The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.04 - July/August (2009 vol.7)
pp: 80-83
Jeffrey K. MacKie-Mason , University of Michigan
ABSTRACT
Security problems are incentives problems: we build defenses because people want to do things that (intentionally or inadvertently) cause harm. Yet, much research disregards systematic study of the motivations of smart, responsive, autonomous humans in the loop. Meanwhile, the maturing sciences of motivated behavior offer a growing body of theoretical, statistical, and laboratory evidence on systematic responses to motivations that can be incorporated in the system design toolkit. By adjusting incentives, it's sometimes possible to induce bad guys to stay out, encourage good guys to improve secure practices, and discourage otherwise good guys with system access from becoming delinquent.
INDEX TERMS
S&P economics, incentive-centered design, information security, economics, security
CITATION
Jeffrey K. MacKie-Mason, "Incentive-Centered Design for Security", IEEE Security & Privacy, vol.7, no. 4, pp. 80-83, July/August 2009, doi:10.1109/MSP.2009.94
REFERENCES
1. R. Anderson, "Why Cryptosystems Fail," Proc. 1st ACM Conf. Computer and Communications Security, ACM Press, 1993, pp. 215–227.
2. S.W. Smith, "Humans in the Loop: Human-Computer Interaction and Security," IEEE Security &Privacy, vol. 1, no. 3, 2003, pp. 75–79.
3. R. Wash and J.K. MacKie-Mason, "Incentive-Centered Design for Information Security," Usenix Hot Topics in Security (HotSec 06), Usenix Assoc., 2006; www.usenix.org/events/hotsec06/techwash.html .
4. C. Dwork and M. Naor, "Pricing via Processing for Combating Junk Mail," Proc. 12th Ann. Int'l Cryptology Conf. Advances in Cryptology, Springer-Verlag, 1993, pp. 139–147.
5. R. Wash and J.K. MacKie-Mason, "Security when People Matter: Structuring Incentives for User Behavior," Proc. 9th Int'l Conf. Electronic Commerce (ICEC 07), ACM Press, 2007, pp. 7–14.
6. L. von Ahn et al., "CAPTCHA: Using Hard AI Problems for Security," Proc. EUROCRYPT 03, Springer-Verlag, 2003, pp. 294–311.
7. C. Doctorow, "Solving and Creating CAPTCHAs with Free Porn,"27 Jan. 2004; www.boingboing.net/2004/01/27solving-and-creating.html
8. J. Zhuge et al., Characterizing the IRC-Based Botnet Phenomenon, tech. report TR-2007-010, the Honeynet Project, 2007; http://honeyblog.org/junkyard/reportsbotnet-china-TR.pdf .
9. R. Wash and J.K. -MacKie-Mason, "A Social Mechanism for Home Computer Security," Workshop on Information System Economics (WISE), 2008; http://deepblue.lib.umich.edu/handle/2027.42 62021.
10. E.J. Friedman and P. Resnick, "The Social Cost of Cheap Pseudonyms," J. Economics and Management Strategy, vol. 10, no. 2, 2001, pp. 173–199.
11. T. Loder, M.V. Alstyne, and R. Wash, "An Economic Solution to Unsolicited Communication," Advances in Economic Analysis and Policy, vol. 6, no. 1, 2006; www.bepress.com/bejeap/advances/vol6/iss1 art2.
18 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool