Skip to main content
Springer Nature Link
Log in

Nudge: Intermediaries’ Role in Interdependent Network Security

  • Conference paper
Trust and Trustworthy Computing (Trust 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6101))

Included in the following conference series:

  • 2479 Accesses

Abstract

By employing an interdependent security game-theoretic framework, we study how individual Internet Service Providers can coordinate the investment decisions of end users to improve the security and trustworthiness of the overall system. We discuss two different forms of intervention: rebates in combination with penalties (pay for outcome) and cost-subsidies (pay for effort).

We thank the anonymous reviewers for their helpful comments to an earlier version of this paper. This work is supported in part by a University of California MICRO project grant in collaboration with DoCoMo USA Labs. This paper is an extended version of a prior abstract contribution [19].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Acquisti, A.: Nudging privacy: The behavioral economics of personal information. IEEE Security & Privacy 7(6), 82–85 (2009)

    Article  Google Scholar 

  2. Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Security & Privacy 3(1), 26–33 (2005)

    Article  Google Scholar 

  3. Anderson, R.: Why information security is hard – An economic perspective. In: Proc. of the 17th Annual Computer Security Applications Conference (ACSAC 2001), New Orleans, LA (December 2001)

    Google Scholar 

  4. Anderson, R., Böhme, R., Clayton, R., Moore, T.: Security economics and European policy. In: Proceedings of WEIS 2008, Hanover, USA (June 2008)

    Google Scholar 

  5. Bandyopadhyay, T., Mookerjee, V., Rao, R.: Why IT managers don’t go for cyber-insurance products. Communications of the ACM 52(11), 68–73 (2009)

    Article  Google Scholar 

  6. Besnard, D., Arief, B.: Computer security impaired by legitimate users. Computers & Security 23(3), 253–264 (2004)

    Article  Google Scholar 

  7. Böhme, R., Kataria, G.: Models and measures for correlation in cyber-insurance. In: Proc. of the Fifth Workshop on the Economics of Information Security (WEIS 2006), Cambridge, UK (June 2006)

    Google Scholar 

  8. Clark, D., Wroclawski, J., Sollins, K., Braden, R.: Tussle in cyberspace: Defining tomorrow’s Internet. In: Proc. of ACM SIGCOMM 2002, Pittsburgh, PA, pp. 347–356 (August 2002)

    Google Scholar 

  9. Clayton, R.: Using early results from the ‘spamHINTS’ project to estimate an ISP Abuse Team’s task. In: Proc. of CEAS 2006, Mountain View, CA (July 2006)

    Google Scholar 

  10. Feamster, N., Gao, L., Rexford, J.: How to lease the Internet in your spare time. ACM SIGCOMM Computer Communications Review 37(1), 61–64 (2007)

    Article  Google Scholar 

  11. Fultz, N., Grossklags, J.: Blue versus red: Towards a model of distributed security attacks. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 167–183. Springer, Heidelberg (February 2009)

    Chapter  Google Scholar 

  12. Gal-Or, E., Ghose, A.: The economic incentives for sharing security information. Information Systems Research 16(2), 186–208 (2005)

    Article  Google Scholar 

  13. Geers, J., Goobic, J. (eds.): Cyber insurance. The CIP Report 6(3), 1–11 (2007)

    Google Scholar 

  14. Gerber, A., Houle, J., Nguyen, H., Roughan, M., Sen, S.: P2P, The gorilla in the cable. In: NCTA 2003 National Show, Chicago, IL (June 2003)

    Google Scholar 

  15. Goeree, J., Holt, C.: Ten little treasures of game theory and ten intuitive contradictions. American Economic Review 91(5), 1402–1422 (2001)

    Google Scholar 

  16. Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of the 2008 World Wide Web Conference (WWW 2008), Beijing, China, pp. 209–218 (April 2008)

    Google Scholar 

  17. Grossklags, J., Christin, N., Chuang, J.: Security and insurance management in networks with heterogeneous agents. In: Proceedings of the 9th ACM Conference on Electronic Commerce (EC 2008), Chicago, IL, pp. 160–169 (July 2008)

    Google Scholar 

  18. Grossklags, J., Johnson, B., Christin, N.: When information improves information security. In: Proceedings of the 2010 Financial Cryptography Conference (FC 2010), Canary Islands, Spain (January 2010)

    Google Scholar 

  19. Grossklags, J., Radosavac, S., Cárdenas, A., Chuang, J.: Nudge: Intermediaries’ role in interdependent network security. In: Proceedings of the 25th Symposium on Applied Computing (SAC), Sierre, Switzerland (March 2010)

    Google Scholar 

  20. Hamman, J., Rick, S., Weber, R.: Solving coordination failure with “all-or-none” group-level incentives. Experimental Economics 10(3), 285–303 (2007)

    Article  MATH  Google Scholar 

  21. Kirk, J.: ISPs report success in fighting malware-infected PCs (June 2009), http://www.pcworld.com/businesscenter/article/166444/isps_report_success_in_fighting_malwareinfected_pcs.html

  22. Mills, E.: Comcast pop-ups alert customers to PC infections. CNet (October 2009), http://news.cnet.com/8301-27080_3-10370996-245.html

  23. Norton, W.: The art of peering: The peering playbook (2002)

    Google Scholar 

  24. Pritchard, W., Wong, K.: Infrastructure software: Latest survey results. Report by Cowen and Company (December 2008)

    Google Scholar 

  25. Singel, R.: Congressman wants to ban download caps. Wired.com (April 2009)

    Google Scholar 

  26. Shrestha, V.: ISP security. In: Tutorial provided at SANOG5 ISP/NSP Security Workshop (February 2005)

    Google Scholar 

  27. Siponen, M.: A conceptual foundation for organizational information security awareness. Information Management & Computer Security 8(1), 31–41 (2000)

    Article  Google Scholar 

  28. Thaler, R., Sunstein, C.: Nudge: Improving Decisions About Health, Wealth, and Happiness. Yale University Press, New Haven (2008)

    Google Scholar 

  29. Twycross, J., Williamson, M.: Implementing and testing a virus throttle. In: Proc. of the 12th USENIX Security Symposium, Washington, DC, pp. 285–294 (August 2003)

    Google Scholar 

  30. van Eeten, M., Bauer, J.M.: Economics of malware: Security decisions, incentives and externalities. In: STI Working Paper (May 2008)

    Google Scholar 

  31. Van Huyck, J., Battallio, R., Beil, R.: Tacit coordination games, strategic uncertainty, and coordination failure. American Economic Review, 80(1):234–248 (1990)

    Google Scholar 

  32. Varian, H.: Managing online security risks. New York Times (June 2000)

    Google Scholar 

  33. Varian, H.: System reliability and free riding. In: Camp, L., Lewis, S. (eds.) Economics of Information Security. Advances in Information Security, vol. 12, pp. 1–15. Kluwer, Dordrecht (2004)

    Chapter  Google Scholar 

  34. Verma, D.: Service level agreements on IP networks. Proceedings of the IEEE 92(9), 1382–1388 (2004)

    Article  Google Scholar 

  35. Williams, C.: BT abandons Phorm: Not looking good for ad tech. The Register (July 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Information Technology Policy, Princeton University,  

    Jens Grossklags

  2. DoCoMo USA Labs, Palo Alto

    Svetlana Radosavac

  3. Fujitsu Laboratories of America, Sunnyvale

    Alvaro A. Cárdenas

  4. School of Information, University of California, Berkeley

    John Chuang

Authors
  1. Jens Grossklags
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Svetlana Radosavac
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alvaro A. Cárdenas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. John Chuang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Heinz College, Carnegie Mellon University, 5000 Forbes Avenue, HBH 2105C, 15213, Pittsburgh, PA, USA

    Alessandro Acquisti

  2. Department of Computer Science, 6211 Sudikoff Laboratory, Dartmouth College, 03755-3510, Hanover, NH, USA

    Sean W. Smith

  3. System Security Lab, Ruhr University Bochum, Universitätsstr. 150, 44780, Bochum, Germany

    Ahmad-Reza Sadeghi

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Grossklags, J., Radosavac, S., Cárdenas, A.A., Chuang, J. (2010). Nudge: Intermediaries’ Role in Interdependent Network Security. In: Acquisti, A., Smith, S.W., Sadeghi, AR. (eds) Trust and Trustworthy Computing. Trust 2010. Lecture Notes in Computer Science, vol 6101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13869-0_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-13869-0_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13868-3

  • Online ISBN: 978-3-642-13869-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics