125 research outputs found

    Third-Party Budget Breakers and Side-Contracting in Team Production

    No full text
    In a team production problem with unverifiable effort, budget breaking is essential to implementing efficient levels of effort. This short paper considers the use of a third party, who does not exert effort, in a setting with general contracts that can include message games, as a way to remove resources from the team. We show that if side contracting can influence behavior in a message game in the original contract, the addition of the third party is not helpful. Additionally, we compare our view of side contracting with that of Baliga and Sjostrom (2009) to explore the nature of side contracting that is needed in order for the third party to be useful for budget breaking.

    Automated detection and containment of stealth attacks on the operating system kernel

    No full text
    The operating system kernel serves as the root of trust for all applications running on the computer system. A compromised system can be exploited by remote attackers stealthily, such as exfiltration of sensitive information, wasteful usage of the system's resources, or involving the system in malicious activities without the user's knowledge or permission. The lack of appropriate detection tools allows such systems to stealthily lie within the attackers realm for indefinite periods of time. Stealth attacks on the kernel are carried out by malware commonly known as rootkits. The goal of the rootkit is to conceal the presence of the attacker on the victim system. Conventionally, kernel rootkits modified the kernel to achieve stealth, while most functionality was provided by accompanying user space programs. The newer kernel rootkits achieve the malice and stealth solely by modifying kernel data. This dissertation explores the threat posed by both types of kernel rootkits and proposes novel automated techniques for their detection and containment. Our first contribution is an automated containment technique built using the virtualization architecture. This technique counters the ongoing damage done to the system by the conventional kernel rootkits. It is well suited for attacks that employ kernel or user mode stealth but provide most of the malicious functionality as user space programs. Our second contribution is to identify a new class of stealth attacks on the kernel, which do not exhibit explicit hiding behavior but are stealthy by design. They achieve their malicious objectives by solely modifying data within the kernel. These attacks demonstrate that the threat posed to kernel data is systemic requiring comprehensive protection. Our final contribution is a novel automated technique that can be used for detection of such stealth data-centric attacks. The key idea behind this technique is to automatically identify and extract invariants exhibited by kernel data structures during a training phase. These invariants are used as specifications of data structure integrity and are enforced during runtime. Our technique could successfully detect all rootkits that were publicly available. It could also detect more recent stealth attacks developed by us or proposed by other recent research literature.Ph.D.Includes bibliographical references (p. 99-103)by Arati Balig

    Liquidity and Manipulation of Executive Compensation Schemes

    No full text
    Compensation contracts have been criticized for encouraging managers to manipulate information. This includes bonus schemes that encourage earnings smoothing, and option packages that allow managers to cash out early when the firm is overvalued. We show that the intransparency induced by these contract features is critical for giving long-term incentives. Lack of transparency makes it harder for the owner to engage in ex post optimal but ex ante inefficient liquidity provision to the manager. For the same reason, it is often optimal to "pay for luck" (i.e., tie long-term compensation to variables that the manager has no influence over, but may have private information about, such as future profitability of the whole industry). The Author 2008. Published by Oxford University Press on behalf of The Society for Financial Studies. All rights reserved. For Permissions, please e-mail: [email protected]., Oxford University Press.

    The not-so-secret-agent: Professional monitors, hierarchies and implementation

    No full text
    It is well-known that, when agents in an organization possess private information that is unverifiable by an outside party, games where agents simply announce their information can have multiple equilibria that may impede the successful implementation of the organization's objectives. We show that the introduction of a professional monitor (e.g. auditor, regulator, supervisor) can help to destroy the "bad'' equilibria when agents have private information but have incomplete info rmation about others' information.Perfect Bayesian equilibrium, implementation, incomplete information

    Mechanism Design (New Developments)

    No full text
    corecore