Economics of malware: epidemic risks model, network externalities and incentives
Allerton'09 Proceedings of the 47th annual Allerton conference on Communication, control, and computing
Uncertainty in interdependent security games
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
A learning-based approach to reactive security
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Security of interdependent and identical networked control systems
Automatica (Journal of IFAC)
Game theory meets network security and privacy
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
In various settings, such as when customers use the same passwords at several independent web sites, security decisions by one organization may have a significant impact on the security of another. We develop a model for security decision-making in such settings, using a variation of linear influence networks. The linear influence model uses a matrix to represent linear dependence between security investment at one organization and resulting security at another, and utility functions to measure the overall benefit to each organization. A simple matrix condition implies the existence and uniqueness of Nash equilibria, which can be reached by a natural iterative algorithm. A free-riding index, expressible using quantities computed in this model, measures the degree to which one organization can potentially reduce its security investment and benefit from investments of others. We apply this framework to investigate three examples: web site security with shared passwords, customer education against phishing and identity theft, and anti-spam email filters. While we do not have sufficient quantitative data to draw quantitative conclusions about any of these situations, the model provides qualitative information about each example.