Latest Funding News

  1. [September 2017] National Science Foundation, Secure &Trustworthy Cyberspace (SaTC) Program grant with PI: Shreyas Sundaram and Co-PI: Timothy Cason, “The Impacts of Human Decision-Making on Security and Robustness of Interdependent Systems”, 2017-20.

    Abstract: There is a substantial body of work in behavioral economics and psychology showing that people are only partially rational, and thus consistently deviate from classical economic theory. People's perceptions of risks, rewards, and losses can differ substantially from their true values, and these perceptions can have a significant impact on the investments made to protect the systems that the individuals are managing. The objective of this research is to understand the decisions people make to protect their computer systems using realistic models of behavioral decision-making. The research encompasses formal theory to rigorously analyze and predict the outcomes that should be expected under alternative models of behavioral decision-making, and laboratory experiments with human subjects to evaluate the predictions made by the theory and to identify new behavioral models. The research will tackle two specific classes of problems. First, it will identify the impact of behavioral decision-making in settings where different components of a large interconnected cyber-physical system are owned by different stakeholders, each deciding how much to invest in securing their owned assets. Second, it will characterize how decision-makers choose among different security technologies, open source and public versus closed source and proprietary, based on their perceived risks and rewards. The research will lead to a more complete understanding of the vulnerabilities that arise in large-scale interconnected systems, and guide us to the design of more secure systems, with corresponding societal benefits.

    This research systematically and rigorously characterizes the impact of behavioral deviations from optimal and unbounded rational choice in security settings. The work includes models of decision-making under risk and uncertainty, such as prospect theory, and how such models affect the behavior of agents who manage interdependent systems. The research brings together game-theoretic analysis to predict outcomes based on models of interacting humans and systems, computer security concepts to model how vulnerabilities are exploited and how attacks spread, and behavioral economics experiments to test the theoretical predictions and refine the models. The research is organized in two parts. The first part considers a class of interdependent security games on networks, where each player chooses security investments to protect nodes under her control; this work models applications such as multi-stakeholder SCADA systems. The research will encompass general formulations of attack probabilities, epidemic risks, attack graph models of system interdependencies, and the optimal design of networks to mitigate security vulnerabilities introduced by humans' decision-making. The second part considers a general class of common-pool resource management games, whereby players choose to split their utilization among multiple resources, each of which provides a certain rate-of-return and has a certain probability of failure. This class of games represents conditions in which decision-makers must choose between different public and proprietary security technologies. The research will characterize the impacts of prospect-theoretic decision-making and how users react to incentives provided by the resource operators or vendors. In both parts of the work, the research will identify how Nash equilibrium security investments and resource utilizations are affected by skewed perceptions of risks and rewards. Both parts include controlled behavioral economics experiments using human subjects that will evaluate the theoretical predictions and potentially yield new models of decision-making.

  2. [September 2017] Sandia National Labs contract with Co-PI: Shreyas Sundaram, “Algorithms for Secure and Distributed Mobile Intelligence, Surveillance, and Reconnaissance Platforms”, 2017-18.

    Abstract: We will consider a large team of mobile ISR platforms tasked with monitoring the state of an underlying dynamical process (such as a gas spreading over a region, movement of troops, vehicles, and targets on a battlefield, etc.). In this setting, we will formulate algorithms for the platforms to cooperatively estimate the global state of the dynamical process despite time-varying network topologies and failures and attacks on the communication links and platforms. Our research agenda is organized along two thrusts, and leverages our substantial prior work and expertise in these areas.

    Thrust 1: Algorithms to Create Self-organizing Networks of ISR Platforms

    Thrust 2: Algorithms for Distributed State Estimation


    Last update: October 3, 2017