellowship at the University of Michigan, as well as a distinguished Computer Engineering undergraduate award at Northwestern University.

Project URL