Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Insured Access: An Approach to Ad-hoc Information Sharing for Virtual Organizations
1. Third ACM Conference on Data and Application Security and Privacy
February 20, 2013, San Antonio, TX, USA
Insured Access:
An Approach to Ad-hoc
Information Sharing for
Virtual Organizations
Naoki Tanaka†,‡,∗ , Marianne Winslett†,∗,
Adam J. Lee◦, David K. Y. Yau⋄,∗, Feng Bao‡
† Department of Computer Science, University of Illinois at Urbana-Champaign
‡ Cryptography & Security Department, Institute for Infocomm Research
∗ Advanced Digital Sciences Center
◦ Department of Computer Science, University of Pittsburgh
⋄ Department of Computer Science, Purdue University
2. This presentation proposes insurance-based
ad-hoc information sharing scheme
Insured Access
18
Pricing 17
consumer1
consumer2
consumer3
Average of Capitals
consumer4
and 16
15
consumer5
consumer6
consumer7
consumer8
Purchase Decisions 14
13
consumer9
consumer10
12
11
0 10 20 30 40 50 60 70 80 90 100
Insurer’s Risk Aversion Index alpha
Simulation Results
2
3. Traditional access control grants
access for original purposes
Bob Alice
Information Consumer Information Producer
Map of USA
Information
Alice prepared a map of USA for Bob
Bob has access to the map of USA
3
4. Traditional access control grants
access for original purposes
Alice Carol
Information Producer Information Consumer
Map of Singapore
Information
Alice prepared a map of Singapore for Carol
Carol has access to the map of Singapore
4
5. Can traditional access control deal
with ad-hoc information access?
Bob Alice Carol
Information Consumer Information Producer Information Consumer
Hey Alice, I came up
with a good idea to use Map of Singapore
the map of Singapore! Information
Alice prepared a map of Singapore for Carol
6. Access rights are assigned according to
the original purpose of information
Bob Alice Carol
Information Consumer Information Producer Information Consumer
Sorry Bob, but I
cannot release it. Map of Singapore
(I don’t want to be Information
blamed later…)
Alice prepared a map of Singapore for Carol
Information access for other purposes is denied
6
7. Traditional authorization methods
are inflexible
Bob Alice Carol
Information Consumer Information Producer Information Consumer
Traditional methods try to eliminate risk
We need a more flexible method to
consider benefits while bounding risk
7
8. Risk-based access control tries to
mitigate problems
MITRE JASON report proposed a
risk-based access control approach
Use risk tokens to
purchase access rights
Risk tokens Information
1 token = one-day, soft-copy-only access to one document
by the average Secret-cleared individual
Price = expected value of damages due to the access
Total amount of allocated tokens < tolerable risk
8
9. Current risk-based access control
has its own problems
Use risk tokens to
purchase access rights
Risk tokens Information
Cannot control the worst-case aggregate damages
Doesn’t distinguish between good and bad risk-takers
9
11. Insured access encourages
information sharing
Innis
Insurer
Insurance policy
1. Request policy
Information
Bob Alice
Information Consumer Information Producer
11
12. Insured access encourages
information sharing
Innis
Insurer
Insurance policy
2. Quote price
or deny access Use premium principles
Information
Bob Alice
Information Consumer Information Producer
12
13. Insured access encourages
information sharing
Innis
Insurer
Insurance policy
3. Pay premium
Decide considering benefits & costs
Information
Bob Alice
Information Consumer Information Producer
13
14. Insured access encourages
information sharing
Innis
Insurer
4. Receive policy
Insurance policy
Information
Bob Alice
Information Consumer Information Producer
14
15. Insured access encourages
information sharing
Innis
Insurer
5. Request access,
show policy
Insurance policy
Information
Bob Alice
Information Consumer Information Producer
15
16. Insured access encourages
information sharing
Innis
Insurer
No reason to deny because producers won’t lose anything
6. Provide access
Insurance policy
Information
Bob Alice
Information Consumer Information Producer
16
17. Insured access encourages
information sharing
Innis
Insurer
7. File claim
against policy
Insurance policy
Information
Bob Alice
Information Consumer Information Producer
17
18. Insured access encourages
information sharing
Innis
Insurer
8. Pay claim
Producers get reimbursed for
the exact amount
Insurance policy
Information
Bob Alice
Information Consumer Information Producer
18
19. Insurer calculates premium (policy price)
using premium principle
Innis
Insurer
Risk distribution Premium (Policy price)
Insurance policy
Risk distribution represents
the total amount of claims
19
20. Principle of Equivalent Utility is the most
widely adopted approach
Principle of Equivalent Utility
uI: insurer’s utility function
wI: insurer’s current capital
P: premium (policy price)
X: random variable representing the total amount of claims
Insurer is equally happy whether or not
the policy is issued (indifferent)
20
21. Exponential Principle is derived when
exponential utility function is used
When exponential utility function
risk aversion index
is used…
Exponential Principle
π: premium principle
X: random variable representing the total amount of claims
mX(α): moment generating function of X around α
Exponential Principle is widely used
because of its favorable properties
21
22. Consumers consider both benefits
and costs of accessing information
Consumers purchase policies only when
the following inequality is met
u: consumer’s utility function
w: consumer’s current capital
P: premium (policy price)
Y: random variable representing the consumer’s expected
additional value (revenue)
Traditional actuarial methods don’t consider
this kind of tradeoff
22
23. We can derive the maximum premium
the consumer is willing to pay
When exponential utility function is used…
P+: maximum premium (policy price) the consumer is willing
to pay
mY(αc): moment generating function of Y around αc
Y: random variable representing the consumer’s expected
additional value (revenue)
αc: consumer’s risk aversion index
If the quoted price is less than P+, the consumer
buys the policy and accesses information
23
24. Bonus-malus system rewards good
risk-takers and punishes bad ones
New insureds enter at step 2 Dutch system
Bad risk-takers Good risk-takers
Many claims No claims
Incur penalty Enjoy discount
24
25. Discrete event simulations model a map
sharing scenario
Sensitivity is reflected in parameters of
risk (claim size) distributions
10 consumers 10 producers
25
26. Discrete event simulations model a map
sharing scenario
10 consumers 10 producers Each insured access is independent
Arrival of requests is modeled by a separate
Poisson process for each consumer
Inter-arrival time follows exponential distribution
A consumer chooses a producer a uniformly at random
from the producers it has not purchased previously
26
27. Discrete event simulations model a map
sharing scenario
10 consumers 10 producers
For each purchased policy
1 claim arrival & 1 benefit arrival
Arrival time follows exponential distribution
Risk (claim size) & Benefit follow Normal Distribution
27
28. More risk averse insurer results in smaller
capitals because of smaller # of transactions
Varied the insurer’s risk aversion index α, and examined
how α affects capitals at the end of simulations
Each principal has $10 as its initial capital
160
insurer
140 consumers
all
Average of Capitals
120
100
80
60
40
20
0
0 10 20 30 40 50 60 70 80 90 100
Insurer’s Risk Aversion Index alpha
Large α → Small # of transactions → Small capitals
28
29. With BM, consumers who make smaller
number of claims have larger capitals
Consumer ID 1 2 3 4 5 6 7 8 9 10
Probability of causing claims 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
14 18
consumer1 consumer1
13.5 consumer2 17 consumer2
consumer3 consumer3
Average of Capitals
Average of Capitals
13 consumer4 consumer4
16
consumer5 consumer5
12.5 consumer6 consumer6
consumer7 15 consumer7
12 consumer8 consumer8
consumer9 14 consumer9
11.5 consumer10 consumer10
13
11
10.5 12
10 11
0 10 20 30 40 50 60 70 80 90 100 0 10 20 30 40 50 60 70 80 90 100
Insurer’s Risk Aversion Index alpha Insurer’s Risk Aversion Index alpha
Without Bonus-Malus With Bonus-Malus
steps are updated every 5 time periods
Good risk-takers (small # of claims) → Large capitals
29
30. We need to estimate distributions
to realize Insured Access
1. Request policy
2. Quote price
or deny access Can we estimate distributions?
3. Pay premium 7. File claim against policy
4. Receive policy 8. Pay claim
5. Request access, show policy
6. Provide access
30
31. This presentation proposed Insured Access and
evaluated its effectiveness through simulations
Proposed Insured Access
that considers benefits while
bounding risk
Showed how to calculate
premium and how consumers
decide to buy policies
18
consumer1
17 consumer2
consumer3
Simulation results confirmed the
Average of Capitals
16 consumer4
consumer5
consumer6
15 consumer7
consumer8
14 consumer9
effectiveness of Insured Access 13
12
consumer10
11
0 10 20 30 40 50 60 70 80 90 100
Insurer’s Risk Aversion Index alpha
Email: tanaka5@illinois.edu
Questions? Twitter: @naokitnk
31