Skip to main content
SpringerLink
Log in

QoS-T: QoS Throttling to Elicit User Cooperation in Computer Systems

  • Conference paper
Computer Network Security (MMM-ACNS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 6258))

  • 1178 Accesses

Abstract

While there exist strong security concepts and mechanisms, implementation and enforcement of these security measures is a critical concern in the security domain. Normal users, unaware of the implications of their actions, often attempt to bypass or relax the security mechanisms in place, seeking instead increased performance or ease of use. Thus, the human in the loop becomes the weakest link. This shortcoming adds a level of uncertainty unacceptable in highly critical information systems. Merely educating the user to adopt safe security practices is limited in its effectiveness; there is a need to implement a technically sound measure to address the weak human factor across a broad spectrum of systems. In this paper, we present a game theoretic model to elicit user cooperation with the security mechanisms in a system. We argue for a change in the design methodology, where users are persuaded to cooperate with the security mechanisms after suitable feedback. Users are offered incentives in the form of increased Quality of Service (QoS) in terms of application and system level performance increase. User’s motives and their actions are modeled in a game theoretic framework using the class of generalized pursuit-evasion differential games.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. DoD Directive 8500.1, Information Assurance, IA (2002)

    Google Scholar 

  2. Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42, 40–46 (1999)

    Article  Google Scholar 

  3. Brostoff, S., Sasse, M.A.: Safe and Sound: a Safety-Critical Approach to Security. In: Proceedings of the workshop on New security paradigms. ACM Press, Cloudcroft (2001)

    Google Scholar 

  4. Brostoff, S., Sasse, M.A.: Ten strikes and you’re out: Increasing the number of login attempts can improve password usability. In: Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, FL, USA (2003)

    Google Scholar 

  5. CERT, CERT® Advisory CA-2000-04 Love Letter Worm (2005), http://www.cert.org/advisories/CA-2000-04.html

  6. Hinds, C., Ekwueme, C.: Increasing security and usability of computer systems with graphical passwords. In: Proceedings of the 45th annual southeast regional conference. ACM Press, Winston-Salem (2007)

    Google Scholar 

  7. Levin, D.: Punishment in Selfish Wireless Networks: A Game Theoretic Analysis. In: Proceedings of Economics of Networked Systems. NetECON Ann Arbour, Michigan (2006)

    Google Scholar 

  8. Davis, M.: Game Theory: A nontechnical introduction. Dover, New York (1983)

    Google Scholar 

  9. Dourish, P., Grinter, R., Dalal, B., Flor, J.D., Joseph, M.: Security Day-to-Day: User Strategies for Managing Security as an Everyday, Practical Problem, Institute for Software Research, University of California, Irvine (2003)

    Google Scholar 

  10. Bergadano, F., Gunetti, D., Picardi, C.: User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Secur. 5, 367–397 (2002)

    Article  Google Scholar 

  11. Freedman, A.: The Dolichobrachistochrone Game, Differential Games, 107p. John Wiley & Sons, Inc., Chichester (1971)

    Google Scholar 

  12. Freedman, A.: Guarding a Territory, Differential Games, 29p. John Wiley & Sons, Inc., Chichester (1971)

    Google Scholar 

  13. Howard, M.: Browsing the Web and Reading E-mail Safely as an Administrator. In: MSDN (2004)

    Google Scholar 

  14. Irvine, C., Levin, T., Sypropoulou, E., Allen, B.: Security as a Dimension of Quality of Service in Active Service Environments. In: International Workshop on Active Middleware Services, San Francisco, CA (2001)

    Google Scholar 

  15. Irvine, C., Levin, T.: Quality of Security Service. In: Proceedings of the New Security Paradigms Workshop. ACM Press, Ballycotton (2000)

    Google Scholar 

  16. Linn, J.: Generic Security Service Application Program Interface, IETF Request for Comments (1993)

    Google Scholar 

  17. Luce, R.D., Raiffa, H.: Games and Decisions. Dover, New York (1989)

    Google Scholar 

  18. Mahajan, R., Rodrig, M., Wetherall, D., Zahorjan, J.: Experiences applying game theory to system design. In: Proceedings of the ACM SIGCOMM workshop on Practice and Theory of Incentives in Networked Systems. ACM Press, Portland (2004)

    Google Scholar 

  19. McAfeeCorporation, The Enemy Within (2005), http://www.theregister.co.uk/2005/12/15/mcafee_internal_security_survey/

  20. Liu, P., Zang, W., Yu, M.: Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Trans. Inf. Syst. Secur. 8, 78–118 (2005)

    Article  Google Scholar 

  21. Sankaranarayanan, V., Chandresekaran, M., Upadhyaya, S.: Position: The User is the Enemy. In: Proceedings of the New Security Paradigms Workshop, New Hampshire, USA (2007)

    Google Scholar 

  22. Sasse, M.A.: Computer Security: Anatomy of a Usability Disaster, and a Plan for Recovery. In: CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, FL, USA (2003)

    Google Scholar 

  23. Schneier, B.: Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons, Inc., New York (2000)

    Google Scholar 

  24. Somayaji, A., Forrest, S.: Automated Response Using System-Call Delays. In: Usenix Security Symposium (2000)

    Google Scholar 

  25. Stasiukonis, S.: Social Engineering, the USB Way. Dark Reading, Secure Network Technologies Inc. (2006), http://www.darkreading.com/document.asp?doc_id=95556&WT.svl=column1_1

  26. Sturgeon, W.: Proof: Employees don’t care about security, Silicon.com (2006), http://software.silicon.com/security/0,39024655,39156503,00.htm

  27. Tzur, R.: SandboxIE (2006), http://www.sandboxie.com/

  28. Sankaranarayanan, V., Upadhyaya, S.: A Trust Assignment Model based on Alternate Actions Payoff. In: Stølen, K., Winsborough, W.H., Martinelli, F., Massacci, F. (eds.) iTrust 2006. LNCS, vol. 3986, pp. 339–353. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  29. Weirich, D., Sasse, M.A.: Pretty good persuasion: a first step towards effective password security in the real world. In: Proceedings of New Security Paradigms Workshop. ACM Press, Cloudcroft (2001)

    Google Scholar 

  30. Whitten, A., Tygar, J.D.: Safe staging for computer security. In: HCI and Security Systems Workshop, CHI, Ft. Lauderdale, Florida (2003)

    Google Scholar 

  31. Xia, H., Brustoloni, J.C.: Hardening Web browsers against man-in-the-middle and eavesdropping attacks. In: Proceedings of the 14th international conference on World Wide Web. ACM Press, Chiba (2005)

    Google Scholar 

  32. Wall Street Journal: Data Breaches Surpass 2007 Level, But Businesses Rarely Are Penalized (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft, Microsoft Way, Redmond, WA, 98052

    Vidyaraman Sankaranarayanan

  2. Dept. of CSE, SUNY @ Buffalo, Buffalo, NY, 14260

    Shambhu Upadhyaya

  3. Air Force Research Laboratory, 525 Brooks Road, Rome, NY, 13441

    Kevin Kwiat

Authors
  1. Vidyaraman Sankaranarayanan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shambhu Upadhyaya
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kevin Kwiat
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Security Research Group, St. Petersburg Institute for Informatics and Automation, 39, 14 Liniya, 199178, St.-Petersburg, Russia

    Igor Kotenko

  2. US Air Force, Binghamton University (SUNYI), 13902, Binghamton, NY, USA

    Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sankaranarayanan, V., Upadhyaya, S., Kwiat, K. (2010). QoS-T: QoS Throttling to Elicit User Cooperation in Computer Systems. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2010. Lecture Notes in Computer Science, vol 6258. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14706-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14706-7_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14705-0

  • Online ISBN: 978-3-642-14706-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation