Audit Games (CMU-CyLab-13-004)
نویسندگان
چکیده
Effective enforcement of laws and policies requires expending resources to prevent and detect offenders, as well as appropriate punishment schemes to deter violators. In particular, enforcement of privacy laws and policies in modern organizations that hold large volumes of personal information (e.g., hospitals, banks, and Web services providers) relies heavily on internal audit mechanisms. We study economic considerations in the design of these mechanisms, focusing in particular on effective resource allocation and appropriate punishment schemes. We present an audit game model that is a natural generalization of a standard security game model for resource allocation with an additional punishment parameter. Computing the Stackelberg equilibrium for this game is challenging because it involves solving an optimization problem with non-convex quadratic constraints. We present an additive FPTAS that efficiently computes a solution that is arbitrarily close to the optimal solution.
منابع مشابه
Audit Mechanisms for Provable Risk Management and Accountable Data Governance (CMU-CyLab-12-020)
Organizations that collect and use large volumes of personal information are expected under the principle of accountable data governance to take measures to protect data subjects from risks that arise from inapproriate uses of this information. In this paper, we focus on a specific class of mechanisms— audits to identify policy violators coupled with punishments—that organizations such as hospi...
متن کاملResults on Vertex Degree and K-Connectivity in Uniform S-Intersection Graphs (CMU-CyLab-14-004)
We present results related to the vertex degree in a uniform s-intersection graph which has received much interest recently. Specifically , we derive the probability distribution for the minimum vertex degree, and show that the number of vertices with an arbitrary degree converges to a Poisson distribution. A uniform s-intersection graph models the topology of a secure wireless sensor network e...
متن کاملA Logical Method for Policy Enforcement over Evolving Audit Logs (CMU-CyLab-11-002)
We present an iterative algorithm for enforcing policies represented in a first-order logic,which can, in particular, express all transmission-related clauses in the HIPAA Privacy Rule.The logic has three features that raise challenges for enforcement — uninterpreted predicates(used to model subjective concepts in privacy policies), real-time temporal properties, and quan-tifica...
متن کاملPurpose Restrictions on Information Use (CMU-CyLab-13-005)
Privacy policies in sectors as diverse as Web services, finance and healthcare often place restrictions on the purposes for which a governed entity may use personal information. Thus, automated methods for enforcing privacy policies require a semantics of purpose restrictions to determine whether a governed agent used information for a purpose. We provide such a semantics using a formalism base...
متن کامل