SIAM Journal on Computing
A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Why we can't be bothered to read privacy policies models of privacy economics as a lemons market
ICEC '03 Proceedings of the 5th international conference on Electronic commerce
Privacy in pervasive environments: next generation labeling protocols
Personal and Ubiquitous Computing
Privacy and Rationality in Individual Decision Making
IEEE Security and Privacy
Multicriteria Optimization
Fibonacci Heaps And Their Uses In Improved Network Optimization Algorithms
SFCS '84 Proceedings of the 25th Annual Symposium onFoundations of Computer Science, 1984
The socialbot network: when bots socialize for fame and money
Proceedings of the 27th Annual Computer Security Applications Conference
Hi-index | 0.00 |
Private data is leaked more and more in our society. Wikileaks, Facebook, and identity theft are just three examples. So, modeling privacy is important. Cryptographers do not provide methods to address whether data should remain private or not. The use of entropy does not reflect the cost associated with the loss of private data. In this paper we provide two economic models for privacy. Our first model is a lattice structured extension of attack graphs. Our second model is a stochastic almost combinatorial game, where two or more players can make stochastic moves in an almost combinatorial setup. In both models, a user can decide attempting transitions between states, representing a user's private information, based on multiple criterion including the cost of an attempt, the probability of success, the number of earlier attempts to obtain this private information and (possibly) the available budget. In a variant of our models we use multigraphs. We use this when a transition between two states could be performed in different ways. To reduce the increase in complexity, we introduce a technique converting the multigraph to a simple directed graph. We discuss the advantages and disadvantages of this conversion. We also briefly discuss potential uses of our privacy models.