Incentives and information security

Ross Anderson, Tyler Moore, Shishir Nagaraja, Andy Ozment

Research output: Chapter in Book/Report/Conference proceedingChapter

13 Citations (Scopus)

Abstract

Many interesting and important new applications of game theory have been discovered over the past 7 years in the context of research into the economics of information security. Many systems fail not ultimately for technical reasons but because incentives are wrong. For example, the people who guard a system often are not the people who suffer the full costs of failure, and as a result they make less effort than would be socially optimal. Some aspects of information security are public goods, like clean air or water; externalities often decide which security products succeed in the marketplace; and some information risks are not insurable because they are correlated in ways that cause insurance markets to fail. Deeper applications of game-theoretic ideas can be found in the games of incomplete information that occur when critical information, such as about software quality or defender efforts, is hidden from some principals. An interesting application lies in the analysis of distributed system architectures; it took several years of experimentation for designers of peer-to-peer systems to understand incentive issues that we can now analyze reasonably well. Evolutionary game theory has recently allowed us to tie together a number of ideas from network analysis and elsewhere to explain why basing peer-to-peer systems on rings is a bad idea, and why revolutionaries use cells instead. The economics of distributed systems looks like being a very fruitful field of research.

Original languageEnglish
Title of host publicationAlgorithmic Game Theory
EditorsNoam Nisan, Tim Roughgarden, Eva Tardos, Vijay V. Vazirani
Place of PublicationCambridge
Chapter25
Pages633-650
Number of pages18
DOIs
Publication statusPublished - 31 Dec 2007

Fingerprint

Security of data
Game theory
Economics
Insurance
Electric network analysis
Air
Costs
Water

Keywords

  • game theory
  • information security
  • incentive

Cite this

Anderson, R., Moore, T., Nagaraja, S., & Ozment, A. (2007). Incentives and information security. In N. Nisan, T. Roughgarden, E. Tardos, & V. V. Vazirani (Eds.), Algorithmic Game Theory (pp. 633-650). Cambridge. https://doi.org/10.1017/CBO9780511800481.027
Anderson, Ross ; Moore, Tyler ; Nagaraja, Shishir ; Ozment, Andy. / Incentives and information security. Algorithmic Game Theory. editor / Noam Nisan ; Tim Roughgarden ; Eva Tardos ; Vijay V. Vazirani. Cambridge, 2007. pp. 633-650
@inbook{e806872ab0c147bea8f432f418824be6,
title = "Incentives and information security",
abstract = "Many interesting and important new applications of game theory have been discovered over the past 7 years in the context of research into the economics of information security. Many systems fail not ultimately for technical reasons but because incentives are wrong. For example, the people who guard a system often are not the people who suffer the full costs of failure, and as a result they make less effort than would be socially optimal. Some aspects of information security are public goods, like clean air or water; externalities often decide which security products succeed in the marketplace; and some information risks are not insurable because they are correlated in ways that cause insurance markets to fail. Deeper applications of game-theoretic ideas can be found in the games of incomplete information that occur when critical information, such as about software quality or defender efforts, is hidden from some principals. An interesting application lies in the analysis of distributed system architectures; it took several years of experimentation for designers of peer-to-peer systems to understand incentive issues that we can now analyze reasonably well. Evolutionary game theory has recently allowed us to tie together a number of ideas from network analysis and elsewhere to explain why basing peer-to-peer systems on rings is a bad idea, and why revolutionaries use cells instead. The economics of distributed systems looks like being a very fruitful field of research.",
keywords = "game theory, information security, incentive",
author = "Ross Anderson and Tyler Moore and Shishir Nagaraja and Andy Ozment",
year = "2007",
month = "12",
day = "31",
doi = "10.1017/CBO9780511800481.027",
language = "English",
isbn = "9780521872829",
pages = "633--650",
editor = "Noam Nisan and Tim Roughgarden and Eva Tardos and Vazirani, {Vijay V.}",
booktitle = "Algorithmic Game Theory",

}

Anderson, R, Moore, T, Nagaraja, S & Ozment, A 2007, Incentives and information security. in N Nisan, T Roughgarden, E Tardos & VV Vazirani (eds), Algorithmic Game Theory. Cambridge, pp. 633-650. https://doi.org/10.1017/CBO9780511800481.027

Incentives and information security. / Anderson, Ross; Moore, Tyler; Nagaraja, Shishir; Ozment, Andy.

Algorithmic Game Theory. ed. / Noam Nisan; Tim Roughgarden; Eva Tardos; Vijay V. Vazirani. Cambridge, 2007. p. 633-650.

Research output: Chapter in Book/Report/Conference proceedingChapter

TY - CHAP

T1 - Incentives and information security

AU - Anderson, Ross

AU - Moore, Tyler

AU - Nagaraja, Shishir

AU - Ozment, Andy

PY - 2007/12/31

Y1 - 2007/12/31

N2 - Many interesting and important new applications of game theory have been discovered over the past 7 years in the context of research into the economics of information security. Many systems fail not ultimately for technical reasons but because incentives are wrong. For example, the people who guard a system often are not the people who suffer the full costs of failure, and as a result they make less effort than would be socially optimal. Some aspects of information security are public goods, like clean air or water; externalities often decide which security products succeed in the marketplace; and some information risks are not insurable because they are correlated in ways that cause insurance markets to fail. Deeper applications of game-theoretic ideas can be found in the games of incomplete information that occur when critical information, such as about software quality or defender efforts, is hidden from some principals. An interesting application lies in the analysis of distributed system architectures; it took several years of experimentation for designers of peer-to-peer systems to understand incentive issues that we can now analyze reasonably well. Evolutionary game theory has recently allowed us to tie together a number of ideas from network analysis and elsewhere to explain why basing peer-to-peer systems on rings is a bad idea, and why revolutionaries use cells instead. The economics of distributed systems looks like being a very fruitful field of research.

AB - Many interesting and important new applications of game theory have been discovered over the past 7 years in the context of research into the economics of information security. Many systems fail not ultimately for technical reasons but because incentives are wrong. For example, the people who guard a system often are not the people who suffer the full costs of failure, and as a result they make less effort than would be socially optimal. Some aspects of information security are public goods, like clean air or water; externalities often decide which security products succeed in the marketplace; and some information risks are not insurable because they are correlated in ways that cause insurance markets to fail. Deeper applications of game-theoretic ideas can be found in the games of incomplete information that occur when critical information, such as about software quality or defender efforts, is hidden from some principals. An interesting application lies in the analysis of distributed system architectures; it took several years of experimentation for designers of peer-to-peer systems to understand incentive issues that we can now analyze reasonably well. Evolutionary game theory has recently allowed us to tie together a number of ideas from network analysis and elsewhere to explain why basing peer-to-peer systems on rings is a bad idea, and why revolutionaries use cells instead. The economics of distributed systems looks like being a very fruitful field of research.

KW - game theory

KW - information security

KW - incentive

UR - http://www.scopus.com/inward/record.url?scp=84926093593&partnerID=8YFLogxK

UR - https://www.cambridge.org/gb/academic/subjects/computer-science/algorithmics-complexity-computer-algebra-and-computational-g/algorithmic-game-theory?format=HB&isbn=9780521872829

U2 - 10.1017/CBO9780511800481.027

DO - 10.1017/CBO9780511800481.027

M3 - Chapter

SN - 9780521872829

SN - 9780511800481

SP - 633

EP - 650

BT - Algorithmic Game Theory

A2 - Nisan, Noam

A2 - Roughgarden, Tim

A2 - Tardos, Eva

A2 - Vazirani, Vijay V.

CY - Cambridge

ER -

Anderson R, Moore T, Nagaraja S, Ozment A. Incentives and information security. In Nisan N, Roughgarden T, Tardos E, Vazirani VV, editors, Algorithmic Game Theory. Cambridge. 2007. p. 633-650 https://doi.org/10.1017/CBO9780511800481.027