-
Multidimensional Screening with Rich Consumer Data
Authors:
Mira Frick,
Ryota Iijima,
Yuhta Ishii
Abstract:
A multi-product monopolist faces a buyer who is privately informed about his valuations for the goods. As is well-known, optimal mechanisms are in general complicated, while simple mechanisms -- such as pure bundling or separate sales -- can be far from optimal and do not admit clear-cut comparisons. We show that this changes if the monopolist observes sufficiently rich data about the buyer's valu…
▽ More
A multi-product monopolist faces a buyer who is privately informed about his valuations for the goods. As is well-known, optimal mechanisms are in general complicated, while simple mechanisms -- such as pure bundling or separate sales -- can be far from optimal and do not admit clear-cut comparisons. We show that this changes if the monopolist observes sufficiently rich data about the buyer's valuations: Now, pure bundling always outperforms separate sales; moreover, there is a sense in which pure bundling performs essentially as well as the optimal mechanism. To formalize this, we characterize how fast the corresponding revenues converge to the first-best revenue as the monopolist's data grows rich: Pure bundling achieves the same convergence rate to the first-best as optimal mechanisms; in contrast, the convergence rate under separate sales is suboptimal.
△ Less
Submitted 9 November, 2024;
originally announced November 2024.
-
Monitoring with Rich Data
Authors:
Mira Frick,
Ryota Iijima,
Yuhta Ishii
Abstract:
We consider moral hazard problems where a principal has access to rich monitoring data about an agent's action. Rather than focusing on optimal contracts (which are known to in general be complicated), we characterize the optimal rate at which the principal's payoffs can converge to the first-best payoff as the amount of data grows large. Our main result suggests a novel rationale for the widely o…
▽ More
We consider moral hazard problems where a principal has access to rich monitoring data about an agent's action. Rather than focusing on optimal contracts (which are known to in general be complicated), we characterize the optimal rate at which the principal's payoffs can converge to the first-best payoff as the amount of data grows large. Our main result suggests a novel rationale for the widely observed binary wage schemes, by showing that such simple contracts achieve the optimal convergence rate. Notably, in order to attain the optimal convergence rate, the principal must set a lenient cutoff for when the agent receives a high vs. low wage. In contrast, we find that other common contracts where wages vary more finely with observed data (e.g., linear contracts) approximate the first-best at a highly suboptimal rate. Finally, we show that the optimal convergence rate depends only on a simple summary statistic of the monitoring technology. This yields a detail-free ranking over monitoring technologies that quantifies their value for incentive provision in data-rich settings and applies regardless of the agent's specific utility or cost functions.
△ Less
Submitted 2 July, 2024; v1 submitted 27 December, 2023;
originally announced December 2023.
-
Streamlining Attack Tree Generation: A Fragment-Based Approach
Authors:
Irdin Pekaric,
Markus Frick,
Jubril Gbolahan Adigun,
Raffaela Groner,
Thomas Witte,
Alexander Raschke,
Michael Felderer,
Matthias Tichy
Abstract:
Attack graphs are a tool for analyzing security vulnerabilities that capture different and prospective attacks on a system. As a threat modeling tool, it shows possible paths that an attacker can exploit to achieve a particular goal. However, due to the large number of vulnerabilities that are published on a daily basis, they have the potential to rapidly expand in size. Consequently, this necessi…
▽ More
Attack graphs are a tool for analyzing security vulnerabilities that capture different and prospective attacks on a system. As a threat modeling tool, it shows possible paths that an attacker can exploit to achieve a particular goal. However, due to the large number of vulnerabilities that are published on a daily basis, they have the potential to rapidly expand in size. Consequently, this necessitates a significant amount of resources to generate attack graphs. In addition, generating composited attack models for complex systems such as self-adaptive or AI is very difficult due to their nature to continuously change. In this paper, we present a novel fragment-based attack graph generation approach that utilizes information from publicly available information security databases. Furthermore, we also propose a domain-specific language for attack modeling, which we employ in the proposed attack graph generation approach. Finally, we present a demonstrator example showcasing the attack generator's capability to replicate a verified attack chain, as previously confirmed by security experts.
△ Less
Submitted 1 October, 2023;
originally announced October 2023.
-
Model-Based Generation of Attack-Fault Trees
Authors:
Raffaela Groner,
Thomas Witte,
Alexander Raschke,
Sophie Hirn,
Irdin Pekaric,
Markus Frick,
Matthias Tichy,
Michael Felderer
Abstract:
Joint safety and security analysis of cyber-physical systems is a necessary step to correctly capture inter-dependencies between these properties. Attack-Fault Trees represent a combination of dynamic Fault Trees and Attack Trees and can be used to model and model-check a holistic view on both safety and security. Manually creating a complete AFT for the whole system is, however, a daunting task.…
▽ More
Joint safety and security analysis of cyber-physical systems is a necessary step to correctly capture inter-dependencies between these properties. Attack-Fault Trees represent a combination of dynamic Fault Trees and Attack Trees and can be used to model and model-check a holistic view on both safety and security. Manually creating a complete AFT for the whole system is, however, a daunting task. It needs to span multiple abstraction layers, e.g., abstract application architecture and data flow as well as system and library dependencies that are affected by various vulnerabilities. We present an AFT generation tool-chain that facilitates this task using partial Fault and Attack Trees that are either manually created or mined from vulnerability databases. We semi-automatically create two system models that provide the necessary information to automatically combine these partial Fault and Attack Trees into complete AFTs using graph transformation rules.
△ Less
Submitted 18 September, 2023;
originally announced September 2023.
-
Deciding first-order properties of locally tree-decomposable structures
Authors:
Markus Frick,
Martin Grohe
Abstract:
We introduce the concept of a class of graphs, or more generally, relational structures, being locally tree-decomposable. There are numerous examples of locally tree-decomposable classes, among them the class of planar graphs and all classes of bounded valence or of bounded tree-width. We also consider a slightly more general concept of a class of structures having bounded local tree-width.
We…
▽ More
We introduce the concept of a class of graphs, or more generally, relational structures, being locally tree-decomposable. There are numerous examples of locally tree-decomposable classes, among them the class of planar graphs and all classes of bounded valence or of bounded tree-width. We also consider a slightly more general concept of a class of structures having bounded local tree-width.
We show that for each property P of structures that is definable in first-order logic and for each locally tree-decomposable class C of graphs, there is a linear time algorithm deciding whether a given structure A in C has property P. For classes C of bounded local tree-width, we show that for every k\ge 1 there is an algorithm that solves the same problem in time O(n^{1+(1/k)}) (where n is the cardinality of the input structure).
△ Less
Submitted 17 April, 2000;
originally announced April 2000.
