Artifacts for Usenix Security Symposium '25 paper "Voluntary Investments, Mandatory Minimums, or Cyber Insurance: What Minimizes Losses?"

Hastings, Adam

doi:10.5281/zenodo.14728686

Published January 23, 2025 | Version v1

Software Open

Artifacts for Usenix Security Symposium '25 paper "Voluntary Investments, Mandatory Minimums, or Cyber Insurance: What Minimizes Losses?"

Hastings, Adam (Researcher)¹

1. Columbia University

Artifacts for "Voluntary Investment, Mandatory Minimums, or Cyber Insurance: What minimizes losses?"

To appear at Usenix Security 2025

This repository contains the code and data necessary to reproduce all figures, regressions, and simulations used in the paper "Voluntary Investment, Mandatory Minimums, or Cyber Insurance: What minimizes losses?", to appear at Usenix Security 2025. This upload contains two components:

artifacts.tar.gz: This is a compressed file containing two directories:
1. parameter-calcs/ : The datasets used in the empirical research portion of this work as well as the scripts used to analyze the datasets, and the resulting figures and calculated outputs.
2. simulator/. : The code of the model, as well as all config files and generated data, as well as all scripts used to analyze the generated data, and the resulting figures and outputs.
containerized.tar.gz: The code in simulator/ may be difficult to compile. To ease artifact evaluation, we have also included a containerized version of the above app, to be run with Docker.

Finally, while not included in this Zenodo upload, we also refer to the website cyberspending.cs.columbia.edu, which hosts the containerized application. The link to this website is also included for ease of use. We intend to maintain and support this website indefinitely. Reproducing Parameter Calculations

Scripts to reproduce parameter calculations are in `parameter-calcs/` and are written in Python

- To reproduce Figure 1, run python3 parameter-calcs/scripts/ransom_regression_plot.py ,which will produce outputs in parameter-calcs/figures/ransom_regression/.

- To reproduce Figure 2, run python3 parameter-calcs/scripts/plot_erf.py, which will produce outputs in parameter-calcs/figures/erf/

- To reproduce our regression of the real-world attack rate, run python3 parameter-calcs/scripts/curve_fit_attack_rate.py, which will produce outputs in parameter-calcs/figures/attackrate_fitting/

- To reproduce our regression of the real-world security posture, run python3 parameter-calcs/scripts/curve_fit_posture.py, which will produce outputs in parameter-calcs/figures/posture_fitting/

- To reproduce our regression on wealth estimation, including statistical tests, run python3 parameter-calcs/scripts/fit_marketcap_revenue_curves.py,

- To view our analytic optimization calculations, view parameter-calcs/scripts/secinvestments.nb (may require a Mathematica license).

Reproducing Simulator Outputs

To reproduce the simulator outputs, we recommend using the containerized application, located in containerized.tar.gz. which can be build from the included Dockerfile.

Re-running the simulator on all inputs may take a while.

Alternately, one wishing only to reproduce figures can rely on the existing data in artifacts.tar.gz and. ignore all instructions below on re-running the simulator.

Baseline Model Behavior

To reproduce Figures 3--6, run

cd simulator/scripts

python3 run_all.py ../logs/fullsize_short.csv

Results will be in simulator/scripts/figures/fullsize_short/.

To re-run the simulator and reproduce the dataset used above, run

./simulator/run/release/run_games simulator/configs/fullsize_short.json

One-Way Sensitivity Analysis

To reproduce Figure 7, run

cd simulator/scripts

python3 plot_sensitivity_analysis.py

Results will be in simulator/scripts/figures/sensitivvity_analysis/

To re-run the simulator and reproduce the dataset used above, run each config file in simulator/configs/sweeps/, e.g.

./simulator/run/release/run_games simulator/configs/sweeps/MAX_ITERATIONS=500/sweep_INEQUALITY.json

Mandated Security Investments

To reproduce Figures 8--10, run

cd simulator/scripts

python3 run_all.py ../logs/fullsize_short_MANDATORY_INVESTMENT=0.01.csv

python3 run_all.py ../logs/fullsize_short_MANDATORY_INVESTMENT=0.02.csv

python3 run_all.py ../logs/fullsize_short_MANDATORY_INVESTMENT=0.03.csv

python3 run_all.py ../logs/fullsize_short_MANDATORY_INVESTMENT=0.04.csv

python3 run_all.py ../logs/fullsize_short_MANDATORY_INVESTMENT=0.05.csv

Results will be in simulator/scripts/figures/, e.g. simulator/scripts/figures/fullsize_short_MANDATORY_INVESTMENT=0.01/

To re-run the simulator and reproduce the datasets used above, run

./simulator/run/release/run_games simulator/configs/fullsize_short_MANDATORY_INVESTMENT=0.01.json

./simulator/run/release/run_games simulator/configs/fullsize_short_MANDATORY_INVESTMENT=0.02.json

./simulator/run/release/run_games simulator/configs/fullsize_short_MANDATORY_INVESTMENT=0.03.json

./simulator/run/release/run_games simulator/configs/fullsize_short_MANDATORY_INVESTMENT=0.04.json

./simulator/run/release/run_games simulator/configs/fullsize_short_MANDATORY_INVESTMENT=0.05.json

Mandated Insurance

To reproduce Figures 11--12, run

cd simulator/scripts

python3 run_all.py ../logs/fullsize_short_mandatory_insurance.csv

Results will be in simulator/scripts/figures/fullsize_short_mandatory_insurance/

To re-run the simulator and reproduce this dataset, run

./simulator/run/release/run_games simulator/configs/fullsize_short_mandatory_insurance.json

Actuarially Fair Insurance

To reproduce Figures 13--14, run

cd simulator/scripts

python3 run_all.py ../logs/fullsize_short_selfless_insurers.csv"

Results will be in simulator/scripts/figures/fullsize_short_selfless_insurers/

To re-run the simulator and reproduce this dataset, run

./simulator/run/release/run_games simulator/configs/fullsize_short_selfless_insurers.json

A Non-Closed Ecosystem

To reproduce Figures 15--16, run

cd simulator/scripts

python3 run_all.py ../logs/fullsize_short_with_asset_growth_GROWTH_RATE=0.001.csv

python3 run_all.py ../logs/fullsize_short_with_asset_growth_GROWTH_RATE=0.002.csv

python3 run_all.py ../logs/fullsize_short_with_asset_growth_GROWTH_RATE=0.01.csv

Results will be in simulator/scripts/figures/, e.g. simulator/scripts/figures/fullsize_short_with_asset_growth_GROWTH_RATE=0.01/.

To re-run the simulator and reproduce this dataset, run

./simulator/run/release/run_games simulator/configs/fullsize_short_with_asset_growth_GROWTH_RATE=0.001.json

./simulator/run/release/run_games simulator/configs/fullsize_short_with_asset_growth_GROWTH_RATE=0.002.json

./simulator/run/release/run_games simulator/configs/fullsize_short_with_asset_growth_GROWTH_RATE=0.01.json

Files

Files (401.5 MB)

Name	Size	Download all
artifact.tar.gz md5:5ba9dee7f873e3f924605a75fd83e8b1	398.1 MB	Download
containerized.tar.gz md5:ce1cc60d7f68ecb5396e0e77036f47ff	3.4 MB	Download

	All versions	This version
Views	139	67
Downloads	76	27
Data volume	26.3 GB	5.2 GB

Artifacts for Usenix Security Symposium '25 paper "Voluntary Investments, Mandatory Minimums, or Cyber Insurance: What Minimizes Losses?"

Creators

Description

Artifacts for "Voluntary Investment, Mandatory Minimums, or Cyber Insurance: What minimizes losses?"

To appear at Usenix Security 2025

Reproducing Simulator Outputs

Baseline Model Behavior

One-Way Sensitivity Analysis

Mandated Security Investments

Mandated Insurance

Actuarially Fair Insurance

A Non-Closed Ecosystem

Files

Files (401.5 MB)