Skip to main content
University of Oxford Department of Computer Science
  Contact Us     Search  
  1. Home
  2. Events
  3. Cyber Security Seminars
  4. Strategic Discovery and Sharing of Vulnerabilities in Competitive Environments

Strategic Discovery and Sharing of Vulnerabilities in Competitive Environments

Carlos Cid ( Director of Cyber Security CDT, Royal Holloway University of London )
  • 14Nov
    15:00 14th November 2014 ( week 5, Michaelmas Term 2014 )
    Tony Hoare Room, Robert Hooke Building

We investigate the incentives behind investments by competing companies in discovery of their security vulnerabilities and sharing of their findings. Specifically, we consider a game between competing firms that utilise a common platform in their systems. The game consists of two stages: firms must decide how much to invest in researching vulnerabilities, and thereafter, how much of their findings to share with their competitors. We fully characterise the Perfect Bayesian Equilibria (PBE) of this game, and translate them into realistic insights about firms’ strategies. Further, we develop a monetary-free sharing mechanism that encourages both investment and sharing, a missing feature when sharing is arbitrary or opportunistic. This is achieved via a light-handed mediator: it receives a set of discovered bugs from each firm and moderate the sharing in a way that eliminates firms’ concerns on losing competitive advantages. This research provides an understanding of the origins of inefficiency and paves the path towards more efficient sharing of cyber-intelligence among competing entities.

(joint work with Arman Khouzani and Viet Pham; to be presented at GameSec 2014 in Nov’14).

Speaker bio

Professor Cid received his PhD in Mathematics from the University of Brasilia, Brazil in 1999. After working for a short period as lecturer in Brazil, Carlos spent a year as postdoctoral researcher at RWTH-Aachen, Germany. Between 2001 and 2003 he worked as software engineer for an Irish network security start-up, where he was involved in the design and development of hardware security modules and network security appliances. Carlos joined the Information Security Group at Royal Holloway in October 2003, and is currently the Director of Royal Holloway's Centre for Doctoral Training in Cyber Security.

Professor Cid's main current academic interests are:

Symmetric Key Cryptology: block ciphers stream ciphers and authentication schemes Algebraic Analysis of LWE-based cryptographic schemes Applications of Computational Algebra in Cryptology Applications of Game Theory to Information Security Information Security (various topics)

 

 

Share this:

Seminar Series

See also

Coordinators

News & Events

Back to Top