Abstract

The agents of an organization, in fulfillment of their tasks, generate a cyber-physical-human trace, which is amenable to formal analysis with modal logic to verify safety and liveness properties. Trusted but non-trustworthy agents within an organization may attempt to conceal their true intentions, develop deceptive strategies, and exploit the organization--a scenario modeled here as a basic compliance signaling game. The challenge for the organization, only partially informed of its own true state, is in measuring and estimating its own safety and liveness properties as accurately as possible--the subject of this paper. To improve measurements, we suggest counter strategies where the organization presents honey objectives on a closely monitored attack surface to elicit exploitive actions and to estimate its own safety properties, an activity required for an adaptive response aiming to manage an organization's vulnerability and safety surfaces. We expand the basic game to a system of social-technological agents and tailor the encounter structure of evolutionary games to one that best fits a typical organization.