Computer Security – ESORICS 2010

Volume 6345 of the series Lecture Notes in Computer Science pp 588-606

Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information

  • Benjamin JohnsonAffiliated withCyLab, Carnegie Mellon University
  • , Jens GrossklagsAffiliated withCenter for Information Technology Policy, Princeton University
  • , Nicolas ChristinAffiliated withCyLab, Carnegie Mellon University
  • , John ChuangAffiliated withSchool of Information, University of California

* Final gross prices may vary according to local VAT.

Get Access


A common assumption in security research is that more individual expertise unambiguously leads to a more secure overall network. We present a game-theoretic model in which this common assumption does not hold. Our findings indicate that expert users can be not only invaluable contributors, but also free-riders, defectors, and narcissistic opportunists. A direct application is that user education needs to highlight the cooperative nature of security, and foster the community sense, in particular, of higher skilled computer users.

As a technical contribution, this paper represents, to our knowledge, the first formal study to quantitatively assess the impact of different degrees of information security expertise on the overall security of a network.


Security Economics Game Theory Bounded Rationality Limited Information