Securing information flows: A quantitative risk analysis approach

Risk-based information trading systems have recently emerged as a new paradigm for enabling information sharing in dynamic environments. Such systems build an information trading market whose commodity is information (quantized into objects) and whose currency is monetized evaluated risk. In these trading systems, risk is calculated by the information seller (and consequently charged to the information buyer) as a function of the value of the object and an information buyerpsilas propensity to divulge shared information (based on observed past behavior). Whilst standard techniques exist for evaluating the value of an object, determining the propensity of a buyer to leak information is somewhat more problematic. Ostensibly, a seller could rely on static pre-assigned credentials of the buyer, however, such credentials only provide a clue as to the buyerpsilas ldquotrustworthinessrdquo at the time of credential issuance and gives no indication of post-issuance behavior. In this paper, we propose the use of a information leakage monitoring subsystem as part of a larger risk trading system to detect information leakage. We propose a framework for the design of such a subsystem and identify the fundamental tradeoffs between maximum information leakage rates, delays in leakage detection, buyer budgetary constraints and inherent errors in the monitoring subsystem.