1. Information Operation across Infospheres: Assured Information Sharing Prof. Bhavani Thuraisingham Prof. Latifur Khan Prof. Murat Kantarcioglu Prof. Kevin Hamlen The University of Texas at Dallas Prof. Ravi Sandhu UT San Antonio June 2008

2. Architecture Export Data/Policy Component Data/Policy for Agency A Data/Policy for Coalition Export Data/Policy Component Data/Policy for Agency C Component Data/Policy for Agency B Export Data/Policy Trustworthy Partners Semi-Trustworthy Partners Untrustworthy Partners

3. Our Approach Integrate the Medicaid claims data and mine the data; next enforce policies and determine how much information has been lost (Trustworthy partners); Prototype system Trust for Peer to Peer Networks Apply game theory and probing to extract information from semi-trustworthy partners Conduct information operations (defensive and offensive) and determine the actions of an untrustworthy partner. Examine RBAC and UCON for coalitions (UT San Antonio) Funding: AFOSR 300K; Texas Enterprise Funds 150K for students; 60K+ for faculty summer support; 45K+ for postdoc

4. Accomplishments to date FY06: Presented at 2006 AFOSR Meeting - Investigated the amount of information lost due to policy enforcement – Considered release factor - Preliminary research on RBAC/UCON; Game theory approach, Defensive operations FY07: Presented at 2007 AFOSR Meeting - Initial prototype - Penny for P2P Trust, Some results on applying Game Theory, Data mining for Code blocker (with Penn State), RBAC/UCON-based model FY08 : 2008 AFOSR Meeting - Enhanced prototype – integration into Intelligence Community’s Blackbook environment, Incentive based information sharing, Defensive and offensive operations

5. Coalition Policy Enforcement Prototype Dr. Mamoun Awad (postdoc) and students

6. Architectural Elements of the Prototype Policy Enforcement Point (PEP): Enforces policies on requests sent by the Web Service. Translates this request into an XACML request; sends it to the PDP. Policy Decision Point (PDP): Makes decisions regarding the request made by the web service. Conveys the XACML request to the PEP. Policy Files:  Policy Files are written in XACML policy language. Policy Files specify rules for “Targets”. Each target is composed of 3 components: Subject, Resource and Action; each target is identified uniquely by its components taken together. The XACML request generated by the PEP contains the target. The PDP’s decision making capability lies in matching the target in the request file with the target in the policy file. These policy files are supplied by the owner of the databases (Entities in the coalition). Databases:  The entities participating in the coalition provide access to their databases.

7. UTSA Research Investigated specifying RBAC policies in OWL (Web Ontology Language) Developed a model called ROWLBAC Investigating the enfacement of UCON in OWL or OWL-like language Prototype in development Goal is to specify and reason about security policies using semantic web-based specification languages and reasoning engines Paper to be presented at ACM SACMAT June 2008 Collaboration between UTSA-UTD-UMBC-MIT

8. Publications and Plans Some Recent Publications : Assured Information Sharing: Book Chapter on Intelligence and Security Informatics, Springer, 2007 Data Mining for Malicious Code Detection, Journal of Information Security and Privacy, Accepted 2007 Enforcing Honesty in Assured Information Sharing within a Distributed System, Proceedings IFIP Data Security Conference, July 2007 Confidentiality, Privacy and Trust Policy Management for Data Sharing, IEEE POLICY, Keynote address, June 2007 (Proceedings) Data Mining for Security Applications, Keynote talk at Intelligence and Security Informatics Conference, June 2008 Centralized Reputation in Decentralized P2P Networks, ACSAC 2007 ROWLBAC, to be presented at ACM SACMAT June 2008 Also units on assured information sharing on courses we teach at AFCEA (November 2007, April 2008, May 2008) Plans: This research was instrumental in developing ideas for the Assured Information Sharing MURI. The first two parts will be transitioned into the MURI work led by UMBC. Will investigate opportunities for Data mining for Botnet research with UIUC. Will also develop white paper on offensive operations

9. Distributed Information Exchange Multiple, sovereign parties wish to cooperate –Each carries pieces of a larger information puzzle –Can only succeed at their tasks when cooperating –Have little reason to trust or be honest with each other –Cannot agree on single impartial governing agent –No one party has significant clout over the rest –No party innately has perfect knowledge of opponent actions Verification of information incurs a cost Faking information is a possibility Current modern example: Bit Torrent –Assumes information is verifiable –Enforces punishment however through a centralized server

10. Game Theory Studies such interactions through mathematical representations of gain –Each party is considered a player –The information they gain from each other is considered a payoff –Scenario considered a finite repeated game Information exchanged in discrete ‘chunks’ each round Situation terminates at a finite yet unforeseeable point in the future –Actions within the game are to either lie or tell the truth Our Goal: All players draw conclusion that telling the truth is the best option

11. Withdrawal Much of the work in this area only considers sticking with available actions –I.e. Tit-for-tat: Mimic other player’s moves All players initially play this game with each other –Fully connected graph –Initial level of trust inherent As time goes on, players which deviate are simply cut-off –Player that is cut-off no longer receives payoff from that link Goal: Isolate the players which choose to lie

12. The Payoff Matrix

13. Enforcing Honest Choice Repeated games provide opportunity for enforcement –Choice of telling the truth must be beneficial The utility (payoff) of decisions made: Note that when

14. Experimental Setup We created an evolutionary game in which players had the option of selecting a more advantageous behavior Available behaviors included: –Our punishment method –Tit-for-Tat –‘Subtle’ lie Every 200 rounds, behaviors are re- evaluated If everyone agrees on a truth-telling behavior, our goal is achieved

15. Results

16. Conclusions Experiments confirm our behaviors success –Equilibrium of behavior yielded both a homogenous choice of TruthPunish and truth told by all agents –Rigorous despite wide fluctuations in payoff  Notable Observations –Truth-telling cliques (of mixed behaviors) rapidly converged to TruthPunish –Cliques, however, only succeeded when the ratio of like-minded helpful agents outweighed benefits of lying periodically Enough agents must use punishment ideology –Tit-for-Tat was the leading competitor