CT-ER: Incentive-Centered Technology Design for Home User Security
Regents Of The University Of Michigan - Ann Arbor, Ann Arbor MI
Investigators
Abstract
Abstract: Home computer security is a daunting problem. Hackers gain control over millions of home machines to build �botnets�. The social costs are enormous because bots are used to attack millions of other machines.�� Botnets are now responsible for over 80% of spam, and increasing criminal activity including extortion and information theft.�� Home computers are more vulnerable than necessary because users are insufficiently motivated to install and maintain best current security software. The weakest link in security often is the user, not the technology. � This project focuses on users of security technology. It relies on the novel, multi-disciplinary approach of incentive-centered design (ICD), which draws on game theory, microeconomics and social psychology. Technology ICD often addresses problems of hidden information, hidden action, and externalities. Botnets exhibit these: intruders know more about the purpose of their intrusion than do the computer�s owners; users are cajoled to take precautions but their actual effort is not directly observable; and the costs of poor home security are borne more by others (who suffer from bot attacks) than by the owner of the compromised machine (a negative externality). This project will identify the underlying incentives problems, use the ICD design toolkit to build security technology that provides effective incentives for improved user behavior, and test the designs in human-subject experiments and/or field implementations. � Combining technical and social design techniques to create pragmatic security technology that respects user motivations and induces more effective behavior can have a major effect on this pernicious and socially costly
View original record on NSF Award Search →