There's more to randomization than just doing stuff randomly
- By William Jackson
- Jan 31, 2008
What's so difficult about randomizing a security schedule? You could just roll the dice or pull a number from a bowl, couldn't you? Actually, you couldn't. It turns out that there is random, and then there is random.
A roll of the dice gives uniform randomization, in which all the elements have the same significance. But in a real-world operational situation, some things that need to be protected are more important or vulnerable than others. These higher priorities need to be given additional weight, said Milind Tambe of the University of Southern California's Viterbi School of Engineering.
'That starts to make things a little complicated,' Tambe said. Things are further complicated by the fact that there are two sides involved, and the potential terrorists might not give the same importance to something the police do. The results have to ensure that the random schedule being generated gives the same level of overall protection as more predictable conventional scheduling.
'So you look at it as a game,' Tambe said. 'Uniform randomization is inferior to a randomization where we give weight based on the contrasting costs and benefits.'
The benefit of that weighting was the point of Tambe's student Praveen Paruchuri's doctoral dissertation, on which Armor, the applications being used at Los Angeles International Airport, was based.
To assign these weights, the USC team that developed the application worked closely with police at LAX for one side of the equation. For the terrorist side of the equation, they relied on the expertise of the Homeland Security Center for Risk and Economic Analysis of Terrorism Events, a federally funded think tank at USC.
These weights were balanced against simulations that analyzed the impact of what-if scenarios in which the assigned values turned out to be wrong.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.