Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information

  • Benjamin Johnson
  • Jens Grossklags
  • Nicolas Christin
  • John Chuang
Conference paper

DOI: 10.1007/978-3-642-15497-3_36

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6345)
Cite this paper as:
Johnson B., Grossklags J., Christin N., Chuang J. (2010) Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information. In: Gritzalis D., Preneel B., Theoharidou M. (eds) Computer Security – ESORICS 2010. ESORICS 2010. Lecture Notes in Computer Science, vol 6345. Springer, Berlin, Heidelberg

Abstract

A common assumption in security research is that more individual expertise unambiguously leads to a more secure overall network. We present a game-theoretic model in which this common assumption does not hold. Our findings indicate that expert users can be not only invaluable contributors, but also free-riders, defectors, and narcissistic opportunists. A direct application is that user education needs to highlight the cooperative nature of security, and foster the community sense, in particular, of higher skilled computer users.

As a technical contribution, this paper represents, to our knowledge, the first formal study to quantitatively assess the impact of different degrees of information security expertise on the overall security of a network.

Keywords

Security Economics Game Theory Bounded Rationality Limited Information 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Benjamin Johnson
    • 1
  • Jens Grossklags
    • 2
  • Nicolas Christin
    • 1
  • John Chuang
    • 3
  1. 1.CyLabCarnegie Mellon University 
  2. 2.Center for Information Technology PolicyPrinceton University 
  3. 3.School of InformationUniversity of CaliforniaBerkeley

Personalised recommendations