ABSTRACT
By employing an interdependent security game-theoretic framework, we study how individual Internet Service Providers can coordinate the investment decisions of end users to improve the security of the overall system. We study two different forms of intervention: rebates in combination with penalties (pay for outcome) and costsubsidies (pay for effort).
- R. Anderson. Why information security is hard -- An economic perspective. In Proc. of the 17th Annual Computer Security Applications Conference (ACSAC'01), New Orleans, LA, Dec. 2001. Google ScholarDigital Library
- D. Clark, J. Wroclawski, K. Sollins, and R. Braden. Tussle in cyberspace: Defining tomorrow's Internet. In Proc. of ACM SIGCOMM'02, pages 347--356, Pittsburgh, PA, Aug. 2002. Google ScholarDigital Library
- R. Clayton. Using early results from the 'spamHINTS' project to estimate an ISP Abuse Team's task. In Proc. of CEAS'06, Mountain View, CA, July 2006.Google Scholar
- N. Feamster, L. Gao, and J. Rexford. How to lease the Internet in your spare time. ACM SIGCOMM Computer Communications Review, 37(1):61--64, Jan. 2007. Google ScholarDigital Library
- E. Gal-Or and A. Ghose. The economic incentives for sharing security information. Information Systems Research, 16(2):186--208, June 2005. Google ScholarDigital Library
- J. Geers and J. Goobic (Eds.). Cyber insurance. The CIP Report, 6(3):1--11, Sept. 2007.Google Scholar
- J. Grossklags, N. Christin, and J. Chuang. Secure or insure? A game-theoretic analysis of information security games. In Proc. of WWW08, pages 209--218, Beijing, China, Apr. 2008. Google ScholarDigital Library
- J. Kirk. ISPs report success in fighting malware-infected PCs, June 2009. http://www.pcworld.com/businesscenter/article/166444/isps_report_success_in_fighting_malwareinfected_pcs.html.Google Scholar
- E. Mills. Comcast pop-ups alert customers to PC infections. CNet, Oct. 2009. http://news.cnet.com/8301-27080_3-10370996-245.html.Google Scholar
- W. Norton. The art of peering: The peering playbook, 2002.Google Scholar
- V. Shrestha. ISP security, Feb. 2005. Tutorial provided at SANOG5 ISP/NSP Security Workshop.Google Scholar
- R. Thaler and C. Sunstein. Nudge: Improving Decisions About Health, Wealth, and Happiness. Yale University Press, New Haven, CT, 2008.Google Scholar
- M. van Eeten and J. M. Bauer. Economics of malware: Security decisions, incentives and externalities. STI Working Paper, May 2008.Google Scholar
- H. Varian. System reliability and free riding. In L. Camp and S. Lewis, editors, Economics of Information Security (Advances in Information Security, Volume 12), pages 1--15. Kluwer, Dordrecht, The Netherlands, 2004.Google ScholarCross Ref
Index Terms
- Nudge: intermediaries' role in interdependent network security
Recommendations
Equitable Security: Optimizing Distribution of Nudges and Resources
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecuritySecurity behaviors can help users avoid incidents, but can also increase costs, both to users -- in time and mental effort -- and to platforms -- in user engagement and engineering resources. As such, we should consider when it is most efficient and ...
Nudge: intermediaries' role in interdependent network security
TRUST'10: Proceedings of the 3rd international conference on Trust and trustworthy computingBy employing an interdependent security game-theoretic framework, we study how individual Internet Service Providers can coordinate the investment decisions of end users to improve the security and trustworthiness of the overall system. We discuss two ...
The security cost of cheap user interaction
NSPW '11: Proceedings of the 2011 New Security Paradigms WorkshopHuman attention is a scarce resource, and lack thereof can cause severe security breaches. As most security techniques rely on considerate human intervention in one way or another, this resource should be consumed economically. In this context, we ...
Comments