Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Catching spies by math
Dusko PavlovicKestrel, Oxford, Twente
DagstuhlAugust 2010
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Outline
Problem: Spying, treason and betrayal
Background: Security as a process
Solution: Spectral decomposition of trust
Problem 2.0: Privacy
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Outline
Problem: Spying, treason and betrayal
Background: Security as a process
Solution: Spectral decomposition of trust
Problem 2.0: Privacy
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Examples of insider threats
The insider may "write down"
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Examples of insider threats
. . . or may cause the main damage by being caught
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Examples of insider threats
. . . or may be used to conceal the real traitor
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Examples of insider threats
. . . or to justify oppressive policies
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Security measures against insider threats
Quartering is reserved for the traitors
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Security measures against insider threats
. . . as well as the deepest (9th) circle of Hell.
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Questions
! Why is the insider threat so threatening?
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Questions
! Why is the insider threat so threatening?
! Do the computers bring in anything new?
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Outline
Problem: Spying, treason and betrayal
Background: Security as a process
Security statics and dynamics
Trust
Adverse selection of trust
Solution: Spectral decomposition of trust
Problem 2.0: Privacy
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Security architecture
! secure perimeter (! cryptography)! secure access (! protocols)
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Security architectureSchloss Dagstuhl
1. glacis
2. moat3. rampart
4. bastions
5. main castle
6. well7. artist’s cottage
8. moat with the bridge tothe main castle
9. bailey (ward)10. moat with the bridge to
the bailey
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Security architectureSchloss Dagstuhl
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Security process
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Security threats
! static:! attacks on the perimeter: cryptanalysis! attacks on the access: breaking protocols
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Security threats
! static:! attacks on the perimeter: cryptanalysis! attacks on the access: breaking protocols
! dynamic:! moles: dishonest, but trusted! defectors: first trustworthy, later dishonest
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Security threats
! static: ! outside! attacks on the perimeter: cryptanalysis! attacks on the access: breaking protocols
! dynamic: ! inside! moles: dishonest, but trusted! defectors: first trustworthy, later dishonest
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Authentication and trust! A is authenticated using A1 that she
!""#""$
knowshasis
%""&""'
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Authentication and trust! A is authenticated using A1 that she
!""#""$
knowshasis
%""&""'
! A1 is authenticated using A2 that she!""#""$
knowshasis
%""&""'
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Authentication and trust! A is authenticated using A1 that she
!""#""$
knowshasis
%""&""'
! A1 is authenticated using A2 that she!""#""$
knowshasis
%""&""'
! A2 is authenticated using A3 that she!""#""$
knowshasis
%""&""'
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Authentication and trust! A is authenticated using A1 that she
!""#""$
knowshasis
%""&""'
! A1 is authenticated using A2 that she!""#""$
knowshasis
%""&""'
! A2 is authenticated using A3 that she!""#""$
knowshasis
%""&""'
! . . .
! (turtles all the way down)
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Authentication and trust! A is authenticated using A1 that she
!""#""$
knowshasis
%""&""'
! A1 is authenticated using A2 that she!""#""$
knowshasis
%""&""'
! A2 is authenticated using A3 that she!""#""$
knowshasis
%""&""'
! . . .
! (turtles all the way down)
! . . .
! TRUST
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Trust cycle
Building trust
Using trustscores
feedback
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Building trust
A pattern matrix of a trust network can be built by
! trustor’s own experience! social networks
! collaborative rating and recommendation! Amazon, Ebay,. . .
! surveillance and indexing of the network! credit card operators, credit rating and directmarketing agencies, Google, Amazon, DHS, NSA,. . .
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Building trust
OS
.351.12 1.02
.211.57
".56
.35
a
b
c
d
I
II
III
.83
1.25
1.051.13
a b c dI 1.25 1.05 1.12 1.57II .83 1.13 1.02 .35III 0 .35 .21 -.56
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Building trust
OS
.351.12 1.02
.211.57
".56
.35
a
b
c
d
I
II
III
.83
1.25
1.051.13
M =
())))))))))*
1.25 1.05 1.12 1.57.83 1.13 1.02 .350 .35 .21 ".56
+,,,,,,,,,,-
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Using and updating trust
OS
Xu(t + 1) i
Prob.Xu(t + 1) = i
/= C(t)Miu(t)
(where C(t) = 1"!0i#OMiu (t)
)
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Building and updating trust
E.g., trustor’s private update rule can be
Miu(t + 1) =
!""""""""""#""""""""""$
Miu(t) if i " Xu(t + 1)0 if i = Xu, not satisfactory1 if i = Xu, satisfactory, new1+Miu(t) if i = Xu, satisfactory, not new
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Adverse selection of trust
TRUSTE-certified uncertifiedhonest 94.6% 97.5%malicious 5.4% 2.5 %
Table: Trustworthyness of TRUSTE [Edelman 2007]
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Adverse selection of trust
Googlesponsored organic
top 4.44% 2.73%top 3 5.33% 2.93 %top 10 5.89% 2.74 %top 50 5.93% 3.04 %
Table: Malicious search engine placements [Edelman 2007]
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Adverse selection of trust
Yahoo!sponsored organic
top 6.35% 0.00%top 3 5.72% 0.35 %top 10 5.14% 1.47 %top 50 5.40% 1.55 %
Table: Malicious search engine placements [Edelman 2007]
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Adverse selection of trust
Asksponsored organic
top 7.99% 3.23%top 3 7.99% 3.24 %top 10 8.31% 2.94 %top 50 8.20% 3.12 %
Table: Malicious search engine placements [Edelman 2007]
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Adverse selection of trust
"Pillars of the society" phenomenon
! social hubs are more often corrupt! the rich are more often thieves! the most trusted are more often traitors
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Trust is like money
Preferential attachment
The rich get richer
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Trust is like money
Preferential attachment
The rich get richer
Power law distribution
Theft is more profitable when there are very rich people(heavy tails)
Catching spies
D. Pavlovic
Problem
BackgroundStatics and dinamics
Trust
Adverse selection
Solution
Problem 2.0
Trust is like money
Preferential attachment
The rich get richer
Power law distribution
Theft is more profitable when there are very rich people(heavy tails)
Abstraction
Theft is easier when there are untraceable carriers("Non olet")
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Outline
Problem: Spying, treason and betrayal
Background: Security as a process
Solution: Spectral decomposition of trust
Singular Value Decomposition
Find the traitor
Problem 2.0: Privacy
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Correlations
Definition
The correlations between the pairs u, v # S and i , j # Oare defined
Suv =1
i#OMiuMiv Oij =
1
u#SMiuMju
The correlation matrices are thus
S = M ·M$ O = M$ ·M
where M$ denotes the transposed matrix.
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Remarks! For a trustor u # S, the vector Su # RS consists ofthe correlations Suv for v # S.
! The vector Su can be viewed the trust communitywith the strongest correlations with u.
! For a trustor community u # RS, the vector Su # RSis the community with the strongest correlations withu.
! A community w has the strongest correlationsamong its members if Sw is colinear with w, i.e. if
Sw = "w
for some " # R.! This means that w is an eigenvector of the S.
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Communities
Definition
A community of subjects (resp. of objects) is aneigenspace of the correlation matrix S (resp. O). Wedenote by 2S (resp. 2O) the set of the trust communities ofsubjects (resp. objects).
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Concepts
Lemma
The trust communities of subjects and objects are inone-to-one correspondence: the trust matrixM = (Miu)S%O induces a bijection # : 2S "& 2O.
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Concepts
Lemma
The trust communities of subjects and objects are inone-to-one correspondence: the trust matrixM = (Miu)S%O induces a bijection # : 2S "& 2O.
Definition
A trust concept induced by the trust matrix M is a pair! = 'u, i( # 2S % 2O, such that #(u) = i.
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Concept mining by spectral decomposition
Proposition
The pattern matrix M = (Miu)O%S decomposes to
M = V"U$
RS ROM
R2S R
2O!
VV$UU$
! " is an invertible diagonal matrix, whereas! U and V are isometries.
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Concept mining by spectral decomposition
Proposition
This decomposition is unique up a permutation on 2S,which lifts to 2O along # (or the other way around).
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Find the spy
OS
.351.12 1.02
.211.57
".56
.35
a
b
c
d
I
II
III
.83
1.25
1.051.13
M =
())))))))))*
1.25 1.05 1.12 1.57.83 1.13 1.02 .350 .35 .21 ".56
+,,,,,,,,,,-
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Spectral decomposition
())))))))))*
1.25 1.05 1.12 1.57.83 1.13 1.02 .350 .35 .21 ".56
+,,,,,,,,,,-=
())))))))))*
.83 ".4
.55 .60 .7
+,,,,,,,,,,-·
()))))*3 00 1
+,,,,,- ·
())))))))))))))))*
.5 0
.5 .5
.5 .3
.5 ".8
+,,,,,,,,,,,,,,,,-
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Trust concepts
OS E
.5
.3
.5
.5
.83 I
II
III
a
b
c
d ".8
.5
.5 .55".4
.6
.7
3
1
"1
"2
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Trust concepts
OS E
.5
.3
.5
.5
.83 I
II
III
a
b
c
d ".8
.5
.5 .55".4
.6
.7
3
1
"1
"2
! traitor: 2!2 ) "!1 ) 0
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Trust concepts
OS E
.5
.3
.5
.5
.83 I
II
III
a
b
c
d ".8
.5
.5 .55".4
.6
.7
3
1
"1
"2
! traitor: 2!2 ) "!1 ) 0
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Trust concepts
OS E
.5
.3
.5
.5
.83 I
II
III
a
b
c
d ".8
.5
.5 .55".4
.6
.7
3
1
"1
"2
! traitor: 2!2 ) "!1 ) 0! disident: !2 * 2!1 * 0
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Trust concepts
Comment
The trust concepts are genuinely new information,generated by the network.
Catching spies
D. Pavlovic
Problem
Background
SolutionSVD
Find the traitor
Problem 2.0
Trust concepts
Comment
The trust concepts are genuinely new information,generated by the network.
A traitor is not recognized from a previously learnedprofile, but extracted from network dynamics as anintrinsic singularity.
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Outline
Problem: Spying, treason and betrayal
Background: Security as a process
Solution: Spectral decomposition of trust
Problem 2.0: Privacy
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Problem 2.0
! detect malicious insiders
! respect the privacy of others
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Problem 2.0
! detect malicious insiders! learn the nodes from the threat simplex
! respect the privacy of others! do not learn any other predicates
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Problem 2.0: Statistical data base filtering
Dalenius’ Desideratum (1977)
"Anything that can be learned about a respondent from astatistical database should be learnable without theaccess to the database."
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Problem 2.0: Statistical data base filtering
Dalenius’ Desideratum (1977)
"Anything that can be learned about a respondent from astatistical database should be learnable without theaccess to the database."
Impossible
For every statistical database A with an incompleterecord RA + R, there is a database B with an incompleterecord RB + R such that the complete record R can bederived from RA and RB.
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Upshot
! Data privacy is like DRM! inference control against the users
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Upshot
! Data privacy is like DRM! inference control against the users
! The insider threats are mitigated by network analysis! not data mining, but concept mining
Catching spies
D. Pavlovic
Problem
Background
Solution
Problem 2.0
Upshot
! Data privacy is like DRM! inference control against the users
! The insider threats are mitigated by network analysis! not data mining, but concept mining
! The tradeoff between trust and privacy is not atechnical problem
! resolved through battling out the political powers ofthe stakeholders