Advertisement

Optimizing Affine Maximizer Auctions via Linear Programming: An Application to Revenue Maximizing Mechanism Design for Zero-Day Exploits Markets

  • Mingyu GuoEmail author
  • Hideaki Hata
  • Ali Babar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10621)

Abstract

Optimizing within the affine maximizer auctions (AMA) is an effective approach for revenue maximizing mechanism design. The AMA mechanisms are strategy-proof and individually rational (if the agents’ valuations for the outcomes are nonnegative). Every AMA mechanism is characterized by a list of parameters. By focusing on the AMA mechanisms, we turn mechanism design into a value optimization problem, where we only need to adjust the parameters. We propose a linear programming based heuristic for optimizing within the AMA family. We apply our technique to revenue maximizing mechanism design for zero-day exploit markets. We show that due to the nature of the zero-day exploit markets, if there are only two agents (one offender and one defender), then our technique generally produces a near optimal mechanism: the mechanism’s expected revenue is close to the optimal revenue achieved by the optimal strategy-proof and individually rational mechanism (not necessarily an AMA mechanism).

Keywords

Automated mechanism design Revenue maximization Mechanism design Security economics Bug bounty 

References

  1. 1.
    Algarni, A.M., Malaiya, Y.K.: Software vulnerability markets: discoverers and buyers. Int. J. Comput. Electr. Autom. Control Inf. Eng. 8(3), 71–81 (2014)Google Scholar
  2. 2.
    Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 833–844. ACM, New York (2012). http://doi.acm.org/10.1145/2382196.2382284
  3. 3.
    Brams, S.J., Jones, M.A., Klamler, C.: Better ways to cut a cake - revisited. In: Brams, S., Pruhs, K., Woeginger, G. (eds.) Fair Division. Dagstuhl Seminar Proceedings, No. 07261. Internationales Begegnungs- und Forschungszentrum für Informatik (IBFI), Schloss Dagstuhl, Germany (2007)Google Scholar
  4. 4.
    Chen, Y., Lai, J., Parkes, D., Procaccia, A.: Truth, justice, and cake cutting. In: Proceedings of the National Conference on Artificial Intelligence (AAAI), Atlanta, GA, USA (2010)Google Scholar
  5. 5.
    Egelman, S., Herley, C., van Oorschot, P.C.: Markets for zero-day exploits: ethics and implications. In: Proceedings of 2013 Workshop on New Security Paradigms Workshop, NSPW 2013, pp. 41–46. ACM, New York (2013). http://doi.acm.org/10.1145/2535813.2535818
  6. 6.
    Emek, Y., Feldman, M., Gamzu, I., Paes Leme, R., Tennenholtz, M.: Signaling schemes for revenue maximization. In: Proceedings of the ACM Conference on Electronic Commerce (EC), Valencia, Spain (2012)Google Scholar
  7. 7.
    Fisher, D.: Vupen founder launches new zero-day acquisition firm zerodium (2015). https://threatpost.com/vupen-launches-new-zero-day-acquisition-firm-zerodium/113933/. Accessed 25 July 2012
  8. 8.
    Goemans, M., Skutella, M.: Cooperative facility location games. J. Algorithms 50, 194–214 (2004). Early version: SODA 2000, pp. 76–85MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Greenberg, A.: Shopping for zero-days: a price list for hackers’ secret software exploits (2012). http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/. Accessed 23 Mar 2012
  10. 10.
    Guo, M., Deligkas, A.: Revenue maximization via hiding item attributes. In: Proceedings of the Twenty-Third International Joint Conference on Artificial Intelligence (IJCAI), Beijing, China (2013)Google Scholar
  11. 11.
    Guo, M., Deligkas, A., Savani, R.: Increasing VCG revenue by decreasing the quality of items. In: Proceedings of the National Conference on Artificial Intelligence (AAAI), Quebec, Canada (2014)Google Scholar
  12. 12.
    Guo, M., Hata, H., Babar, A.: Revenue maximizing markets for zero-day exploits. In: Baldoni, M., Chopra, A.K., Son, T.C., Hirayama, K., Torroni, P. (eds.) PRIMA 2016. LNCS (LNAI), vol. 9862, pp. 247–260. Springer, Cham (2016). doi: 10.1007/978-3-319-44832-9_15 CrossRefGoogle Scholar
  13. 13.
    Lahaie, S., Pennock, D.M., Saberi, A., Vohra, R.V.: Sponsored search auctions. In: Nisan, N., Roughgarden, T., Tardos, E., Vazirani, V. (eds.) Algorithmic Game Theory, Chap. 28. Cambridge University Press, Cambridge (2007)Google Scholar
  14. 14.
    Lavi, R., Mu’alem, A., Nisan, N.: Towards a characterization of truthful combinatorial auctions. In: Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS), pp. 574–583 (2003)Google Scholar
  15. 15.
    Likhodedov, A., Sandholm, T.: Methods for boosting revenue in combinatorial auctions. In: Proceedings of the National Conference on Artificial Intelligence (AAAI), San Jose, CA, USA, pp. 232–237 (2004)Google Scholar
  16. 16.
    Likhodedov, A., Sandholm, T.: Approximating revenue-maximizing combinatorial auctions. In: Proceedings of the National Conference on Artificial Intelligence (AAAI), Pittsburgh, PA, USA (2005)Google Scholar
  17. 17.
    Myerson, R.: Optimal auction design. Math. Oper. Res. 6, 58–73 (1981)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Procaccia, A.D., Tennenholtz, M.: Approximate mechanism design without money. In: Proceedings of the ACM Conference on Electronic Commerce (EC), Stanford, CA, USA, pp. 177–186 (2009)Google Scholar
  19. 19.
    TC Projects: Severity guidelines for security issues (2015). https://www.chromium.org/developers/severity-guidelines. Accessed 15 Sept 2015
  20. 20.
    Vickrey, W.: Counterspeculation, auctions, and competitive sealed tenders. J. Financ. 16, 8–37 (1961)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.School of Computer ScienceUniversity of AdelaideAdelaideAustralia
  2. 2.Graduate School of Information ScienceNara Institute of Science and TechnologyIkomaJapan

Personalised recommendations