Facilitating decision-making in large distributed systems with selfish and adversarial actors

Date
2024
DOI
Authors
Shi, Zhenpeng
Version
OA Version
Citation
Abstract
Modern computing systems are large and distributed, thus involving various actors with different and sometimes conflicting interests. Actors in such systems are often non-cooperative: they may be selfish, i.e., they seek to maximize their own payoffs, or they may be adversarial, i.e., they not only seek to maximize their own payoffs but also minimize payoffs of others. Modeling selfish and adversarial behavior in modern computing systems provides valuable insights to system designers and the actors themselves. In this dissertation, we propose to facilitate decision-making in such systems. Specifically, our proposed work consists of two thrusts: (I) shared/buy-in computing games; (II) mining threat databases for security analysis. In Thrust I, we investigate shared/buy-in computing systems from a game-theoretic perspective. Such systems allow users to use free shared resources, and optionally purchase additional buy-in resources with priority access. Idle buy-in resources are available to all users for enhancing resource utilization. We propose a game-theoretic model to capture interactions between shared and buy-in users and the system provider. We analyze important properties of the game, including the Nash equilibria and best response dynamics. We identify and quantify the inefficiency of the Nash equilibria in terms of the social cost. We further propose and analyze subsidy policies that reduce this cost. We validate and expand our results with both simulations and real traces collected from the Boston University Shared Computing Cluster. In Thrust II, we propose novel methods to mine and enhance threat databases that help defend a system against attackers. Threat databases provide critical information on known vulnerabilities and weaknesses that affect existing products or software packages, for example, Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Platform Enumeration (CPE). Our methods are based on threat knowledge graphs that aggregate information from CVE, CWE, and CPE in the form of a graph. Using the threat knowledge graph, our methods predict associations between threat databases, specifically between products, vulnerabilities, and weaknesses. We evaluate the prediction performance using standard metrics, and demonstrate the ability of the threat knowledge graph to uncover many associations that are currently unknown but will be revealed in the future. The predicted associations provide system's defenders with more complete threat information, and assist them in the vulnerability management process. We have made the artifacts of our work publicly available, for the sake of reproducibility and advancement of the field.
Description
License