View
314
Download
1
Category
Tags:
Preview:
Citation preview
Insured Access:An Approach to Ad-hoc Information Sharing for Virtual Organizations
Naoki Tanaka†,‡, ∗ , Marianne Winslett†,∗,Adam J. Lee◦, David K. Y. Yau ,⋄ ∗, Feng Bao‡
† Department of Computer Science, University of Illinois at Urbana-Champaign‡ Cryptography & Security Department, Institute for Infocomm Research
Advanced Digital Sciences Center∗◦ Department of Computer Science, University of Pittsburgh
Department of Computer Science, Purdue University ⋄
Third ACM Conference on Data and Application Security and PrivacyFebruary 20, 2013, San Antonio, TX, USA
This presentation proposes insurance-based ad-hoc information sharing scheme
2
Insured Access
Simulation Results
Pricingand
Purchase Decisions
Traditional access control grants access for original purposes
3
AliceInformation Producer
BobInformation Consumer
Map of USAInformation
Alice prepared a map of USA for Bob
Bob has access to the map of USA
Traditional access control grants access for original purposes
4
AliceInformation Producer
Map of SingaporeInformation
CarolInformation Consumer
Alice prepared a map of Singapore for Carol
Carol has access to the map of Singapore
Can traditional access control deal with ad-hoc information access?
AliceInformation Producer
BobInformation Consumer
Map of SingaporeInformation
CarolInformation Consumer
?
Alice prepared a map of Singapore for Carol
Hey Alice, I came up with a good idea to use the map of Singapore!
Access rights are assigned according to the original purpose of information
6
AliceInformation Producer
BobInformation Consumer
Map of SingaporeInformation
CarolInformation Consumer
Information access for other purposes is denied
Alice prepared a map of Singapore for Carol
Sorry Bob, but I cannot release it.
(I don’t want to be blamed later…)
7
AliceInformation Producer
BobInformation Consumer
CarolInformation Consumer
Traditional methods try to eliminate risk
We need a more flexible method to consider benefits while bounding risk
Traditional authorization methods are inflexible
Risk-based access control tries to mitigate problems
8
MITRE JASON report proposed a risk-based access control approach
InformationRisk tokens
Use risk tokens to purchase access rights
Price = expected value of damages due to the access
one-day, soft-copy-only access to one document by the average Secret-cleared individual
1 token =
Total amount of allocated tokens < tolerable risk
Current risk-based access control has its own problems
9
InformationRisk tokens
Use risk tokens to purchase access rights?
Cannot control the worst-case aggregate damages
Doesn’t distinguish between good and bad risk-takers
Insured access encourages information sharing
10
AliceInformation Producer
BobInformation Consumer
InnisInsurer
Insurance policy
Information
Insured access encourages information sharing
11
AliceInformation Producer
BobInformation Consumer
InnisInsurer
Insurance policy
Information
1. Request policy
Insured access encourages information sharing
12
AliceInformation Producer
BobInformation Consumer
InnisInsurer
Insurance policy
Information
2. Quote priceor deny access Use premium principles
Insured access encourages information sharing
13
AliceInformation Producer
BobInformation Consumer
InnisInsurer
Insurance policy
Information
3. Pay premiumDecide considering benefits & costs
Insured access encourages information sharing
14
AliceInformation Producer
BobInformation Consumer
InnisInsurer
Insurance policyInformation
4. Receive policy
Insured access encourages information sharing
15
AliceInformation Producer
BobInformation Consumer
InnisInsurer
Insurance policyInformation
5. Request access,show policy
Insured access encourages information sharing
16
AliceInformation Producer
BobInformation Consumer
InnisInsurer
Insurance policyInformation
6. Provide access
No reason to deny because producers won’t lose anything
Insured access encourages information sharing
17
AliceInformation Producer
BobInformation Consumer
InnisInsurer
Insurance policyInformation
7. File claimagainst policy
Insured access encourages information sharing
18
AliceInformation Producer
BobInformation Consumer
InnisInsurer
Insurance policyInformation
8. Pay claimProducers get reimbursed for the exact amount
Insurer calculates premium (policy price) using premium principle
19
InnisInsurer
Insurance policy
Risk distribution Premium (Policy price)
Premium Principle
Risk distribution represents the total amount of claims
Principle of Equivalent Utility is the most widely adopted approach
20
Principle of Equivalent Utility
uI: insurer’s utility functionwI: insurer’s current capitalP: premium (policy price)X: random variable representing the total amount of claims
Insurer is equally happy whether or not the policy is issued (indifferent)
Exponential Principle is derived when exponential utility function is used
21
Exponential Principle
When exponential utility function
is used…
π: premium principleX: random variable representing the total amount of claimsmX(α): moment generating function of X around α
Exponential Principle is widely used because of its favorable properties
risk aversion index
Consumers consider both benefits and costs of accessing information
22
u: consumer’s utility functionw: consumer’s current capitalP: premium (policy price)Y: random variable representing the consumer’s expected additional value (revenue)
Consumers purchase policies only when the following inequality is met
Traditional actuarial methods don’t consider this kind of tradeoff
We can derive the maximum premium the consumer is willing to pay
23
When exponential utility function is used…
P+: maximum premium (policy price) the consumer is willing to paymY(αc): moment generating function of Y around αc
Y: random variable representing the consumer’s expected additional value (revenue)αc: consumer’s risk aversion index
If the quoted price is less than P+, the consumer buys the policy and accesses information
Bonus-malus system rewards good risk-takers and punishes bad ones
24
Dutch systemNew insureds enter at step 2
Good risk-takers
No claimsEnjoy discount
Bad risk-takers
Many claimsIncur penalty
Discrete event simulations model a map sharing scenario
25
10 consumers 10 producers
Sensitivity is reflected in parameters of risk (claim size) distributions
Discrete event simulations model a map sharing scenario
26
10 consumers 10 producers Each insured access is independent
Arrival of requests is modeled by a separate Poisson process for each consumer
A consumer chooses a producer a uniformly at random from the producers it has not purchased previously
Inter-arrival time follows exponential distribution
Discrete event simulations model a map sharing scenario
27
10 consumers 10 producers
For each purchased policy
1 claim arrival & 1 benefit arrival
Arrival time follows exponential distribution
Risk (claim size) & Benefit follow Normal Distribution
More risk averse insurer results in smaller capitals because of smaller # of transactions
28
Each principal has $10 as its initial capital
Varied the insurer’s risk aversion index α, and examined how α affects capitals at the end of simulations
Large α → Small # of transactions → Small capitals
With BM, consumers who make smaller number of claims have larger capitals
29
Consumer ID 1 2 3 4 5 6 7 8 9 10Probability of causing claims 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
steps are updated every 5 time periods
Without Bonus-Malus With Bonus-Malus
Good risk-takers (small # of claims) → Large capitals
We need to estimate distributions to realize Insured Access
30
1. Request policy2. Quote price
3. Pay premium
4. Receive policy
5. Request access, show policy
6. Provide access
7. File claim against policy
8. Pay claim
or deny access Can we estimate distributions?
This presentation proposed Insured Access and evaluated its effectiveness through simulations
31
Questions? Email: tanaka5@illinois.eduTwitter: @naokitnk
Proposed Insured Access that considers benefits while bounding risk
Showed how to calculate premium and how consumers decide to buy policies
Simulation results confirmed the effectiveness of Insured Access
Recommended