Ranjan Pal

Provost Fellow  

Department of Computer Science

Viterbi School of Engineering

University of Southern California

Los Angeles, CA 90089, USA

Email: rpal[at]usc[dot]edu





Research Interests

Cyber-security, Economics of Information Security and Privacy, Risk Management in Cyber-Security, Mathematical Modelling in Computer/Network Security and Reliability

Network Economics, Game Theory applied to Network Security and Privacy, Network Algorithmics and Optimization

Security Analytics and Applications of Machine Learning in Security


About Myself

I recently graduated with a Ph.D from the Department of Computer Science at the University of Southern California's (USC) Viterbi School of Engineering. My thesis advisors were Professors Leana Golubchik and Konstantinos Psounis. For my PhD, I also collaborated with Professor Pan Hui of the Hong Kong University of Science and Technology. My current major research interest lies in the area of cyber-security - especially the economics, performance modeling, strategy, and data analytics aspects of it, with the end goal of being able to make cyber-security as robust as possible. I also have research interests in network economics, network privacy and its economics, applied game theory and mechanism design, and smart grid analytics. I am a recipient of the prestigious Provost Fellowship at USC. As a PhD student at USC, I have held visiting research positions at Princeton University and Deutsch Telekom Research Laboratories, Germany. In the past, as an undergraduate and as a masters student, I have held research positions at Massachusetts Institute of Technology, National University of Singapore, University of California, Indian Institute of Technology, Kharagpur, India, Indian Institute of Management, Calcutta, India, and Center for TeleInfrastruktur, Aalborg, Denmark. My Erdos number is 4. In my spare time I do international travel, listen to music, watch movies, swim, and play/watch cricket and soccer. I also have a deep interest in Indian philosophy.


The Flavor of My Research

I am an applied theory guy primarily interested in the mathematical modeling and analysis of several aspects in the security of networked and distributed systems. My main goal is to reveal fundamental insights into the efficient design of secure communication systems. I like to solve problems that are challenging, interesting, and have good practical value and social impact. My Ph.D research was on investigating the important role of cyber-insurance markets in achieving a robust level of cyber-security, which is currently not present in the Internet due to several techno-social-economic constraints. Cyber-security is one of the most important and pressing issues in the current Internet age and doing research on improving cyber-security has been a great challenge for me, but at the same time gave me lot of fun. In general, my research was (still is) inter-disciplinary in nature and lied at the boundary of information security, micro-economics, game theory, algorithms, stochastic processes, social graph theory, and systems optimization. As secondary Ph.D research, I also worked on practical problems related to network economics, applied game theory and mechanism design, and applications of secure multi-party computation in networking. In the near future, I plan to keep adopting the "theory-to-practice" approach in designing, analyzing, and building robust and efficient communication systems.


Ph.D Thesis Statement

Most defense, corporate, and civilian systems today are Internet-based. The trustworthiness of Internet-based systems heavily depends on their security characteristics. It has been forecasted by national defense experts that the next big terrorist threat is a cyber-war. Thus, strong data protection and efficient cyber risk management is the need of the hour. Despite the increasing amount of research in strengthening security solutions, and large body of products being designed to increase security, e.g.,anti-virus software, anti-spam software, and firewalls, such self-protection tools can at best reduce the risk of end-users but cannot eliminate it. One of my main reasons for this is the effect of misaligned incentives between security product vendors, network users, and regulatory agencies. To this end, in this thesis I propose to address residual risk elimination through cyber-insurance - simply put, I consider solutions where risk is transferred to another entity (i.e., insurance company) in return for a fee (i.e.,the insurance premium). Cyber-insurance is a promising, potentially multi-billion dollar industry that can help secure the cyber-space, with profound benefits to individuals, corporations, security product vendors, and the government. I am not the first to argue in favor of cyber-insurance. Economists have attempted to extend conventional insurance models into the cyber-insurance context, and, quite recently, a few researchers from the broader networking and performance analysis communities have attempted to shed some light on the issues associated with cyber-insurance. However, despite this body of work, cyber-insurance has not yet become a reality due to a number of unresolved research challenges as well as practical considerations. A number of these challenges are rooted in some fundamental differences between cyber-insurance and other forms of insurance. Most notably, the networked environment over which cyber-insurance operates implies that the usual assumptions of independent security and non-correlated risk among end-users cannot be made. Moreover, information asymmetries between insured and insurers are particularly pronounced, making the modelling of such entities quite complex. My goal in this thesis has been to focus on those aspects of the problem that are particular to cyber-insurance (in contrast to other forms of insurance), with the end goal of moving towards the realization of efficient cyber-insurance markets that benefit cyber-users, security product vendors, cyber-insurers, regulatory agencies, and the network as a whole.

Tools used in my thesis: Microeconomics, Algorithms, Game Theory, Probability Theory and Stochastic Processes, Mathematical Optimization, Social Graph Theory

My PhD Thesis

My PhD Defense Talk

USC Graduate School writes about my research, USC News reports my research


Publications in Ph.D (On Main Thesis)

My publications here cover "cyber-insurance" and its impact on improving cyber-security. In my thesis, I have solved a hard and challenging problem by first splitting it up into fundamental sub-problems, and in the end combined the solutions and insights gained from those subproblems to weave a complete story. My publication list reflects the solutions to the sub-problems as well as the combined story. I have been the first author in all of the papers.

  1. Improving Network Security via Cyber-Insurance: A Market Analysis, A Journal Submission (extension to our IEEE INFOCOM 2014 paper)
  2. Will Cyber-Insurance Improve Network Security?: A Market Analysis, accepted in IEEE INFOCOM 2014, Toronto, Canada (Acceptance Rate: 19%)
  3. Realizing Efficient Cyber-Insurance Markets: The Problem of Ensuring Positive Insurer Profits, A Journal Submission (extension to our IFIP Networking 2013 paper)
  4. On a Way to Improve Cyber-Insurer Profits: When A Security Vendor Becomes the Cyber-Insurer, accepted in IFIP Networking 2013, New York, USA (Acceptance Rate: 26%)
  5. On Differentiating Cyber-Insurance Contracts: A Topological Perspective, accepted in IEEE/IFIP Internet Management Conference 2013, Ghent, Belgium (Acceptance Rate: 23%)
  6. Cyber-Insurance for Cyber-Security: A Topological Take on Modulating Insurance Premiums, accepted in ACM SIGMETRICS Workshop (MAMA 2012), London, UK. A slightly modified version of this paper will appear in ACM SIGMETRICS Performance Evaluation Review, 2012, Vol. 40(3)
  7. Cyber-Insurance for Cyber-Security: A Solution to the Information Asymmetry Problem, accepted in SIAM Annual Meeting 2012, Minnesota, USA
  8. Aegis: A Novel Cyber-Insurance Model accepted in GameSec, 2011, Maryland, USA. (flagship conference on economics of information security)
  9. Modeling Investments in Internet Security: Tackling Topological Information Uncertainty accepted in GameSec, 2011, Maryland, USA. (flagship conference on economics of information security)
  10. On Economic Perspectives of Internet Security: The Problem of Designing Optimal Cyber-Insurance Contracts, accepted in ACM SIGMETRICS Workshop (MAMA 2010), New York, USA. A slightly modified version of this paper appeared in ACM SIGMETRICS Performance Evaluation Review, 2010. Vol. 38(2)
  11. Analyzing Self-Defense Investments in Internet Security Under Cyber-Insurance Coverage accepted in IEEE ICDCS, 2010, Genoa, Italy. (Acceptance Rate 14.3%)


Publications in Ph.D (Other Topics)

My publications here cover topics that I got associated with during course projects at USC, and my summer visits at Princeton University, Aalborg University, Deutsch Telekom Research Laboratories, and Cyan Inc. I have been the first author in all of the papers, except two.

  1. A Secure Computation Framework for SDNs, accepted to appear in ACM SIGCOMM Workshop (HotSDN), 2014, Chicago, USA
  2. A Real-Time Pricing Model for Electricity Consumption, accepted in SIAM Conference on Financial Mathematics and Engineering, 2012, Minnesota, USA
  3. On Social Community Networks: The Cost Sharing Problem, accepted in ACM SIMPLEX 2012 Workshop, in conjunction with WWW conference, Lyon, France
  4. Economic Models for Cloud Service Markets: Pricing and Capacity Planning, published in Elsevier Theoretical Computer Science, 2013, Vol. 496. (Journal extension to our ICDCN paper)
  5. Economic Models for Cloud Service Markets accepted in ICDCN 2012, Hong Kong. (Also invited by INFORMS Annual Meeting 2011, Charlotte, North Carolina, USA). (Acceptance Rate = 28%)
  6. Settling For Less : A QoS Compromise Mechanism for Mobile Opportunistic Networks accepted in ACM SIGMETRICS Workshop (MAMA 2011), San Jose, USA. A slightly modified version of this paper appeared in ACM SIGMETRICS Performance Evaluation Review, 2011, Vol. 39(3)
  7. Sharing-Mart: Online Auctions for Digital Content Trading and Content Incentivization, accepted in GameNets, 2011, Shanghai, China. (A flagship conference on game theory applications in communication networks)
  8. On Wireless Social Community Network Routers: The Design and Cost Sharing Problem for Better Deployment , accepted in IEEE GLOBECOM 2010, Florida, USA. (Acceptance Rate = 32%)
  9. Sharing Costs in Social Community Networks accepted in IEEE ICNC Workshop on Computing Networking and Communications, 2012, Maui, Hawaii, USA.
  10. Playing Games with Human Health: A Game-Theoretic Approach to Optimizing Reliability in Wireless Health Networks, accepted in IEEE ISABEL 2010, Rome, Italy.


Academic Materials

Full Resume

My research output during PhD

Publications prior to joining Ph.D (UG, MS)


Selected Graduate Coursework

Design and Analysis of Algorithms

Mathematical Analysis

Probability Theory and Stochastic Processes

Mathematical Optimization (primarily convex optimization, slight emphasis on vector space optimization)

Network Economics and Network Game Theory

Performance Analysis of Systems

Computer Networks (The Internet, wireless networks, and distributed systems)

Computer Security

Software-Defined Networking

Cloud Computing

Database Systems

Statistical Machine Learning and Graphical Models


Teaching Activities

1. (Graduate) Analysis of Algorithms: Teaching Assistant, (Fa '13, 'Sp'13, Fa'12, Sp'12, Fa'11, Fa'10), USC Exceptional TA citation from the USC Computer Science Department, 2012-2013

2. Unix and C Programming (Undergraduate Level): Teaching Assistant, Sp'06, UC Davis

3. Research Seminar: Teaching Assistant, Sp'14, USC

4. Fundamentals of Database Systems (Undergraduate Level): Teaching Assistant, Sp'14, USC


Invited Talks

1. Improving Network Security Through Insurance: A Tale of Insurance markets - A Tale of Insurance Markets: IBM Research Labs, India and USA, March 2014.

2. On Security Monitoring in Software-Defined Networks - A Game-Theoretic Perspective : T-Labs, USA, March 2013.

3. On Improving Cyber-Security Through Insurance - A Tale of Insurance Markets: Symantec Research Labs, USA, December 2012.

4. Real-Time Pricing in Power Grids: Ecole Polytechnique Federal De Lausanne (EPFL), June 2011

5. An Insurance Approach to Internet Risk Management , Technical University of Lisbon, December 2009.

6. An Insurance Approach to Internet Risk Management , Nokia-Siemens Networks, Portugal, December 2009



I love to travel. Life is boring without it!!!. I consider myself immensely lucky to have travelled to various parts of the world for both, academic as well as for holidaying purposes, at a young age. I generally make short yearly trips with friends, and really enjoy and relish the culture, food, nature, and monumental architecture in all the countries I visit. Listed below are the countries I have visited (airports not included :) ).

Asia: Singapore, Japan, Hong Kong, Thailand, Malaysia

North America: USA, Canada

Europe: Germany, Austria, Czech Republic, France, Russia, Switzerland, Italy, Vatican City, Holland, Belgium, Denmark, England, Sweden, Finland, Norway, Spain, and Portugal


The University of Southern California does not screen or control the content on this website and thus does not guarantee the accuracy, integrity, or quality of such content. All content on this website is provided by and is the sole responsibility of the person from which such content originated, and such content does not necessarily reflect the opinions of the University administration or the Board of Trustees
The University of Southern California does not screen or control the content on this website and thus does not guarantee the accuracy, integrity, or quality of such content. All content on this website is provided by and is the sole responsibility of the person from which such content originated, and such content does not necessarily reflect the opinions of the University administration or the Board of Trustees