Designing for Emergent Security in Heterogeneous Human-Machine Teams

05/25/2019
by   Philip N. Brown, et al.
UCCS
0

This work seeks to design decisionmaking rules for autonomous agents to jointly influence and optimize the behavior of teamed human decisionmakers in the presence of an adversary. We study a situation in which computational jobs are scheduled on servers by a collection of autonomous machines in concert with self-interested human decisionmakers, and the human and machine schedulers must react to an adversary's attack on one of the servers. We show a simple machine scheduling policy such that if all schedulers have permission to schedule jobs on all servers, increasing the penetration of machine schedulers always increases the level of security in the system, even when the machine schedulers have no explicit coordination or communication amongst themselves. However, we show a companion result in which simple constraints on server availability can nullify the machine schedulers' ability to effectively influence human schedulers; here, even if machine schedulers control an overwhelming majority of jobs, are socially-aware, and fully coordinated amongst themselves, they are incapable of influencing human decisionmakers to mitigate the harm of an attack.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

10/04/2019

System Stability Under Adversarial Injection of Dependent Tasks

In this work, we consider a computational model of a distributed system ...
08/16/2021

Speed Scaling with Multiple Servers Under A Sum Power Constraint

The problem of scheduling jobs and choosing their respective speeds with...
10/17/2018

An EPTAS for machine scheduling with bag-constraints

Machine scheduling is a fundamental optimization problem in computer sci...
11/18/2020

heSRPT: Parallel Scheduling to Minimize Mean Slowdown

Modern data centers serve workloads which are capable of exploiting para...
10/20/2017

Fault-tolerant parallel scheduling of arbitrary length jobs on a shared channel

We study the problem of scheduling jobs on fault-prone machines communic...
03/16/2020

Exploiting an Adversary's Intentions in Graphical Coordination Games

How does information regarding an adversary's intentions affect optimal ...
09/05/2019

The Impact of Complex and Informed Adversarial Behavior in Graphical Coordination Games

How does system-level information impact the ability of an adversary to ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

I Introduction

The recent rush of technology into society’s daily life has promised to solve grand problems, but also may bring with it grand new risks. New technological paradigms such as the Internet of Things allows people to interact with their devices in unprecedented ways, but increased means of interaction may increase vulnerability to adversarial manipulation [1, 2]. Increasingly, society and technology are participants in each other’s affairs, which requires that engineers and computer scientists must be increasingly aware of the effects of each on the other. Autonomous decisionmakers must be designed to interact well with human decisionmakers, and this may look fundamentally different from how autonomous decisionmakers typically interact with one another [3].

In response to these new challenges, game theory (the formal study of interactive decisionmaking) has emerged as a set of mathematical tools which promise to shed some light on the central design tradeoffs in this space [4, 5, 6]

. In applying game theory to these types of systems, it is common to speak of “emergent behavior” in distributed decisionmaking; that is, game theory studies the aggregate behavior which

emerges from the entangled decisionmaking processes of autonomous machine agents, human users, and strategic attackers [7, 8, 9].

This paper represents an initial study on a concept that we term emergent security. That is, we seek fundamental principles which will allow the principled design of autonomous decisionmakers in sociotechnical systems; these autonomous agents should react to the actions of attackers in an intelligent, strategically-aware way to mitigate the harm of attacks.

A strategic attacker’s approach may be twofold: first, the attacker may directly attack the system and reduce quality-of-service [10]. Alternatively, the attacker may indirectly reduce quality-of-service by influencing ordinary system users to engage in inefficient behavior; this can include attack methods such as manipulative “social-engineering” attacks [11, 12].

The defending autonomous agents’ approach is similarly twofold: first, agents should be designed to directly avoid and mitigate the effects of the attacker’s actions; second, the autonomous agents should be designed to influence the behavior of ordinary system users so that they avoid and mitigate the effects of the attacker’s actions [13, 14, 15].

This paper asks whether and under what circumstances heterogeneous teams of human and machine decisionmakers can act in concert to provide security for distributed systems, despite a lack of centralized coordination among the decisionmakers. Specifically, we seek distributed decisionmaking architectures that provide emergent security; that is, the distributed decisionmaking rules and interaction framework guarantee that aggregate emergent behavior in the system responds effectively to adversarial manipulation.

We pose a model of collaborative job scheduling on servers: there is a collection of servers and a constant inflow of jobs; each job requires scheduling on any of the servers. Each job is given either to one of a collection of “machine schedulers” (which then select a server for the job based on a pre-specified algorithm) or the job is self-scheduled (in which case the job is assigned to a server with minimum current service time).

We consider a situation in which an intelligent attacker, wishing to decrease system throughput, selects a server and directly degrades its performance (e.g., by performing a denial-of-service attack that increases average service time) [16]. Subsequently, the machine schedulers and self-scheduled jobs may react to the increased service time on the attacked server and modify their scheduling choices accordingly. The attacker’s hope is to maximize the resulting performance degradation, both directly due to increased service times on the affected server and indirectly by manipulating the human and machine scheduling policies to create a cascade of inefficiencies affecting other servers.

In light of this model, our question is simple: can the decision rules of the machine schedulers be designed in such a way that system security emerges as the result of the interactive decisionmaking of the various schedulers? We say that a system exhibits strong emergent security if, for all attacks, the schedulers collectively respond optimally to the attack. On the other hand, we say that a system exhibits weak emergent security if, for all attacks, the performance of the schedulers’ collective response is at least no worse than a fixed scheduling policy. Given these definitions, our results are threefold:

Symmetric scheduling: When every server is available to every scheduler and the machine schedulers apply a simple locally-optimal scheduling policy, every system exhibits strong emergent security provided that the fraction of jobs controlled by machine schedulers exceeds some threshold (where this threshold is strictly less than ). Crucially, this threshold is independent of the number of machine schedulers.

Symmetric scheduling and linear server delay: Here, if the servers each have identical linear delay functions, provided that at least of the jobs are controlled by machine schedulers, the collective response to any attack is optimal (i.e., the system has strong emergent security even if only a small minority of jobs are machine-controlled). Furthermore, every system with linear server delay functions exhibits weak emergent security. That is, regardless of the mass of jobs controlled by machine schedulers, we have that for any attack, collective scheduling behavior is always at least as good as a fixed scheduling policy that is unresponsive to attacks.

Constrained server availability: However, the above results need not hold in the case that each scheduler can only access a subset of servers. In this case, even if the majority of jobs are centrally controlled by a single machine scheduler, the system may perform nearly as poorly as a completely unresponsive policy. Here, though the system still exhibits weak emergent security, the ability of the machine schedulers to reduce system cost is severely curtailed.

Our results suggest that emergent security of heterogeneous human-machine teams is a valid goal and can be attained with simple decision rules. However, designers must take care to understand how constraints and heterogeneity can subvert an otherwise performant system.

Ii Model

We are given a set of servers and a total load of units of jobs requiring service. Following from [17], each individual job is taken to be infinitesimally “small,” so that each job contributes a negligible amount to congestion. We denote the load (or mass of scheduled jobs) at server by , and denotes the delay suffered by a job at server under load . We adopt the usual convention that each is convex, nondecreasing, and continuously differentiable, and assume that the uncongested service time at all servers is equal, or for all , . A service profile is denoted ; we require that all jobs are serviced so that , which we denote by 111 Note that for , we write

to denote the standard probability simplex with each of its constraints multiplied by

, so that its vertices are of the form . . Our key cost metric is average service delay, denoted

(1)

Ii-a Adversarial action

An adversary, wishing to disrupt the system and increase system cost, selects a server (throughout this paper, we adopt the convention that this server is numbered ) and attacks it with strength . The effect of this attack is to uniformly increase service times222Here, we consider an additive degradation of service. Naturally, this degradation could take other forms. We adopt this particular formulation for simplicity, postponing the study of other formulations for future work. at server by an amount ; this is modeled by replacing the nominal delay function with the degraded delay function . For convenience, for any , we write .

Since the attacker’s action directly increases service times for any job on server , it induces a new system cost of

(2)

Ii-B Heterogeneous Human-Machine Teamed Scheduling

The main goal of this paper is to understand the effects of human-machine teaming on the security of distributed systems. To accomplish this, we consider a case in which there are engineered schedulers (called machine schedulers) acting in conjunction with a population of uncoordinated human schedulers. The system designer endows the machine schedulers with decision rules with which they select a scheduling profile, whereas the human schedulers select a server merely on the basis of minimizing their own service delay.

Machine scheduler is responsible for scheduling a mass of jobs, with . We refer to as the machine penetration level of the system. We term the remaining jobs selfish jobs, and we model their “behavior” by assuming that each infinitesimal job among the selfish jobs has a human owner that schedules it with the singular goal of minimizing its service time, given the attacker’s action and the choices of other jobs.

Figure 1 contains a simple depiction of the model. We allow each machine scheduler to schedule on any of the servers, so each machine scheduler selects a service profile , satisfying and . Given a collection of machine-scheduled profiles and a selfishly-scheduled profile , the aggregate load on machine is given by . The aggregate scheduling profile resulting from teamed scheduling is represented . Sometimes, to highlight the dependence of a scheduling profile on the actions of a particular machine , we may also represent an aggregate profile as , where denotes the scheduling by machine schedulers other than .

Fig. 1: Depiction of teamed scheduling setup for the nominal model descried in Section II-B and considered in Theorems III.1 and III.2. Any of the machine schedulers and any of the self-schedulers are free to schedule a job on any of the servers.

We model the aggregate behavior resulting from the collective decisionmaking of the machine schedulers and the selfish jobs by a concept that we term team equilibrium , or an aggregate scheduling profile satisfying

(3)

and

(4)

Note that at a team equilibrium, (3) implies that each machine scheduler is scheduling (globally) optimally (given the choices of others), and (4) implies that each selfish job is selecting a server with minimum delay (given the choices of others). While equilibrium existence in arbitrary games is not guaranteed, known results for heterogeneous congestion games give us the following proposition:

Proposition II.1

For any , any , any , and any satisfying , the above game has a team equilibrium .

This follows immediately from elementary equilibrium existence results in nonatomic games [18, 19, 20].

Ii-C Emergent Security

We say that a system exhibits emergent security if the teamed agents in the system (both human and engineered) naturally adapt to attacks in such a way that the system performance remains near-optimal even when the system is under attack. Since the team equilibrium concept implicitly assumes no coordination between agents, it is a natural means to study the emergent security arising from various decision rules.

In this context, we distinguish between different degrees of security by comparing the performance of a team equilibrium against that of two benchmarks:

Optimal scheduling

Given , we denote an optimal scheduling policy by . The ultimate goal in the emergent security paradigm is for the performance of team equilibria to equal that of .

Unresponsive scheduling

Here, we compare the performance of a team equilibrium to that of an unresponsive baseline scheduling policy that we denote ; this policy is optimal at no-attacks when , but is unresponsive to changes in . That is, for all , . Since this scheduling policy is constant in , we typically denote it simply .

Using these two definitions, we can now state the main qualitative performance metric of the paper:

Definition II.1

We say that a system exhibits strong emergent security if, for all , it holds that all team equilibria are optimal. That is, if is a team equilibrium, we have that for all ,

(5)

On the other hand, we say that a system exhibits weak emergent security if, for all , it holds that all team equilibria are no worse than unresponsive scheduling. That is, if is a team equilibrium, we have that

(6)

In each of our forthcoming contributions, we exhibit a system setting and then determine which of Definition II.1’s properties hold.

Iii Contributions

Iii-a Team scheduling exhibits emergent security for symmetric schedulers

Our first theorem is a general result on the effectiveness of heterogeneous human-machine teams; it establishes a baseline guarantee that performance guarantees for such systems are monotone nondecreasing in the penetration of machine schedulers. Furthermore, for high-enough machine penetration, every system exhibits strong emergent security.

Theorem III.1

For any , , , and any , let and be team equilibria with machine penetration levels and , where . Then it holds that

(7)

Furthermore, for every collection of delay functions , there exists a machine penetration threshold such that if , then the system exhibits strong emergent security. That is, for all the resulting team equilibrium (denoted ) is a globally optimal response:

(8)

The proof of Theorem III.1 appears in the Appendix.

That is, Theorem III.1 provides three things: first, when all schedulers have access to all servers, an implication of (7) is that heterogeneous human-machine teams are at least as performant as self-scheduled jobs. Second, for a fixed , increasing the penetration level of machine schedulers can never harm the performance of the system. Third, regardless of the number of machine schedulers, team scheduling is globally optimal provided that the fraction of self-scheduled jobs is small enough. Crucially here, every system may have a positive mass of self-scheduled jobs and still exhibit optimal team scheduling for all attack levels .

It is important to note that the results of Theorem III.1 do not rely in any way on explicit coordination or communication between the various machine schedulers. The only coordination between machine schedulers happens implicitly through the machines’ common objective function.

Iii-B Closed-form expressions for linear delay functions

Theorem III.1 paints a broad picture of the benefits of machine scheduling (even if uncoordinated), but gives little hint as to the actual performance gains possible. In particular, the only information given about the optimal machine penetration threshold is that ; but the question remains: how much less than ?

Accordingly, our next theorem reports the effects of team scheduling in closed-form for a simplified setting. Here, we consider the case that all servers have identical linear delay functions, or . In this setting, it is simple to observe that the nominal optimal scheduling policy under no attack has for all ; since all delay functions are equal, the policy which equates the delay on every server is optimal. The following theorem characterizes the effects of , and on the efficiency of team equilibria.

Theorem III.2

For this system, given , it holds that

When , the system exhibits strong emergent security and we have that every team equilibrium is globally optimal, satisfying

(9)

When , we have that every associated team equilibrium strictly outperforms the fully-selfish equilibrium and satisfies

(10)

Finally, when , we have that every associated team equilibrium is equal to a fully selfish equilibrium and satisfies

(11)
(12)

That is, for all , this system exhibits weak emergent security.

The proof of Theorem III.2 appears in the Appendix.

Several things are of note here. First, the penetration threshold is quite low: at most, only a fraction of jobs need to be under the control of machine schedulers to ensure that all team equilibria are optimal. Second, no matter how many jobs are sent to machine schedulers, every team equilibrium is guaranteed to have a relative cost less than , regardless of the strength of the attack. Compared to a baseline policy which is unresponsive to attacks, this represents a dramatic potential reduction in cost, since the unresponsive policy has a cost of , unbounded in . Finally, equation (11) implies that if the machine scheduler penetration is too low, the selfish schedulers entirely dominate the scheduling profile and the machine schedulers have no effect. In fact, for moderate attacks when , (12) indicates that this situation is identical in cost to the unresponsive baseline scheduling policy  which simply ignores attacks. Figure 2 depicts the dependence of the normalized system cost on the machine penetration level for various attack levels .

Fig. 2: Normalized cost of a team equilibrium with , plotted as a function of machine penetration , for various values of . Note that the cost is weakly decreasing in the level of machine penetration , and the largest gains are made when is relatively low compared to the total mass of jobs in the system.

Iii-C Loss of security due to scheduling constraints

The result of Theorem III.1 is appealing in its simplicity: if all schedulers (both machine and selfish) have access to scheduling on all servers, then the optimal policy for each machine is simply to behave as though it were the only scheduler and schedule optimally given the choices of others. In this section, we ask if the result would change if some servers were inaccessible to some of the schedulers; we show that even very simple scheduling constraints can render Theorem III.1’s optimal scheduling policies almost entirely ineffective.

Consider the setting of Theorem III.2, in which there are identical servers with delay functions , but now suppose that the self-scheduled traffic can only access servers and , and that each of the machine schedulers can access any server numbered through (that is, machine schedulers can access any server other than ). As before, let denote the mass of jobs controlled by the machine schedulers; to ensure that this system’s optimal operating point is identical to the system of Theorem III.2 for each , we enforce an additional constraint that . See Figure 3 for a depiction of this constrained system.

In this constrained context, our first question is this: if the machine schedulers apply the naive optimal scheduling policy informed by Theorem III.1, how does this system’s security compare to the unconstrained system of Theorem III.2? Theorem III.3 demonstrates that despite the fact that the machine schedulers control the vast majority of jobs, the new constraint completely nullifies the previous benefits of machine scheduling.

Theorem III.3

For , in the above system, let an attacker attack server with attack strength . Let be a team equilibrium, and let be an uncoordinated self-scheduled equilibrium obtained by converting all jobs to selfish jobs. Then we have

(13)

The proof of Theorem III.3 appears in the Appendix.

That is, in the above system, even if the machine schedulers control a majority fraction of of the total traffic, simply being unable to access a single machine can dramatically increase the attacker’s ability to harm overall system performance. In fact, for attacks with , it holds that no team equilibrium outperforms an unresponsive scheduling policy, or , just as in (12).

To compare (13) with system optimal, consider Figure 4; there, the solid (blue) trace corresponds to the constrained team scheduling in (13), and the dashed (green) trace corresponds to system optimal scheduling.

Note that Theorem III.3 holds for the case that the machine schedulers behave in an uncoordinated manner, each attempting to optimize global performance given the choices of others. What if, on the other hand, a machine scheduler had a “bigger-picture” view of the situation, and could schedule its traffic in anticipation of the self-schedulers’ response?

To understand the effect of such socially-aware machine scheduling, we model this as a Stackelberg equilibrium in which a single machine scheduler selects a policy for servers and then the selfish schedulers select between servers and on the basis of delay, reminiscent of [21].

Here, we denote the machine-scheduled policy by and the selfishly-scheduled policy by , and to model constrained scheduling, we enforce that . For each , we let .

The machine schedulers select a policy to minimize the cost function

(14)

Given the machine’s choice of , the selfish schedulers choose between servers and to satisfy the Nash condition (4) given in this case by

(15)

Given , we say that a scheduling profile is a Stackelberg equilibrium if it satisfies

(16)

where denotes that the selfish jobs have scheduled according to (15), given the choice of .

The following theorem reports the optimal Stackelberg strategy, and demonstrates that only slight security gains are possible in this situation.

Fig. 3: Depiction of constrained scheduling setup for Section III-C and Theorems III.3 and III.4. The unit of self-scheduled jobs can only access servers and , while the units of machine-scheduled jobs can access any server numbered through .
Theorem III.4

For , in the above system, let an attacker attack server with attack strength . The following scheduling policy enforces an optimal Stackelberg equilibrium satisfying (16):

(17)

and for all , Let be an optimal Stackelberg equilibrium enforced by policy (17). Then we have

(18)

The proof of Theorem III.4 appears in the Appendix.

The optimal scheduling policy shown in (17) exhibits the following threshold behavior: when is below the threshold, the optimal policy is to artificially increase the congestion on server in an effort to limit access by the selfish jobs. When increases above the threshold, the optimal policy discontinuously decreases the jobs scheduled on server , since at that point the optimal Stackelberg equilibrium simply equals the team equilibrium from Theorem III.3. That is, when is above the threshold, the costs of influencing behavior outweigh the benefits, and it becomes optimal to simply allow the self-routers to abandon the attacked server.

Clearly, the normalized cost in the Stackelberg case (18) is always less than the nominal uninfluenced cost from Theorem III.3, but Figure 4 clearly illustrates that this improvement is quite small when compared to the optimal attainable value from (9). That is, Theorem III.4 suggests that the inefficiency introduced by scheduling constraints presents a fundamental impediment to system performance, and is thus deserving of further study.

Fig. 4: Normalized costs for uninfluenced team equilibrium (Equation (13), optimal Stackelberg equilibrium (Equation (18)), and globally-optimal scheduling profile (Equation (9)) plotted with respect to for . Note that for moderate values of , the Stackelberg equilibrium slightly outperforms the uninfluenced equilibrium, but only by a very small amount compared to the gains possible with global scheduling.

Furthermore, note that the optimal Stackelberg strategy can optimize for system performance only by deliberately degrading the performance of Server . This is justifiable from the standpoint of overall system performance, since the inefficiencies caused by selfish scheduling are a direct result of too many selfish jobs selecting server . However, the effect of this is that the selfish jobs experience a significantly-degraded quality of service for a wide range of . This can be seen directly in the middle subplot of Figure 5; here, the dash-dot (orange) and solid (blue) traces capture both the load on Server  and the total cost experienced by selfish jobs in Stackelberg an uninfluenced settings, respectively.

Iv Conclusion

The results in this paper represent an initial summary look at several possible issues that can arise when distributed autonomous decisionmaking architectures are integrated with those of self-interested human agents. While certain systems are highly receptive to mixed human-autonomous decisionmaking (such as the unconstrained system of Theorems III.1 and III.2), in other types of system, machine scheduling is essentially useless (in the sense that selfish scheduling would perform just as well, as in Theorem III.3). In such systems, even socially-aware machine schedulers (which make decisions in light of their impacts on other decisionmakers) need not improve the situation much. As discussed following Theorem III.4, optimal socially-aware scheduling can even (perhaps paradoxically) cause significant increases in the costs experienced by the human system users. Put together, this paper paints an optimistic picture of the possible benefits of human-machine teams in certain circumstances – but it also tells a cautionary tale of some potential challenges and pitfalls of the teamed paradigm.

Fig. 5: Server loads for each of the scheduling profiles discussed in Section III-C, as a function of . Note that the optimal (green dashed trace) reacts to the most moderately of the three profiles, whereas in the Stackelberg case (orange dash-dot trace), the load on Server 2 increases rapidly in an attempt to limit the load of self-scheduled jobs on that server.

References

  • [1] M. A. Khan and K. Salah, “IoT security: Review, blockchain solutions, and open challenges,” Future Generation Computer Systems, vol. 82, no. May 2018, pp. 395–411, 2018.
  • [2] Q. D. La, T. Q. Quek, J. Lee, S. Jin, and H. Zhu, “Deceptive Attack and Defense Game in Honeypot-Enabled Networks for the Internet of Things,” IEEE Internet of Things Journal, vol. 3, no. 6, pp. 1025–1035, 2016.
  • [3] M. Hamdi and H. Abie, “Game-based adaptive security in the Internet of Things for eHealth,” in 2014 IEEE International Conference on Communications, ICC 2014, 2014.
  • [4] L. Pavel, Game Theory for Control of Optical Networks. Springer Science & Business Media, 2012.
  • [5] P. N. Brown and J. R. Marden, “Studies on Robust Social Influence Mechanisms: Incentives for Efficient Network Routing in Uncertain Settings,” IEEE Control Systems Magazine, vol. 37, no. 1, pp. 98–115, 2017.
  • [6] P. S. Pillai and S. Rao, “Resource Allocation in Cloud Computing Using the Uncertainty Principle of Game Theory,” IEEE Systems Journal, vol. 10, no. 2, pp. 637–648, 2016.
  • [7] A. Laszka, M. Felegyhazi, and L. Buttyan, “A Survey of Interdependent Information Security Games,” ACM Computing Surveys, vol. 47, no. 2, pp. 1–38, 2014.
  • [8] B. An, “Game theoretic analysis of security and sustainability,”

    IJCAI International Joint Conference on Artificial Intelligence

    , pp. 5111–5115, 2017.
  • [9] A. R. Hota and S. Sundaram, “Interdependent Security Games on Networks under Behavioral Probability Weighting,” IEEE Transactions on Control of Network Systems, vol. 5, no. 1, pp. 262–273, 2018.
  • [10]

    H. Fawzi, P. Tabuada, and S. Diggavi, “Secure estimation and control for cyber-physical systems under adversarial attacks,”

    IEEE Transactions on Automatic Control, vol. 59, no. 6, pp. 1454–1467, 2014.
  • [11] P. N. Brown, H. P. Borowski, and J. R. Marden, “Security Against Impersonation Attacks in Distributed Systems,” IEEE Transactions on Control of Network Systems, vol. PP, no. 1, 2018.
  • [12] S. Abraham and I. S. Chengalur-Smith, “An overview of social engineering malware: Trends, tactics, and implications,” Technology in Society, vol. 32, no. 3, pp. 183–196, 2010.
  • [13] L. J. Ratliff, R. Dong, S. Sekar, and T. Fiez, “A Perspective on Incentive Design: Challenges and Opportunities,” Annual Review of Control, Robotics, and Autonomous Systems, vol. 2, no. 1, pp. 1–34, 2018.
  • [14] P. N. Brown and J. R. Marden, “Avoiding Perverse Incentives in Affine Congestion Games,” in 55th IEEE Conf. on Decision and Control, (Las Vegas, NV, USA), pp. 7010–7015, 2016.
  • [15] S. Bolouki, D. G. Dobakhshari, T. Basar, V. Gupta, and A. Nedic, “Applications of group testing to security decision-making in networks,” in 2017 IEEE 56th Annual Conference on Decision and Control, CDC 2017, pp. 2929–2934, 2017.
  • [16] S. Amin, A. A. Cárdenas, and S. S. Sastry, “Safe and secure networked control systems under denial-of-service attacks,” in Hybrid Systems: Computation and Control, pp. 31–45, 2009.
  • [17] T. Roughgarden, “Stackelberg Scheduling Strategies,” SIAM Journal on Computing, vol. 33, no. 2, pp. 332–350, 2004.
  • [18] P. T. Harker, “Multiple Equilibrium Behaviors on Networks,” Transportation Science, vol. 22, no. 1, pp. 1–81, 1988.
  • [19] A. Orda, N. Shimkin, and R. Rom, “Competitive Routing in Multiuser Communication Networks,” IEEE/ACM Transactions on Networking, vol. 1, no. 5, pp. 510–521, 1993.
  • [20] A. Mas-Colell, “On a Theorem of Schmeidler,” Mathematical Economics, vol. 13, pp. 201–206, 1984.
  • [21] V. Bonifaci, T. Harks, and G. Shaefer, “The Impact of Stackelberg Routing in General Networks,” Mathematics of Operations Research, vol. 32, no. 2, pp. 1–17, 2010.
  • [22] P. N. Brown and J. R. Marden, “Fundamental Limits of Locally-Computed Incentives in Network Routing,” in American Control Conf., (Seattle, WA, USA), pp. 5263–5268, 2017.

Proof of Theorem iii.1

The proof hinges on the fact that the problem of finding a team equilibrium can be reduced to finding a Nash flow for a heterogeneous price-sensitive user population in a parallel-network routing game under the influence of marginal-cost tolls. Accordingly, we use techniques and appeal to several results from [22] which pertain to this problem. Given an instance of the team equilibrium problem, construct an instance of the Nash flow routing problem in the following way. Model each server as a network link with delay function . Create two classes of users; one (corresponding to the selfishly scheduled jobs) with mass and cost function on server simply as . The second class (corresponding to the machine-scheduled jobs) has mass and cost function on server given by , where denotes the first derivative of . That is, the machine-scheduled jobs are modeled by unit-price-sensitive users in a transportation network being charged marginal-cost tolls.

To see that the models are equivalent, simply note that given a choice of server by the selfish jobs, the optimization objective the machine schedulers can be modeled as the potential function of a potential game with server cost functions of . That is, if is a team equilibrium, the machine-scheduled jobs can be modeled as nonatomic agents playing a game with cost functions . Thus, any team equilibrium of the scheduling problem is a Nash flow for the corresponding routing game.

Given this, we appeal directly to Lemma 2.1 of [22] which states (in the language of the present paper) that for any machine penetration level and attack level , any associated team equilibrium satisfies

proving the first inequality in (7).

To see that (8) is true, note the following. Let be an optimal scheduling profile when . Let be the index of a minimum-delay server under profile , or

(19)

Observe that at this optimal profile, if all jobs currently scheduled on server are “converted” to self-scheduled jobs, they will still (at least weakly) prefer server , since by definition, for all ,

(20)

That is, setting , there exists an optimal team equilibrium with since the selfish jobs can be considered to be selecting server . Note that even if , it must be true that . For the remainder of the proof, any team equilibrium is assumed to be for a population in which .

As discussed in the proof of Lemma 5.2 in [22], for this population it holds that for any nontrivial attack with that in any team equilibrium, selfish schedulers will select server (the attacked server) if and only if no machine schedulers select any other server, or . However, since all delay functions (and their marginal costs) are nondecreasing, any team equilibrium with must have and for all . Due to these monotonicity properties, since , we thus have that for all , , meaning that no selfish schedulers select server in any team equilibrium.

To complete the proof of (8), we show that when , in every it must be the case that every server has a positive mass of machine-scheduled jobs. This is because the mass of self-scheduled jobs is , and for all , implies that . Recalling again the previously-referenced statements from [22], if all servers have a positive mass of machine-scheduled jobs, the team equilibrium must satisfy (8).

Proof of Theorem iii.2

First we show that for any machine penetration level and attack level , every associated team equilibrium has

for all . (21)

Suppose that is an aggregate scheduling profile in which for some . Note that if any selfish jobs are scheduled on server , then (4) implies that is not a team equilibrium, since there exists a server with lower cost (namely, server ): . Further, note that does not optimize the machine objective of (3) since a small mass of jobs transferred from to would decrease the system’s total cost. That is, if any machine has scheduled on server , it follows that is not a team equilibrium. Thus, for , every team equilibrium has .

For any , it is straightforward to verify that the globally optimal scheduling policy has , and the remaining jobs divided evenly among servers  through , so that for , . Let the machine penetration level meet or exceed : . Given this , let be an aggregate profile with and the remaining jobs divided equally among servers  through . In , some machine must be scheduling a positive mass of jobs on a server other than ; this machine could improve the value of its objective by shifting some jobs to server to bring closer to – implying that is not a team equilibrium. On the other hand, let be an aggregate profile with and the remaining jobs divided equally among servers  through . In , it is straightforward to verify that , implying that if selfish jobs are selecting , cannot be a team equilibrium. Further, if all of the jobs on server are machine-scheduled, some of them could be shifted to servers through to bring the total cost of the profile closer to optimal. Thus, is not a team equilibrium, and it must be the case that when , every team equilibrium is globally-optimal; (9) may be verified by substituting the aforementioned values of and into (2).

The proofs of the remaining statements in Theorem III.2 follow similar logic. For (10), there are not enough machine schedulers to ensure that , but there are enough to ensure that no selfish jobs schedule on server . Thus, in this intermediate case, every team equilibrium has and , and (10) follows algebraically.

Finally, for (11), there are so few machine-scheduled jobs in this case that the selfish jobs are all indifferent between all links and ensure that for all , yielding and (11).

Proof of Theorem iii.3

Here, we may repeat the argument from the proof of Theorem III.2 that any team equilibrium in this case has

for all . (22)

The key feature of Theorem III.2 that allowed a small mass of machine-scheduled jobs to enforce optimality was that the machine-scheduled jobs could access the attacked server and effectively displace the selfish jobs. In the present constrained setting, this is no longer possible since machine schedulers cannot access server .

Thus, the equilibrium condition of the selfish jobs guarantees that for low , in any team equilibrium , . Combining this with (22) ensures that is identical to a fully-selfish equilibrium , and (13) may be computed as in the third part of the proof of Theorem III.2.

Proof of Theorem iii.4

Lemma .1

For every , there exists an optimal Stackelberg equilibrium in which

(23)

This is immediately true for , when the unique optimal Stackelberg equilibrium has for all . Therefore, let and let be any scheduling profile such that . If is a Stackelberg equilibrium, the selfish schedulers’ incentive constraint in (16) implies that , or that . From here, it is simple to show that the normalized cost of this is lower-bounded by

(24)

satisfied with equality when for all .

We will show a machine-scheduled policy which weakly outperforms profile and always has , implying that the optimal Stackelberg equilibrium can always be selected to satisfy . Let , and let for all . Clearly, for all , cannot constitute a Nash response by the self-scheduled jobs, as this would yield , and selfish jobs would have a strong incentive to deviate to server . Thus, it must be the case that , which by the Nash condition in (15) implies that . Further manipulations yield the fact that Clearly, any optimal Stackelberg equilibrium must weakly outperform , implying that for every , there exists an optimal Stackelberg equilibrium  satisfying (23).

Proof of Theorem iii.4.

An optimal Stackelberg equilibrium is a solution of the following optimization problem:

(25)
subject to

The first constraint represents flow conservation; the second constraint is a consequence of Lemma .1. It can easily be shown that the optimum must have for all , leaving only the relevant nonnegativity constraint of . Associating KKT multipliers , and with the three constraints in (25), we have first-order optimality conditions given by

(26)
(27)
(28)
(29)
(30)

Note the following:

  1. implies that , which (due to the selfish jobs’ Nash conditions) implies that , so we may consider .

  2. implies that , in which case .

That is, without loss of generality we may assume that . With that in hand, when (and ), the local optimizer (for ) satisfies

(31)
(32)
(33)

and the corresponding normalized cost can be derived as

(34)

When and , the resulting equilibrium resolves to the under-influenced team equilibrium of Theorem III.3, with normalized cost satisfying that of (13).

Thus, the optimal Stackelberg equilibrium has normalized cost equal to that in (18). Finally, equations (26)-(28), combined with the selfish jobs’ conservation constraint, can be manipulated to show (17).