NotesFAQContact Us
Search Tips
ERIC Number: ED527235
Record Type: Non-Journal
Publication Date: 2009
Pages: 244
Abstractor: As Provided
Reference Count: 0
ISBN: ISBN-978-1-1240-3582-6
Secure or Insure: An Economic Analysis of Security Interdependencies and Investment Types
Grossklags, Jens
ProQuest LLC, Ph.D. Dissertation, University of California, Berkeley
Computer users express a strong desire to prevent attacks, and to reduce the losses from computer and information security breaches. However, despite the widespread availability of various technologies, actual investments in security remain highly variable across the Internet population. As a result, attacks such as distributed denial-of-service and spam distribution continue to spread unabated. Users may struggle to respond vigorously because the effectiveness of security decisions is subject to strong interdependencies in a network, and different types of threats. In this dissertation, we address this complexity by analyzing investment decision-making in a unified framework of established games (i.e., weakest-link, best shot, and total effort) and novel games (e.g., weakest-target). We examine how incentives shift between investment opportunities in a cooperative good (protection) and a private good (self-insurance), subject to factors such as network size, type of attack, loss probability, loss magnitude, and cost of technology. We capture security weaknesses due to monocultures by analyzing decision-making for an economy of homogeneous, selfish and fully rational agents under complete information. We compare our analysis to the case of heterogeneous users modeling efforts for security diversity. The findings highlight circumstances where poorly aligned incentives lead to security failures, and how interventions may be helpful. Extending our analysis and relaxing assumptions on individuals' rationality, we consider the case of a single rational expert agent in an economy of nearsighted agents that under-appreciate the effect of security interdependencies. We further measure the value of information availability in the security context. Specifically, we introduce the "price of uncertainty" metric that quantifies the maximum discrepancy between the total expected payoffs for different information conditions. By evaluating the metric in different inter-dependency scenarios, we can determine which configurations can better accommodate limited information environments. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page:]
ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site:
Publication Type: Dissertations/Theses - Doctoral Dissertations
Education Level: N/A
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A