Incentive-Centered Design for Information Security
(Download full paper)Filed under research category: Information application design
Tagged as: incentive-centered_design information_security
Authors
Rick Wash and Jeffrey K. MacKie-Mason
Publication date
July, 2006
Abstract
Humans are "smart components" in a system, but cannot be directly programmed to perform; rather, their autonomy must be respected as a design constraint and incentives provided to induce desired behavior. Sometimes these incentives are properly aligned, and the humans don't represent a vulnerability. But often, a misalignment of incentives causes a weakness in the system that can be exploited by clever attackers. Incentive-centered design tools help us understand these problems, and provide design principles to alleviate them. We describe incentive-centered design and some tools it provides. We provide a number of examples of security problems for which incentive- centered design might be helpful. We elaborate with a general screening model that offers strong design principles for a class of security problems.
Citation
USENIX Hot Topics in Security (HotSec 06), Vancouver, BC, 31 July 2006.