1 / 80

Optimal Resource Allocation for Security in Reliability Systems

European Journal of Operational Research Volume 181, August 2007. Optimal Resource Allocation for Security in Reliability Systems. Industrial Engineering Department, King Saud University, Saudi Arabia M. Naceur Azaiez Department of Industrial Engineering, University of Wisconsin-Madison, USA

tjohnny
Download Presentation

Optimal Resource Allocation for Security in Reliability Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. European Journal of Operational Research Volume 181, August 2007 Optimal Resource Allocation for Security in Reliability Systems Industrial Engineering Department, King Saud University, Saudi Arabia M. Naceur Azaiez Department of Industrial Engineering, University of Wisconsin-Madison, USA Vicki M. Bier Instructor : Professor Frank Y.S. Lin Presented by Ray J.P. Lo 駱睿斌 NTU IM OPLab

  2. Agenda • Introduction • Results of prior work • Optimal inspection policy • Optimal attack/defense strategies • Conclusions and further work • Compared with OPLab NTU IM OPLab

  3. Agenda • Introduction • Results of prior work • Optimal inspection policy • Optimal attack/defense strategies • Conclusions and further work • Compared with OPLab NTU IM OPLab

  4. Introduction • Much work combines reliability analysis with optimization, to identify the most cost-effective risk reduction strategies. • However, the threat is usually assumed to be static. • By contrast, most past applications of game theory and similar approaches to defense against intentional threats to security have dealt with : • components in isolation • simple series and parallel systems NTU IM OPLab

  5. Introduction (cont’d) • In the real world, however, we will frequently be concerned about protecting the functionality of complex systems with arbitrary structures from adaptive threats. NTU IM OPLab

  6. Introduction (cont’d) • There are mainly two ways to describe the situation. • One could assume that the level of effort expended by the attacker on each component to be attacked is a constant, and hence investments by the defender change only the success probability of an attack on each component. • One could hold constant the success probabilityof an attack on each component. • They adopt this latter approach, and assume that the defender attempts to deter attacks by making them as costly as possible to the attacker. NTU IM OPLab

  7. Introduction (cont’d) • The problem can be formulated as: • Consider a system consisting of n components, (S1,S2 . . .Sn), in a specific configuration. • C(0, 0. . .0): The initial cost of an optimal attack. (before any defensive investments have been undertaken) • C(x1,x2 . . .xn): The expected cost of an optimal attack after an investment of (x1,x2 . . .xn) in strengthening of components (S1,S2 . . .Sn). • B: The total available defensive budget. • The optimal defensive investment will be the solution to the following optimization problem: NTU IM OPLab

  8. Agenda • Introduction • Results of prior work • Optimal inspection policy • Optimal attack/defense strategies • Conclusions and further work • Compared with OPLab NTU IM OPLab

  9. Results of prior work • The approach used here models optimal attack strategies by analogy with existing results for least-expected-cost failure-state diagnosis of reliability systems. • A cost is incurred for testing each component of the system. • The initial failure probability of each component is known, as well as the system configuration. NTU IM OPLab

  10. Series system of n independent components • Component i + 1 is tested only if component i is found operational, for all components i = 1,2…n-1. • ci: Testing cost of component i. • qi: Failure probability of component i. • pi = 1 – qi • Then, the following result holds: NTU IM OPLab

  11. Series system of n independent components (cont’d) • Theorem 2.1. In a series system, testing components i = 1,2. . .n in sequential order is optimum (minimum expected testing cost) if and only if: • In this case, the expected testing cost: NTU IM OPLab

  12. Parallel system of n independent components • Component i + 1 is tested only if component i is found failed, for all components i = 1,2…n-1. • ci: Testing cost of component i. • qi: Failure probability of component i. • pi = 1 – qi • Then, the following result holds: NTU IM OPLab

  13. Parallel system of n independent components (cont’d) • Theorem 2.2. In a parallel system, testing components i = 1,2. . .n in sequential order is optimum (minimum expected testing cost) if and only if: • In this case, the expected testing cost: NTU IM OPLab

  14. Extension to systems with more general structures • It is important to generalize the results given above to more general combined series/parallel systems. • They restrict their attention to systems of independent components that can be represented ‘‘without replications,’’ that is, systems that can be representedusing only AND/OR logic in such a way that each component appears only once. NTU IM OPLab

  15. Definitions • A subsystem S is called a series (parallel) subsystem with constituents S1 . . .Sn (for n > 1) if S can be obtained by placing S1 . . .Sn in series (in parallel). • A series (parallel) subsystem S is called a maximal series (parallel) subsystem if no other subsystems of the entire system can be obtained by placing additional components or subsystems in series (parallel) with S. NTU IM OPLab

  16. Definitions (cont’d) • The constituents S1 . . .Sn of a series (parallel) subsystem S are called the basic constituents of S if none of them is itself a series (parallel) subsystem. • It follows that every series (parallel) subsystem has a unique setof basic constituents. NTU IM OPLab

  17. Agenda • Introduction • Results of prior work • Optimal inspection policy • Optimal attack/defense strategies • Conclusions and further work • Compared with OPLab NTU IM OPLab

  18. Initialization algorithm • The algorithm is used toorder the basic constituents of all subsystems of a combined series/parallel system that can be represented without replications, prior to identifying the optimal inspection policy. NTU IM OPLab

  19. Initialization algorithm (cont’d)Step 1 • Consider anymaximal series subsystemS for which all the basic constituents S1 . . .Sn are simple components. • For all i = 1. . .n. Let: • ci: The testing cost of component Si. • pi: The success probabilities of component Si. • qi:The failure probabilities of component Si. NTU IM OPLab

  20. Initialization algorithm (cont’d)Step 1 (cont’d) • Then, do the following: • Reorder and re-label the components (if necessary) so that inequality (2) above holds. We say that S = (S1 . . .Sn) is now ordered. • Set C(S) to be the expected testing cost of the series subsystem S = (S1 . . .Sn). • Set P(S) and Q(S) to be the success and failure probabilities of subsystem S, respectively. NTU IM OPLab

  21. Initialization algorithm (cont’d)Step 1 (cont’d) • Similarly, for anymaximal parallel subsystem S for which all the basic constituents S1 . . .Sn are simple components. • Use the same notation as above: • ci: The testing cost of component Si. • pi: The success probabilities of component Si. • qi:The failure probabilities of component Si. NTU IM OPLab

  22. Initialization algorithm (cont’d)Step 1 (cont’d) • Then, do the following: • Reorder and re-label the components (if necessary) so that inequality (2) above holds. We say that S = (S1 . . .Sn) is now ordered. • Set C(S) to be the expected testing cost of the parallel subsystem S = (S1 . . .Sn). • Set P(S) and Q(S) to be the success and failure probabilities of subsystem S, respectively. NTU IM OPLab

  23. Initialization algorithm (cont’d) • If the entire system is now ordered then stop. • Else, go to step 2. NTU IM OPLab

  24. Initialization algorithm (cont’d)Step 2 • Consider each non-ordered maximal series (respectively, parallel) subsystem S in which all basic constituents are either ordered subsystems or simple components. • If any basic constituent Si is a simple component, then let: • C(Si): The testing cost of Si. • P(Si): The success probability of Si. • Q(Si): The failure probabilities of Si. NTU IM OPLab

  25. Initialization algorithm (cont’d)Step 2 (cont’d) • For each maximal series subsystem S = (S1 . . .Sn) in turn, do the following: • Reorder and re-label the basic constituents (if necessary) so that following condition holds. We say that S = (S1 . . .Sn) is ordered. • Set • Set P(S) and Q(S) to be the success and failure probabilities of S, respectively. NTU IM OPLab

  26. Initialization algorithm (cont’d)Step 2 (cont’d) • Similarly, for each maximal parallel subsystem S = (S1 . . .Sn), do the following: • Reorder and re-label the basic constituents (if necessary) so that following condition holds. We say that S = (S1 . . .Sn) is ordered. • Set • Set P(S) and Q(S) to be the success and failure probabilities of S, respectively. NTU IM OPLab

  27. Initialization algorithm (cont’d) • Repeat step 2 as needed until all subsystems have been ordered. • END. NTU IM OPLab

  28. Initialization example c2/p2=15 c3/p3=10.45 S1= (3,2) C(S1)= c3+q3c2=0.96 Q(S1)=q2q3=0.066 P(S1)=1- Q(S1)=0.934 c2 = 12 p2 = 0.8 q2 = 0.2 Step 1 → c1 = 10 p1 = 0.7 q1 = 0.3 → → → → c3 = 7 p3 = 0.67 q3 = 0.33 c5 = 10 p5 = 0.9 q5 = 0.1 c4 = 6 p4 = 0.6 q4 = 0.4 NTU IM OPLab

  29. Initialization example (cont’d) C(1)/Q(1)=33.3 C(S1)/Q(S1)=166.1 S2= (1,S1) =17.67 C(S2)=C(1)+P(1)C(S1) P(S2)=P(1)P(S1)=0.65 Q(S2)=1- P(S2)=0.35 Step 2 → → → → C(1) = c1 = 10 P(1) = p1 = 0.7 Q(1) = q1 = 0.3 → → → → → → → C(S1) = 10.96 P(S1) = 0.934 Q(S1) = 0.066 → → c5 = 10 p5 = 0.9 q5 = 0.1 c4 = 6 p4 = 0.6 q4 = 0.4 NTU IM OPLab

  30. Initialization example (cont’d) C(4)/P(4)=10 C(S2)/P(S2)=27.18 S3= (4,S2) C(S3)=C(4)+Q(4)C(S2)=13.07 Q(S3)=Q(4)Q(S2)=0.14 P(S3)=1- Q(S3)=0.86 Step 2 (cont’d) → → → → → → → → → → → C(S2) = 17.67 P(S2) = 0.65 Q(S2) = 0.35 c5 = 10 p5 = 0.9 q5 = 0.1 → → C(4) = c4 = 6 P(4) = p4 = 0.6 Q(4) = q4 = 0.4 NTU IM OPLab

  31. Initialization example (cont’d) C(5)/Q(5)=100 C(S3)/Q(S3)=93.36 S= (S3,5) C(S)=C(S3)+P(S3)C(5)=21.67 P(S)=P(S3)P(5)=0.77 Q(S)=1- P(S)=0.23 Step 2 (cont’d) → → → → → → → → → → → C(5) = c5 = 10 P(5) = p5 = 0.9 Q(5) = q5 = 0.1 → → → C(S3) = 13.07 P(S3) = 0.86 Q(S3) = 0.14 NTU IM OPLab

  32. Optimal inspection policy • Lemma 4.1. Consider any ordered series or parallel subsystem S = (S1 . . .Sn). Then in order to minimize the expected testing cost, testing of any basic constituent Si must be performed to completion before moving on to testing of another basic constituent with a subscript higher than i. NTU IM OPLab

  33. Optimal inspection policy (cont’d) • Theorem 4.1. Consider a combined series/parallel system S, ordered according to the initialization algorithm. Then, the optimal testing policy that minimizes the expected testing cost is to follow the orderings specified in the initialization algorithm. NTU IM OPLab

  34. Optimal inspection policy (cont’d) • If a basic constituent Sij of subsystem Sj = (S1j…Snj) is to be tested, then it should be tested to completion before moving on to testing of basic constituent Si+1j of that subsystem (or testing of some other subsystem), if needed. • In this case, the optimal expected testing cost of the system will equal C(S), as computed in the above algorithm. NTU IM OPLab

  35. Optimal inspection policy for the example → → • S=(S3,5) (series) • S3=(4,S2) (parallel) • S2=(1,S1) (series) • S1=(3,2) (parallel) • Using the initialization algorithm ,the expected testing cost of the above procedure is 21.67. → → → → → NTU IM OPLab

  36. Agenda • Introduction • Results of prior work • Optimal inspection policy • Optimal attack/defense strategies • Conclusions and further work • Compared with OPLab NTU IM OPLab

  37. Optimal attack/defense strategies • In the context of attack strategies: • The costs will be the costs to the attacker of launching attacks on the various components of a targeted system. • The failure (respectively, success) probabilities will refer to failure (respectively, survival) of those components after being attacked. NTU IM OPLab

  38. Assumptions • The system can be represented in a combined series/parallel configuration with no replications, and attacks on each component succeed or fail independently of the results of attacks on other components. • Each component can be attacked at most once. NTU IM OPLab

  39. Assumptions (cont’d) • The attacker objective is to determine the feasible attack policy with minimum expected cost. • Here, a feasible attack policy is one that continues until either the system is disabled, or the attacker discovers that it will be unable to disable the system. • The defender is interested primarily in preserving the functionality of the overall system. NTU IM OPLab

  40. Assumptions (cont’d) • The objective of the defender is to maximize the minimum expected cost of a feasible attack, subject to a budget constraint B limiting total defensive investments. • Defensive investments in any given component increase the cost of attacking that component, but do not decrease the probability of an attack succeeding. NTU IM OPLab

  41. Assumptions (cont’d) • The cost of an attack against component i increases linearly in the amount of defensive investment in that component, xi. • The attacker is aware of any defensive investments in the system before launching an attack. (Perfect knowledge) NTU IM OPLab

  42. Attack Strategies • Under these assumptions, and by analogy with Theorem 4.1, the optimal least-cost attack policy for an ordered series (parallel) path will consist of attacking basic constituent Si+1 only if an attack on basic constituent Si fails (succeeds). NTU IM OPLab

  43. Attack Strategies (cont’d) • In an ordered system, basic constituent Si will be attacked before any basic constituent Sj with j > i, so we will say that Si is ‘‘more attractive’’to the attacker than Sj. • This concept can also be generalized to components and/or subsystems not necessarily belonging to the same series or parallel path. • In this context, ‘‘ordered’’ will mean from most attractive to least attractive. NTU IM OPLab

  44. Attack Strategies (cont’d) • In a series subsystem, ‘‘more attractive’’ means ‘‘more fragile’’ (holding the attack costs equal). • In a parallel subsystem, ‘‘more attractive’’ means ‘‘more robust’’ (holding the attack costs equal). NTU IM OPLab

  45. Defender’s challenge • The problem is to determine the optimal allocationof the total defensive budget B over the various components in order to maximize the expected cost of an optimal attack. • The optimal defensive strategy will spend the entire available budget. NTU IM OPLab

  46. Series system • Consider an ordered series system S of n components, for which • the initial cost of an attack on component i is ci • the probability of the component resisting an attack is qi and pi = 1 - qi for i = 1. . .n. • Since the system is assumed to be ordered, relationship holds. pi qi NTU IM OPLab

  47. Series system (cont’d) • If the components are ordered in terms of their attractiveness, then the minimum expected cost of a feasible attack would be given by pj NTU IM OPLab

  48. Series system (cont’d) • The budget allocation can change the order of attractiveness of the various components and the objective function of the problem. • In particular, if after some defensive investment (x1,x2 . . .xn) the components are ordered according to (π(1) . . . π (n)), where π is a permutation of (1,2 . . .n), then the objective function would become NTU IM OPLab pπ(j)

  49. Series system (cont’d) • The objective function can always be written as a linear function of the decision variables xi. • This optimization problem could be solved by decomposing it into n! linear programs. • In order to investigate the qualitative properties of the optimal solution, they assumed that the cost-effectiveness parameters for investments in the various components are all equal (ai = a, for all i). NTU IM OPLab

  50. Series system (cont’d) • Proposition 5.1. If we have (c1 + aB)/q1 c2/q2 , then the optimal allocation policy will be given by (B,0. . . 0). NTU IM OPLab

More Related