Jeffrey K. MacKie-Mason

Incentive-Centered Design for Security (Download full paper)

Jeffrey MacKie-Mason

Published on: July, 2009

Using Uncensored Communication Channels to Divert Spam Traffic (Download full paper)

Chiao, Benjamin and MacKie-Mason, Jeffrey K.

Published on: March, 2009

Abstract: We offer a microeconomic model of the two-sided market for the dominant form of spam: bulk, unsolicited, and commercial advertising email. Most most spam is advertising, and thus should be modeled as a problem in the market supply and demand for advertising, rather than the usual approach of modeling spam as pure social cost to be eliminated. We adopt an incentive-centered design approach to develop a simple, feasible improvement to the current email system using an uncensored (open) communication channel. Such a channel could be an email folder or account, to which properly tagged commercial solicitations are routed without any blocking or filtering along the way. We characterize the circumstances under which spammers would voluntarily move much of their spam into the open channel, leaving the traditional email channel dominated by person-to-person, non-spam mail. We show that under certain conditions all email recipients are better o when an open channel is introduced. Only recipients wanting spam will use the open channel enjoying the less disguised messages and cheaper sale prices, and for all recipients the dissatisfaction associated with both undesirable mail received and desirable mail filtered out decreases.

A Social Mechanism for Supporting Home Computer Security (Download full paper)

Rick Wash and Jeffrey K. MacKie-Mason

Published on: October, 2008

Abstract: Hackers have learned to leverage the enormous number of poorly protected home computers by turning them into a large distributed system (known as a botnet), making home computers an important frontier for security research. They present special problems: owners are unophisticated, and usage profiles are varied making onesize-fits-all firewall policies ineffective. We propose a social firewall that collects security decisions and both user and usage characteristics, and provides users with personalized information to assist with allow/deny recommendations. To succeed, a social firewall must deal with at least three user behavior issues: why contribute private information? why make effort to provide quality information? and, how to prevent manipulation by adversaries? We sketch an incentive-centered design approach to each problem. We provide an economic model and some analytic results for a solution to the fundamental problem: why contribute? We show that an excludable public goods mechanism can achieve a better outcome than a system without social motivators.

Security When People Matter: Structuring Incentives for User Behavior (Download full paper)

MacKie-Mason, Jeffrey K. and Wash, Rick

Published on: January, 2007

Abstract: Humans are “smart components” in a system, but cannot be directly programmed to perform; rather, their autonomy must be respected as a design constraint and incentives provided to induce desired behavior. Sometimes these incentives are properly aligned, and the humans don’t represent a vulnerability. But often, a misalignment of incentives causes a weakness in the system that can be exploited by clever attackers. Incentive-centered design tools help us understand these problems, and provide design principles to alleviate them. We describe incentive-centered design and some tools it provides. We provide a number of examples of security problems for which Incentive Centered Design might be helpful. We elaborate with a general screening model that offers strong design principles for a class of security problems.

Incentive-Centered Design for Information Security (Download full paper)

Rick Wash and Jeffrey K. MacKie-Mason

Published on: July, 2006

Abstract: Humans are "smart components" in a system, but cannot be directly programmed to perform; rather, their autonomy must be respected as a design constraint and incentives provided to induce desired behavior. Sometimes these incentives are properly aligned, and the humans don't represent a vulnerability. But often, a misalignment of incentives causes a weakness in the system that can be exploited by clever attackers. Incentive-centered design tools help us understand these problems, and provide design principles to alleviate them. We describe incentive-centered design and some tools it provides. We provide a number of examples of security problems for which incentive- centered design might be helpful. We elaborate with a general screening model that offers strong design principles for a class of security problems.

Online Fund-Raising Mechanisms: A Field Experiment (Download full paper)

Yan Chen, Xin Li, and Jeffrey K. MacKie-Mason

Published on: January, 2006

Abstract: We implemented one of the first web-based online field experiments of fund-raising. We embedded our experiment in the Internet Public Library to test comparatively four mechanisms: Voluntary Contribution (VCM), Premium, Seed Money and Matching. The Premium and Matching mechanisms each generate higher contribution rate than VCM, while the gift size is not significantly different across mechanisms. Because this is one of the earliest embedded, web-based field experiments we report our methodology findings in some detail. Using pop-up windows and asking for non-privacy-invasive geographic information were ineffective as participant assignment techniques. Evidence of desire to donate inferred from participant clickstream data is a poor predictor of actual giving.

The Case for Market-based Push Caching (Download full paper)

MacKie-Mason, Jeffrey K. Chan, Yee Man Womer, Jonathan Jamin, Sugih

Published on: November, 1999

Biased Replacement Policies for Web Caches: Differential Quality-of-Service and Aggregate User Value (Download full paper)

MacKie-Mason, Jeffrey K. Kelly, Terence P. Chan, Yee Man Jamin, Sugih

Published on: January, 1999

Abstract: Disk space in shared Web caches can be diverted to serve some system users at the expense of others. Cache hits reduce server loads, and if servers desire load reduction to different degrees, a replacement policy which prioritizes cache space across servers can provide differential quality-of-service (QoS). We present a simple generalization of least-frequently-used (LFU) replacement that is sensitive to varying levels of server valuation for cache hits. Through trace-driven simulation we show that under a particular assumption about server valuations our algorithm delivers a reasonable QoS relationship: higher byte hit rates for servers that value hits more. We furthermore adopt the economic perspective that value received by system users is a more appropriate performance metric than hit rate or byte hit rate, and demonstrate that our algorithm delivers higher "social welfare" (aggregate value to servers) than LRU or LFU.

Evaluating and Selecting Digital Payment Mechanisms (Download full paper)

MacKie-Mason, Jeffrey K. and Kimberly White

Abstract: The Internet is growing rapidly as a marketplace for the exchange of both tangible and information goods and services. Numerous payment mechanisms suitable for use in this marketplace are in various stages of development. Because their development is so recent, it is difficult for potential participants in electronic commerce to evaluate and select payment mechanisms. We propose a systematic method for evaluating and selecting payment mechanisms. Our selection process typically leads to a solution in a few iterations or less; it is generalizable; and it requires relatively little information about each alternative, reducing the cost of evaluating and selecting payment mechanisms. Researchers and payment mechanism designers are guided on further development by the needs of users who desire particular bundles of characteristics. As a by-product of our analysis, we present a detailed matrix characterizing 10 leading payment systems according to 30 criteria.

Name: Video: Incentive-centered design for user-contributed content (Download artifact)

Released on: March, 2008

Description: Video of presentation to Yahoo! Research, Santa Clara, California

Name: Magazine article: Defending the Net (Download artifact)

Released on: March, 2008

Description: Magazine article about social firewall research, published by Metromode, 6 March 2008

Name: STIET podcast Oct 2007 (Download artifact)

Released on: October, 2007

Description: A podcast interview with Jeff MacKie-Mason and Tom Finholt about the STIET ICD project

Name: STIET movie Oct 2007 (Download artifact)

Released on: October, 2007

Description: A short marketing movie about the STIET ICD research program, prepared by the UM News Service

Name: WJR Detroit webcast STIET interview 20oct2007 (Download artifact)

Released on: October, 2007

Description: WJR's "Internet Advisor" program interviewed me and Wayne State STIET leader Prof. Dan Grosu about the STIET program's research and communication technology.