Security When People Matter: Structuring Incentives for User Behavior

International Conference on Electronic Commerce, August 2007

Posted: 14 Oct 2007  

Rick Wash

University of Michigan at Ann Arbor - School of Information

Jeffrey K. MacKie-Mason

University of Michigan

Abstract

Humans are "smart components" in a system, but cannot be directly programmed to perform; rather, their autonomymust be respected as a design constraint and incentivesprovided to induce desired behavior. Sometimes these incentives are properly aligned, and the humans don't represent a vulnerability. But often, a misalignment of incentives causes a weakness in the system that can be exploited by clever attackers. Incentive-centered design tools help us understand these problems, and provide design principles to alleviate them. We describe incentive-centered design and some tools it provides. We provide a number of examples of security problems for which Incentive Centered Design might be helpful. We elaborate with a general screening model that offers strong design principles for a class of security problems.

Suggested Citation

Wash, Rick and MacKie-Mason, Jeffrey K., Security When People Matter: Structuring Incentives for User Behavior. International Conference on Electronic Commerce, August 2007. Available at SSRN: https://ssrn.com/abstract=1019799

Richard Wash (Contact Author)

University of Michigan at Ann Arbor - School of Information ( email )

304 West Hall
550 East University
Ann Arbor, MI 48109-1092
United States

Jeffrey K. MacKie-Mason

University of Michigan ( email )

3246B SI North
1075 Beal Ave.
Ann Arbor, MI 48109-1092
United States
734-647-4856 (Phone)
734-764-1555 (Fax)

HOME PAGE: http://www-personal.umich.edu/~jmm/

Paper statistics

Abstract Views
104