Thomas E. Carroll

A game theoretic investigation of deception in network security

We perform a game theoretic investigation of the effects of deception on the interactions between an attacker and a defender of a computer network. The defender can employ camouflage by either disguising a normal system as a honeypot or by disguising a honeypot as a normal system. We model the interactions between defender and attacker using a signaling game, a non-cooperative two player dynamic game of incomplete information. For this model, we determine which strategies admit perfect Bayesian equilibria. These equilibria are refined Nash equilibria in which neither the defender nor the attacker will unilaterally choose to deviate from their strategies. We discuss the benefits of employing deceptive equilibrium strategies in the defense of a computer network. Copyright

Analysis of network address shuffling as a moving target defense

Address shuffling is a type of moving target defense that prevents an attacker from reliably contacting a system by periodically remapping network addresses. Although limited testing has demonstrated it to be effective, little research has been conducted to examine the theoretical limits of address shuffling. As a result, it is difficult to understand how effective shuffling is and under what circumstances it is a viable moving target defense. This paper introduces probabilistic models that can provide insight into the performance of address shuffling. These models quantify the probability of attacker success in terms of network size, quantity of addresses scanned, quantity of vulnerable systems, and the frequency of shuffling. Theoretical analysis shows that shuffling is an acceptable defense if there is a small population of vulnerable systems within a large network address space, however shuffling has a cost for legitimate users. These results will also be shown empirically using simulation and actual traffic traces.

Strategyproof Mechanisms for Scheduling Divisible Loads in Bus-Networked Distributed Systems

The scheduling of arbitrarily divisible loads on a distributed system is studied by Divisible Load Theory (DLT). DLT has the underlying assumption that the processors will not cheat. In the real world, this assumption is unrealistic as the processors are owned and operated by autonomous rational organizations that have no a priori motivation for cooperation. Consequently, they will manipulate the algorithms if it benefits them to do so. In this work, we propose strategyproof mechanisms for scheduling divisible loads on three types of bus-connected distributed systems. These mechanisms provide incentives to the processors to obey the prescribed algorithms and to truthfully report their parameters, leading to an efficient load allocation and execution.

A Strategyproof Mechanism for Scheduling Divisible Loads in Distributed Systems

An important scheduling problem is the one in which there are no dependencies between tasks and the tasks can be of arbitrary size. This is known as the divisible load scheduling problem and was studied extensively resulting in a cohesive theory called divisible load theory (DLT). In this paper, we augment the existing divisible load theory with incentives. We develop a strategyproof mechanism for scheduling divisible loads in distributed systems assuming a bus type interconnection and a linear cost model for the processors. The mechanism provides incentives to processors such that it is beneficial for them to report their true processing power and process the assigned load using their full processing capacity. We define the strategyproof mechanism and prove its properties. We simulate and study the implementation of the mechanism on systems characterized by different parameters

VOLTTRON™: An agent platform for integrating electric vehicles and Smart Grid

The VOLTTRON™ platform provides a secure environment for the deployment of intelligent applications in the Smart Grid. The platforms design is based on the needs of control applications running on small form factor devices, namely security and resource guarantees. Services such as resource discovery, secure agent mobility, and interacting with smart and legacy devices are provided by the platform to ease the development of control applications and accelerate their deployment. VOLTTRON has been demonstrated in several different domains that influenced and enhanced its capabilities. This paper will discuss the features of VOLTTRON and highlight its usage to coordinate electric vehicle charging with home energy usage.

A Strategyproof Mechanism for Scheduling Divisible Loads in Linear Networks

In this paper we augment DLT (divisible load theory) with incentives such that it is beneficial for processors to report their true processing capacity and compute their assignments at full capacity. We propose a strategyproof mechanism with verification for scheduling divisible loads in linear networks with boundary load origination. The mechanism provides incentives to processors for reporting deviants. The deviants are penalized which abates their willingness to deviate in the first place. We prove that the mechanism is strategyproof and satisfies the voluntary participation condition.

A Game Theoretic Investigation of Deception in Network Security

We perform a game theoretic investigation of the effects of deception on the interactions between an attacker and a defender of a computer network. The defender can employ camouflage by either disguising a normal system as a honeypot, or by disguising a honeypot as a normal system. We model the interactions between defender and attacker using a signaling game, a non-cooperative two player dynamic game of incomplete information. For this model, we determine which strategies admit perfect Bayesian equilibria. These equilibria are refined Nash equilibria in which neither the defender nor the attacker will unilaterally choose to deviate from their strategies. We discuss the benefits of employing deceptive equilibrium strategies in the defense of a computer network.

Security and privacy grand challenges for the Internet of Things

The growth of the Internet of Things (IoT) is driven by market pressures, and while security is being considered, the relationship between the unintended consequences of billions of such devices connecting to the Internet cannot be described with existing mathematical methods. The possibilities for unintended surveillance through lifestyle analysis, unauthorized access to information, and new attack vectors will continue to increase by 2020, when up to 50 billion devices may be connected. This paper discusses various kinds of vulnerabilities that can be expected to arise, and presents a research agenda for mitigating the worst of the impacts. We hope to draw research attention to the potential dangers of IoT so that many of these problems can be avoided.

Selfish Multi-User Task Scheduling

In this paper we formulate and study a new scheduling problem called selfish multi-user task scheduling. This problem assumes that there are several users, each of them having multiple tasks that need processing on a set of parallel identical machines. Each user is selfish and her goal is to minimize the makespan of her own tasks. We model this problem as a non-cooperative, extensive-form game. We use the subgame perfect equilibrium solution concept to analyze the game which provides insight into the problems properties. We compute the price of anarchy to quantify the costs due to lack of coordination among the users

A secure and efficient voter-controlled anonymous election scheme

We propose an electronic voting (e-voting) scheme that combines user-centric mix networks with voter-verifiable receipts. Unlike traditional mixnet-based e-voting schemes, our scheme empowers voters; the voters themselves decide the degree of anonymity required. Voters requiring a greater degree of anonymity obtain it by performing several protocol iterations. The proposed scheme utilizes incoercible, voter-verifiable receipts. It is robust as no reasonable-sized coalition can interfere with the correct operation. Finally, it is efficient as the number of transmitted messages increases linearly with the number of voters.