Communications of the ACM
Proceedings of the 2000 workshop on New security paradigms
Safe and sound: a safety-critical approach to security
Proceedings of the 2001 workshop on New security paradigms
Pretty good persuasion: a first step towards effective password security in the real world
Proceedings of the 2001 workshop on New security paradigms
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
User authentication through keystroke dynamics
ACM Transactions on Information and System Security (TISSEC)
Security as a Dimension of Quality of Service in Active Service Environments
AMS '01 Proceedings of the Third Annual International Workshop on Active Middleware Services
Experiences applying game theory to system design
Proceedings of the ACM SIGCOMM workshop on Practice and theory of incentives in networked systems
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
Hardening Web browsers against man-in-the-middle and eavesdropping attacks
WWW '05 Proceedings of the 14th international conference on World Wide Web
Increasing security and usability of computer systems with graphical passwords
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Automated response using system-call delays
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Position: the user is the enemy
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
A trust assignment model based on alternate actions payoff
iTrust'06 Proceedings of the 4th international conference on Trust Management
Hi-index | 0.00 |
While there exist strong security concepts and mechanisms, implementation and enforcement of these security measures is a critical concern in the security domain. Normal users, unaware of the implications of their actions, often attempt to bypass or relax the security mechanisms in place, seeking instead increased performance or ease of use. Thus, the human in the loop becomes the weakest link. This shortcoming adds a level of uncertainty unacceptable in highly critical information systems. Merely educating the user to adopt safe security practices is limited in its effectiveness; there is a need to implement a technically sound measure to address the weak human factor across a broad spectrum of systems. In this paper, we present a game theoretic model to elicit user cooperation with the security mechanisms in a system. We argue for a change in the design methodology, where users are persuaded to cooperate with the security mechanisms after suitable feedback. Users are offered incentives in the form of increased Quality of Service (QoS) in terms of application and system level performance increase. User's motives and their actions are modeled in a game theoretic framework using the class of generalized pursuit-evasion differential games.