Award Abstract # 1528167
TWC SBE: Small: Establishing market based mechanisms for CYBer security information EXchange (CYBEX)

NSF Org: SES
Division of Social and Economic Sciences
Recipient: BOARD OF REGENTS OF THE NEVADA SYSTEM OF HIGHER ED
Initial Amendment Date: September 2, 2015
Latest Amendment Date: March 2, 2018
Award Number: 1528167
Award Instrument: Standard Grant
Program Manager: Sara Kiesler
skiesler@nsf.gov  (703)292-8643
SES  Division of Social and Economic Sciences
SBE  Directorate for Social, Behavioral and Economic Sciences
Start Date: September 1, 2015
End Date: August 31, 2019 (Estimated)
Total Intended Award Amount: $329,658.00
Total Awarded Amount to Date: $351,578.00
Funds Obligated to Date: FY 2015 = $329,658.00
FY 2016 = $8,000.00
FY 2018 = $13,920.00
History of Investigator:
  • Shamik Sengupta (Principal Investigator)
     ssengupta@unr.edu
Recipient Sponsored Research Office: Board of Regents, NSHE, obo University of Nevada, Reno
 1664 N VIRGINIA ST # 285
 RENO
 NV  US  89557-0001
(775)784-4040
Sponsor Congressional District: 02
Primary Place of Performance: Board of Regents, NSHE, obo University of Nevada, Reno
 1664 North Virginia Street
 Reno
 NV  US  89557-0001
Primary Place of Performance
Congressional District:		 02
Unique Entity Identifier (UEI): WLDGTNCFFJZ3
Parent UEI: WLDGTNCFFJZ3
NSF Program(s): Secure &Trustworthy Cyberspace
Primary Program Source: 01001516DB NSF RESEARCH & RELATED ACTIVIT
01001617DB NSF RESEARCH & RELATED ACTIVIT
01001819DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 025Z, 065Z, 7434, 7923, 9150, 9178, 9179, 9251
Program Element Code(s): 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.075

ABSTRACT

Robust cybersecurity information sharing infrastructure is required to protect the firms from future cyber attacks which might be difficult to achieve via individual effort. The United States federal government clearly encourage the firms to share their discoveries on cybersecurity breach and patch related information with other federal and private firms for strengthening the nation's security infrastructure. The goal of this project is to develop an interdisciplinary research platform to investigate the framework and benefits of breach-related vulnerability information sharing and analyze the effect of not participating in the process of information exchange. The outcome of this project has a profound impact on the evolution of CYBer security information EXchange (CYBEX) architecture and the level of interaction desired among firms (private, public or federal) to defend proactively in the ever-growing cyberspace. The research has both direct and indirect impact on mentoring, hands-on learning, education and training. Graduate and Undergraduate students (including minority and women) participating in this project are involved in interdisciplinary research and learning problem solving skills taking into account different viewpoints, namely, cybersecurity, information-exchange, economics, decision analysis and practical system implementation.

By using micro and macro-economic theory as a substrate, this project establishes market based mechanisms for enabling cyber security information exchange (CYBEX) among firms to protect the cyberspace proactively against cyber attacks. This research investigates how cyberinsurance can be modeled and thereafter can be augmented with the information sharing format and framework to encourage firms to participate in CYBEX more effectively. The transformative nature of the proposed research lies in its potential to identify, model, and analyze the multi-dimensional robust cybersecurity information sharing infrastructure along with development of CYBEX emulator environment. The information sharing framework is also extended to the cloud domain that carries challenges to model the cloud attackers and incentive mechanisms to motivate the firms toward such sharing behavior. More Specifically, the outcomes of the project demonstrate: a) the potential of CYBEX in sharing the burden of cybersecurity and making the cyberspace more robust; b) multi-layer competitions and dynamics among CYBEX entities infiltrated with malicious entities; c) necessity of cyberinsurance and market oriented approach for better cybersecurity information utilization; and, d) the far-reaching impacts of interdisciplinary CYBEX research in terms of socio-economic value, technology and educational outreach programs.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

(Showing: 1 - 10 of 20)
A. Walker, M. F. Amjad and S. Sengupta "Cuckoos Malware Threat Scoring and Classification: Friend or Foe?" IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC) , 2019
C. Kamhoua, A. Martin, D. K. Tosh, K. A. Kwiat, C. Heitzenrater and S. Sengupta "Cyber-Threats Information Sharing in Cloud Computing: A Game Theoretic Approach" IEEE 2nd International Conference on Cyber Security and Cloud Computing , 2015
C. Kamhoua,, A. Martin, D. Tosh, K. Kwiat, C. Heitzenrater, S. Sengupta "Cyber-threats Information Sharing in Cloud Computing: A game Theoretic Approach" IEEE CSCloud, 2015 , 2015
Deepak K. Tosh, Iman Vakilinia, Sachin Shetty, Shamik Sengupta, Charles A. Kamhoua, Laurent Njilla, Kevin Kwiat "Three Layer Game Theoretic Decision Framework for Cyber-Investment and Cyber-Insurance" Decision and Game Theory for Security (GameSec 2017) , 2017
Deepak Tosh, Shamik Sengupta, Charles A. Kamhoua, Kevin A. Kwiat "Establishing Evolutionary Game Models for CYBer security information EXchange (CYBEX)" Elsevier Special Issue on Cyber security in the Critical Infrastructure: Advances and Future Directions , 2016
D. K. Tosh, S. Sengupta, S. Mukhopadhyay, C. A. Kamhoua and K. A. Kwiat "Game Theoretic Modeling to Enforce Security Information Sharing among Firms" IEEE 2nd International Conference on Cyber Security and Cloud Computing , 2015
D. Tosh, I. Vakilinia, S. Shetty, S. Sengupta, C. Kamhoua, L. Njilla, K. Kwiat "Three Layer Game Theoretic Decision Framework for Cyber-Investment and Cyber-Insurance" International Conference on Decision and Game Theory for Security , 2017
D. Tosh, S. Sengupta, C. Kamhoua, K. Kwiat "Establishing Evolutionary Game Models for CYBer security information EXchange (CYBEX)" Elsevier Journal of Computer and System Sciences , v.98 , 2018
D. Tosh, S. Sengupta, S. Mukhopadhyay, C. Kamhoua, K. Kwiat "Game Theoretic Modeling to Enforce Security Information Sharing among Firms" IEEE CSCloud, 2015 , 2015
Iman Vakilinia and Shamik Sengupta "A Coalitional Game Theory Approach for Cybersecurity Information Sharing" IEEE MILCOM , 2017
Iman Vakilinia, Deepak Tosh and Shamik Sengupta "3-way Game Model for Privacy-Preserving Cybersecurity Information Exchange Framework" IEEE MILCOM , 2017
(Showing: 1 - 10 of 20)

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

In this project, by using micro and macro-economic theory as a substrate, we establish market-based mechanisms for enabling Cyber Security Information Exchange (CYBEX). The transformative nature of the research lies in its potential to identify, model, and analyze the competition process among entities inhabiting the evolutionary and adaptive multi-dimensional environment with intertwined competitions. Specifically, the outcomes of the project help us to understand the following: a) Can CYBEX help us share the burden of cybersecurity; b) Multi-layer competitions and dynamics in CYBEX entities coexisting with malicious entities; c) Necessity of cyber-insurance and market-oriented approach for better cybersecurity information utilization; and, d) The far-reaching impacts of inter-disciplinary CYBEX research, in terms of socio-economic value, technology and educational outreach programs.

We foresee the outcome of this project to have a broader impact on the evolution of CYBEX networks and policies. Since we are already witnessing some approaches toward CYBEX, the outcomes of this research can guide the efficient design of future systems.

More specifically, the key outcomes have been:

This research project investigates and analyzes how cyber-attacks and cyber-crimes can be eradicated via collaborative information sharing among firms instead of working and investing individually. The collaborative effort is facilitated via sharing of breach related information with other competing firms; however, a proper incentive framework is required which can self-enforce the firms to voluntarily share their security information and can make suitable security investments to develop stronger countermeasures. In this research, we have shown how a simultaneous CYBEX game can be modeled. We proposed an incentive framework by considering positive and negative aspects of breach/patch information sharing and security technology investment. The incentive model is analyzed under scenarios of varying investment levels and sharing intentions of the considered firms as well as from competing firms' perspective. It is found that firms are incentivized more when they share more information among each other, and firms' security investments additionally help to maximize the received utility. The sharing nature also helps the firms in reducing their cost of investment in the long run too. We also found that dynamic external incentivization/participation charges from CYBEX could motivate the firms to share more information truthfully instead of staying out of the sharing framework or sharing minimally.

We investigate the fair and private rewarding and participation-fee calculation through applying the coalitional game theory and differential privacy in the cybersecurity information sharing system. The main objective of our proposed mechanism is to stimulate organizations to share more useful information with the goal of increasing the organizations' payoff fairly while preserving the participation-fee private. To achieve this goal, we demonstrate the solution concepts of Shapley value and Nucleolus allocations in the cybersecurity information sharing game.

This CYBEX testbed development has given us immense experience on how to set up cybersecurity environment for training purpose. The testbed has both direct and indirect impact on hands-on research, education and training in cybersecurity. Students participating in this multidisciplinary area have learnt problem-solving skills taking into account different viewpoints, namely, decision analysis, information systems, security and practical system implementation. The students had the unique opportunity to have hands-on experience on the state-of-the-art testbed, which have increased their employment opportunities in such an exciting and exponentially growing field.

The project has enabled us to develop new cybersecurity programs such as Cybersecurity Minors, Cybersecurity Graduate Certificate and Cybersecurity Master's program at University of Nevada, Reno and making the UNR Cybersecurity Center a nationwide prominent Center.

 


Last Modified: 11/15/2019
Modified by: Shamik Sengupta

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top