Incentives and Information Security

Ross Anderson; Tyler Moore; Shishir Nagaraja; Andy Ozment

Incentives and Information Security

Ross Anderson, Tyler Moore, Shishir Nagaraja, Andy Ozment

Research output: Chapter in Book/Report/Conference proceeding › Chapter (peer-reviewed) › peer-review

Abstract

Many interesting and important new applications of game theory have been discovered over the past 5 years in the context of research into the economics of information security. Many systems fail not ultimately for technical reasons but because incentives are wrong. For example, the people who guard a system often are not the people who suffer the full costs of failure, and as a result they make less effort than would be socially optimal. Some aspects of information security are public goods, like clean air or water; externalities often decide which security products succeed in the marketplace; and some information risks are not insurable because they are correlated in ways that cause insurance markets to fail.

Deeper applications of game-theoretic ideas can be found in the games of incomplete information that occur when critical information, such as about software quality or defender efforts, is hidden from some principals. An interesting application lies in the analysis of distributed system architectures; it took several years of experimentation for designers of peer-to-peer systems to understand incentive issues that we can now analyze reasonably well. Evolutionary game theory has recently allowed us to tie together a number of ideas from network analysis and elsewhere to explain why basing peer-to-peer systems on rings is a bad idea, and why revolutionaries use cells instead. The economics of distributed systems looks like being a very fruitful field of research.

Original language	English
Title of host publication	Algorithmic Game Theory
Editors	Noam Nisan, Tim Roughgarden, Eva Tardos, Vijay V. Vazirani
Publisher	Cambridge University Press
Chapter	25
Pages	633-649
Number of pages	18
ISBN (Electronic)	978-0-511-35294-2
ISBN (Print)	978-0-521-87282-9
Publication status	Published - 1 Dec 2007

Access to Document

https://www.cl.cam.ac.uk/~rja14/Papers/book-chapter-agt-1.pdfLicence: Creative Commons: Attribution No Derivatives (CC-BY-ND)

Cite this

@inbook{7e7eb6f35ede424f92e5bc5d0a515dc1,

title = "Incentives and Information Security",

abstract = "Many interesting and important new applications of game theory have been discovered over the past 5 years in the context of research into the economics of information security. Many systems fail not ultimately for technical reasons but because incentives are wrong. For example, the people who guard a system often are not the people who suffer the full costs of failure, and as a result they make less effort than would be socially optimal. Some aspects of information security are public goods, like clean air or water; externalities often decide which security products succeed in the marketplace; and some information risks are not insurable because they are correlated in ways that cause insurance markets to fail. Deeper applications of game-theoretic ideas can be found in the games of incomplete information that occur when critical information, such as about software quality or defender efforts, is hidden from some principals. An interesting application lies in the analysis of distributed system architectures; it took several years of experimentation for designers of peer-to-peer systems to understand incentive issues that we can now analyze reasonably well. Evolutionary game theory has recently allowed us to tie together a number of ideas from network analysis and elsewhere to explain why basing peer-to-peer systems on rings is a bad idea, and why revolutionaries use cells instead. The economics of distributed systems looks like being a very fruitful field of research.",

author = "Ross Anderson and Tyler Moore and Shishir Nagaraja and Andy Ozment",

year = "2007",

month = dec,

day = "1",

language = "English",

isbn = "978-0-521-87282-9",

pages = "633--649",

editor = "Noam Nisan and Tim Roughgarden and Eva Tardos and Vazirani, {Vijay V. }",

booktitle = "Algorithmic Game Theory",

publisher = "Cambridge University Press",

address = "United States",

}

TY - CHAP

T1 - Incentives and Information Security

AU - Anderson, Ross

AU - Moore, Tyler

AU - Nagaraja, Shishir

AU - Ozment, Andy

PY - 2007/12/1

Y1 - 2007/12/1

N2 - Many interesting and important new applications of game theory have been discovered over the past 5 years in the context of research into the economics of information security. Many systems fail not ultimately for technical reasons but because incentives are wrong. For example, the people who guard a system often are not the people who suffer the full costs of failure, and as a result they make less effort than would be socially optimal. Some aspects of information security are public goods, like clean air or water; externalities often decide which security products succeed in the marketplace; and some information risks are not insurable because they are correlated in ways that cause insurance markets to fail. Deeper applications of game-theoretic ideas can be found in the games of incomplete information that occur when critical information, such as about software quality or defender efforts, is hidden from some principals. An interesting application lies in the analysis of distributed system architectures; it took several years of experimentation for designers of peer-to-peer systems to understand incentive issues that we can now analyze reasonably well. Evolutionary game theory has recently allowed us to tie together a number of ideas from network analysis and elsewhere to explain why basing peer-to-peer systems on rings is a bad idea, and why revolutionaries use cells instead. The economics of distributed systems looks like being a very fruitful field of research.

AB - Many interesting and important new applications of game theory have been discovered over the past 5 years in the context of research into the economics of information security. Many systems fail not ultimately for technical reasons but because incentives are wrong. For example, the people who guard a system often are not the people who suffer the full costs of failure, and as a result they make less effort than would be socially optimal. Some aspects of information security are public goods, like clean air or water; externalities often decide which security products succeed in the marketplace; and some information risks are not insurable because they are correlated in ways that cause insurance markets to fail. Deeper applications of game-theoretic ideas can be found in the games of incomplete information that occur when critical information, such as about software quality or defender efforts, is hidden from some principals. An interesting application lies in the analysis of distributed system architectures; it took several years of experimentation for designers of peer-to-peer systems to understand incentive issues that we can now analyze reasonably well. Evolutionary game theory has recently allowed us to tie together a number of ideas from network analysis and elsewhere to explain why basing peer-to-peer systems on rings is a bad idea, and why revolutionaries use cells instead. The economics of distributed systems looks like being a very fruitful field of research.

UR - https://www.cambridge.org/gb/academic/subjects/computer-science/algorithmics-complexity-computer-algebra-and-computational-g/algorithmic-game-theory?format=AR

M3 - Chapter (peer-reviewed)

SN - 978-0-521-87282-9

SP - 633

EP - 649

BT - Algorithmic Game Theory

A2 - Nisan, Noam

A2 - Roughgarden, Tim

A2 - Tardos, Eva

A2 - Vazirani, Vijay V.

PB - Cambridge University Press

ER -

Incentives and Information Security

Abstract

Access to Document

Other files and links

Fingerprint

Cite this