Incentive-Centered Design in Information Security

ACM First Conference on Computers and Communications Security, 1993

6 Pages Posted: 26 Mar 2007 Last revised: 23 Jul 2013

See all articles by Jeffrey K. MacKie-Mason

Jeffrey K. MacKie-Mason

UC Berkeley; University of Michigan

Rick Wash

University of Michigan at Ann Arbor - School of Information

Date Written: 1993

Abstract

Humans are smart components in a system, but cannot be directly programmed to perform; rather, their autonomy must be respected as a design constraint and incentives provided to induce desired behavior. Sometimes these incentives are properly aligned, and the humans don't represent a vulnerability. But often, a misalignment of incentives causes a weakness in the system that can be exploited by clever attackers. Incentive-centered design tools help us understand these problems, and provide design principles to alleviate them. We describe incentive-centered design and some tools it provides. We provide a number of examples of security problems for which incentive- centered design might be helpful. We elaborate with a general screening model that offers strong design principles for a class of security problems.

Suggested Citation

MacKie-Mason, Jeffrey K. and Wash, Richard, Incentive-Centered Design in Information Security (1993). ACM First Conference on Computers and Communications Security, 1993 , Available at SSRN: https://ssrn.com/abstract=973996

Jeffrey K. MacKie-Mason (Contact Author)

UC Berkeley ( email )

102 South Hall
Berkeley, CA 94720-4600
United States

HOME PAGE: http://jeff-mason.com

University of Michigan ( email )

Ann Arbor, MI 48109-1092
United States

HOME PAGE: http://http:/jeff-mason.com/

Richard Wash

University of Michigan at Ann Arbor - School of Information ( email )

304 West Hall
550 East University
Ann Arbor, MI 48109-1092
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
51
Abstract Views
813
rank
515,042
PlumX Metrics