Security when people matter

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Security when people matter: structuring incentives for user behavior

Full text

Pdf (301 KB)

Source

ACM International Conference Proceeding Series; Vol. 258 archive
Proceedings of the ninth international conference on Electronic commerce table of contents

Minneapolis, MN, USA

SESSION: Session M1: privacy in e-commerce table of contents

Pages: 7 - 14

Year of Publication: 2007

ISBN:978-1-59593-700-1

Authors

Rick Wash	University of Michigan, Ann Arbor, MI
Jeffrey K. MacKie-Mason	University of Michigan, Ann Arbor, MI

Sponsors

SIGART: ACM Special Interest Group on Artificial Intelligence
ACM: Association for Computing Machinery
SIGEcom: ACM Special Interest Group on Electronic Commerce

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 8, Downloads (12 Months): 88, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1282100.1282105 What is a DOI?

ABSTRACT

Humans are "smart components" in a system, but cannot be directly programmed to perform; rather, their autonomy must be respected as a design constraint and incentives provided to induce desired behavior. Sometimes these incentives are properly aligned, and the humans don't represent a vulnerability. But often, a misalignment of incentives causes a weakness in the system that can be exploited by clever attackers. Incentive-centered design tools help us understand these problems, and provide design principles to alleviate them. We describe incentive-centered design and some tools it provides. We provide a number of examples of security problems for which Incentive Centered Design might be helpful. We elaborate with a general screening model that offers strong design principles for a class of security problems.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Martin Abadi , Mike Burrows , Mark Manasse , Ted Wobber, Moderately hard, memory-bound functions, ACM Transactions on Internet Technology (TOIT), v.5 n.2, p.299-327, May 2005 [doi>10.1145/1064340.1064341]
	2	Ross Anderson, Why cryptosystems fail, Proceedings of the 1st ACM conference on Computer and communications security, p.215-227, November 03-05, 1993, Fairfax, Virginia, United States [doi>10.1145/168588.168615]
	3	K. Chellapilla, K. Larson, P. Simard, and M. Czerwinski. Computers beat humans at single character recognition in reading based human interaction proofs (hips). In Conference on Email and Anti-Spam, 2005.
	4	Y. Chen, X. Li, and J. K. MacKie-Mason. Online fund-raising mechanisms: A field experiment. Contributions to Economic Analysis and Policy, 5(2), 2006.
	5	C. Dwork, A. Goldberg, and M. Naor. On memory bound functions for fighting spam. In G. Goos, J. Hartmanis, and J. van Leeuwan, editors, Advances in Cryptology - CRYPTO 2003, number 2729 in Lecture Notes in Computer Science, pages 426--444. Springer-Verlag, 2003.
	6	Cynthia Dwork , Moni Naor, Pricing via Processing or Combatting Junk Mail, Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, p.139-147, August 16-20, 1992
	7	Eran Gabber , Markus Jakobsson , Yossi Matias , Alain J. Mayer, Curbing Junk E-Mail via Secure Classification, Proceedings of the Second International Conference on Financial Cryptography, p.198-213, February 23-25, 1998
	8	Ian Avrum Goldberg , Eric Brewer, A pseudonymous communications infrastructure for the internet, University of California, Berkeley, 2000
	9	J.-J. Laffont and D. Martimort. The Theory of Incentives. Princeton University Press, 2001.
	10	B. Laurie and R. Clayton. Proof of work proves not to work. In Workshop on the Economics of Information Security, 2004.
	11	D. Liu and L. J. Camp. Proof of work can work. Technical report, NET Institute, October 2006. Working Paper No. 06-18.
	12	T. Loder, M. van Alstyne, and R. Wash. An economic response to unsolicited communication. Advances in Economic Analysis and Policy, 6(1), 2006.
	13	J. MacKie-Mason, S. Shenker, and H. Varian. Service architecture and content provision: The network provider as editor. Telecommunications Policy, 20(3), April 1996.
	14	A. Mas-Colell, M. D. Whinston, and J. R. Green. Microeconomic Theory. Oxford University Press, 1995.
	15	R. B. Myerson. Incentive compatibility and the bargaining problem. Econometrica, 47(1):61--74, 1979.
	16	R. Naraine. 'detailed exploit' published for critial windows flaw. eWeek.com, June 26 2006.
	17	R. Naraine. Microsoft's security disclosures come under fire. eWeek.com, April 13 2006.
	18	Vipul Ved Prakash , Adam O'Donnell, Fighting spam with reputation systems, Queue, v.3 n.9, November 2005 [doi>10.1145/1105664.1105677]
	19	The Honeynet Project. Know your enemy: Tracking botnets. Published on the Web.
	20	Jamie Twycross , Matthew M. Williamson, Implementing and testing a virus throttle, Proceedings of the 12th conference on USENIX Security Symposium, p.20-20, August 04-08, 2003, Washington, DC
	21	L. von Ahn, M. Blum, N. Hopper, and J. Langford. Captcha: Using hard AI problems for security. In Proceedings of EUROCRYPT 03, Lecture Notes in Computer Science, 2003.
	22	Luis von Ahn , Laura Dabbish, Labeling images with a computer game, Proceedings of the SIGCHI conference on Human factors in computing systems, p.319-326, April 24-29, 2004, Vienna, Austria [doi>10.1145/985692.985733]