Your search keyword '"Jens Grossklags"' showing total 45 results

1. Privacy-Preserving High-dimensional Data Collection with Federated Generative Autoencoder

Author

Jens Grossklags, Xuebing Zhou, and Xue Jiang

Subjects

Clustering high-dimensional data, Ethics, federated learning, generative models, Computer science, business.industry, QA75.5-76.95, Machine learning, computer.software_genre, BJ1-1725, Autoencoder, local differential privacy, Privacy preserving, Electronic computers. Computer science, General Earth and Planetary Sciences, Artificial intelligence, business, computer, high-dimensional data collection, Generative grammar, General Environmental Science

Abstract

Business intelligence and AI services often involve the collection of copious amounts of multidimensional personal data. Since these data usually contain sensitive information of individuals, the direct collection can lead to privacy violations. Local differential privacy (LDP) is currently considered a state-ofthe-art solution for privacy-preserving data collection. However, existing LDP algorithms are not applicable to high-dimensional data; not only because of the increase in computation and communication cost, but also poor data utility.In this paper, we aim at addressing thecurse-of-dimensionalityproblem in LDP-based high-dimensional data collection. Based on the idea of machine learning and data synthesis, we propose DP-Fed-Wae, an efficient privacy-preserving framework for collecting high-dimensional categorical data. With the combination of a generative autoencoder, federated learning, and differential privacy, our framework is capable of privately learning the statistical distributions of local data and generating high utility synthetic data on the server side without revealing users’ private information. We have evaluated the framework in terms of data utility and privacy protection on a number of real-world datasets containing 68–124 classification attributes. We show that our framework outperforms the LDP-based baseline algorithms in capturing joint distributions and correlations of attributes and generating high-utility synthetic data. With a local privacy guarantee ∈ = 8, the machine learning models trained with the synthetic data generated by the baseline algorithm cause an accuracy loss of 10% ~ 30%, whereas the accuracy loss is significantly reduced to less than 3% and at best even less than 1% with our framework. Extensive experimental results demonstrate the capability and efficiency of our framework in synthesizing high-dimensional data while striking a satisfactory utility-privacy balance.

Published

2022

2. Integrating Cybersecurity and Artificial Intelligence Research in Engineering and Computer Science Education

Author

Bill Newhouse, Fariborz Farahmand, Jens Grossklags, and Jelena Mirkovic

Subjects

ComputingMilieux_THECOMPUTINGPROFESSION, Computer Networks and Communications, Ai education, business.industry, Computer science, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Computer security, computer.software_genre, GeneralLiterature_MISCELLANEOUS, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, ComputingMilieux_COMPUTERSANDEDUCATION, Undergraduate engineering, Artificial intelligence, Electrical and Electronic Engineering, business, Law, computer

Abstract

We summarize integrating cybersecurity and artificial intelligence (AI) research in cybersecurity education and implementing a module in an existing noncybersecurity undergraduate engineering course. This initiative will drive the broader community to focus on the convergence of cybersecurity and AI education.

Published

2021

3. Data Portability between Online Services: An Empirical Analysis on the Effectiveness of GDPR Art. 20

Author

Johann Kranz, Stefan Mager, Jens Grossklags, Sophie Kuebler-Wachendorff, Paul Pizzinini, and Emmanuel Syrmoudis

Subjects

Ethics, privacy regulation, general data protection regulation (gdpr), Multimedia, Computer science, 05 social sciences, competition between online services, QA75.5-76.95, 02 engineering and technology, BJ1-1725, computer.software_genre, Electronic computers. Computer science, 020204 information systems, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, data portability, data controller, 050207 economics, Data portability, computer, data economy, consumer rights, switching costs, General Environmental Science

Abstract

Data portability regulation has promised that individuals will be easily able to transfer their personal data between online service providers. Yet, after more than two years of an active privacy regulation regime in the European Union, this promise is far from being fulfilled. Given the lack of a functioning infrastructure for direct data portability between multiple providers, we investigate in our study how easily an individual could currently make use of an indirect data transfer between providers. We define such porting as a two-step transfer: firstly, requesting a data export from one provider, followed secondly by the import of the obtained data to another provider. To answer this question, we examine the data export practices of 182 online services, including the top one hundred visited websites in Germany according to the Alexa ranking, as well as their data import capabilities. Our main results show that high-ranking services, which primarily represent incumbents of key online markets, provide significantly larger data export scope and increased import possibilities than their lower-ranking competitors. Moreover, they establish more thorough authentication of individuals before export. These first empirical results challenge the theoretical literature on data portability, according to which, it would be expected that incumbents only complied with the minimal possible export scope in order to not lose exclusive consumer data to market competitors free-of-charge. We attribute the practices of incumbents observed in our study to the absence of an infrastructure realizing direct data portability.

Published

2021

4. Method Confusion Attack on Bluetooth Pairing

Author

Ludwig Peuckert, Jens Grossklags, Fabian Franzen, and Maximilian von Tschirschnitz

Subjects

Authentication, business.industry, Computer science, Encryption, Computer security, computer.software_genre, law.invention, Bluetooth, Smartwatch, law, Proof of concept, Pairing, Wireless, Trust on first use, business, computer

Abstract

Bluetooth provides encryption, authentication, and integrity protection of its connections. These protection mechanisms require that Bluetooth devices initially establish trust on first use through a process called pairing. Throughout this process, multiple alternative pairing methods are supported.In this paper, we describe a design flaw in the pairing mechanism of Bluetooth. This flaw permits two devices to perform pairing using differing methods. While successfully interacting with each other, the devices are not aware of the Method Confusion. We explain how an attacker can cause and abuse this Method Confusion to mount a Method Confusion Attack. In contrast to other attacks targeting the pairing method, our attack applies even in Bluetooth’s highest security mode and cannot be mitigated in the protocol. Through the Method Confusion Attack, an adversary can infiltrate the secured connection between the victims and intercept all traffic.Our attack is successful in practically relevant scenarios. We implemented it as an end-to-end Proof of Concept for Bluetooth Low Energy and tested it with off-the-shelf smartphones, a smartwatch and a banking device. Furthermore, we performed a user study where none of the 40 participants noticed the ongoing attack, and 37 (92.5%) of the users completed the pairing process. Finally, we propose changes to the Bluetooth specification that immunize it against our attack.

Published

2021

5. ρFEM: Efficient Backward-edge Protection Using Reversed Forward-edge Mappings

Author

Jens Grossklags, Gang Tan, Claudia Eckert, Paul Muntean, Zhiqiang Lin, and Mathias Neumayer

Subjects

021110 strategic, defence & security studies, Computer science, Code reuse, 0211 other engineering and technologies, Spec#, 02 engineering and technology, Parallel computing, computer.software_genre, Set (abstract data type), 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Benchmark (computing), Control flow graph, Overhead (computing), Compiler, Enhanced Data Rates for GSM Evolution, computer, computer.programming_language

Abstract

In this paper, we propose reversed forward-edge mapper (ρFEM), a Clang/LLVM compiler-based tool, to protect the backward edges of a program’s control flow graph (CFG) against runtime control-flow hijacking (e.g., code reuse attacks). It protects backward-edge transfers in C/C++ originating from virtual and non-virtual functions by first statically constructing a precise virtual table hierarchy, with which to form a precise forward-edge mapping between callees and non-virtual calltargets based on precise function signatures, and then checks each instrumented callee return against the previously computed set at runtime. We have evaluated ρFEM using the Chrome browser, NodeJS, Nginx, Memcached, and the SPEC CPU2017 benchmark. Our results show that ρFEM enforces less than 2.77 return targets per callee in geomean, even for applications heavily relying on backward edges. ρFEM’s runtime overhead is less than 1% in geomean for the SPEC CPU2017 benchmark and 3.44% in geomean for the Chrome browser.

Published

2020

6. An Empirical Study of Android Security Bulletins in Different Vendors

Author

Mehmet Bahadir Kirdan, Sadegh Farhang, Jens Grossklags, and Aron Laszka

Subjects

FOS: Computer and information sciences, Focus (computing), Computer Science - Cryptography and Security, Computer science, Vulnerability, 020207 software engineering, 02 engineering and technology, Computer security, computer.software_genre, Metadata, Information sensitivity, Empirical research, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Android (operating system), Cryptography and Security (cs.CR), computer, Mobile device

Abstract

Mobile devices encroach on almost every part of our lives, including work and leisure, and contain a wealth of personal and sensitive information. It is, therefore, imperative that these devices uphold high security standards. A key aspect is the security of the underlying operating system. In particular, Android plays a critical role due to being the most dominant platform in the mobile ecosystem with more than one billion active devices and due to its openness, which allows vendors to adopt and customize it. Similar to other platforms, Android maintains security by providing monthly security patches and announcing them via the Android security bulletin. To absorb this information successfully across the Android ecosystem, impeccable coordination by many different vendors is required. In this paper, we perform a comprehensive study of 3,171 Android-related vulnerabilities and study to which degree they are reflected in the Android security bulletin, as well as in the security bulletins of three leading vendors: Samsung, LG, and Huawei. In our analysis, we focus on the metadata of these security bulletins (e.g., timing, affected layers, severity, and CWE data) to better understand the similarities and differences among vendors. We find that (i) the studied vendors in the Android ecosystem have adopted different structures for vulnerability reporting, (ii) vendors are less likely to react with delay for CVEs with Android Git repository references, (iii) vendors handle Qualcomm-related CVEs differently from the rest of external layer CVEs.

Published

2020

7. An Options Approach to Cybersecurity Investment

Author

Jens Grossklags, Michail Chronopoulos, and Emmanouil Panaousis

Subjects

QA75, Cybersecurity, General Computer Science, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 02 engineering and technology, Computer security, computer.software_genre, HG, Embedded option, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, real options, investment analysis, business.industry, General Engineering, Information technology, Investment (macroeconomics), Security controls, Incentive, Investment decisions, HD61, 020201 artificial intelligence & image processing, Economic model, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, Inefficiency, lcsh:TK1-9971, computer

Abstract

Cybersecurity has become a key factor that determines the success or failure of companies that rely on information systems. Therefore, investment in cybersecurity is an important financial and operational decision. Typical information technology investments aim to create value, whereas cybersecurity investments aim to minimize loss incurred by cyber attacks. Admittedly, cybersecurity investment has become an increasingly complex one, since information systems are typically subject to frequent attacks, whose arrival and impact fluctuate stochastically. Furthermore, cybersecurity measures and improvements, such as patches, become available at random points in time making investment decisions even more challenging. We propose and develop an analytical real options framework that incorporates major components relevant to cybersecurity practice, and analyze how optimal cybersecurity investment decisions perform for a private firm. The novelty of this paper is that it provides analytical solutions that lend themselves to intuitive interpretations regarding the effect of timing and cybersecurity risk on investment behavior using real options theory. Such aspects are frequently not implemented within economic models that support policy initiatives. However, if these are not properly understood, security controls will not be properly set resulting in a dynamic inefficiency reflected in cycles of over or under investment, and, in turn, increased cybersecurity risk following corrective policy actions. Results indicate that greater uncertainty over the cost of cybersecurity attacks raises the value of an embedded option to invest in cybersecurity. This increases the incentive to suspend operations temporarily in order to install a cybersecurity patch that will make the firm more resilient to cybersecurity breaches. Similarly, greater likelihood associated with the availability of a cybersecurity patch increases the value of the option to invest in cybersecurity. However, the absence of an embedded investment option increases the incentive to delay the permanent abandonment of the company's operation due to the irreversible nature of the decision.

Published

2018

8. Challenges in IT Security Processes and Solution Approaches with Process Mining

Author

Jens Grossklags, Silvia Knittl, and Aynesh Sundararaj

Subjects

Computer science, Business process, Process mining, 020207 software engineering, Context (language use), 02 engineering and technology, Work in process, Computer security, computer.software_genre, Conformance checking, Field (computer science), 0202 electrical engineering, electronic engineering, information engineering, Defined process, 020201 artificial intelligence & image processing, computer

Abstract

Process mining is a rapidly developing field of data science currently focusing on business processes. The approach involves many techniques that may contribute to cyber security analysis as well. In particular, the measurement of deviations from a defined process is a central topic in process mining, and could find application in the context of IT security.

Published

2020

9. Erratum to: The Right to Data Portability: conception, status quo, and future directions

Author

Sophie Kuebler-Wachendorff, Johann Kranz, Emmanuel Syrmoudis, Jens Grossklags, Robert Luzsa, Susanne Mayr, and Stefan Mager

Subjects

Status quo, Computer science, media_common.quotation_subject, Computer security, computer.software_genre, computer, Data portability, Computer Science Applications, Information Systems, media_common

Published

2021

10. Enemy At the Gateways: Censorship-Resilient Proxy Distribution Using Game Theory

Author

Jens Grossklags, Milad Nasr, Sadegh Farhang, and Amir Houmansadr

Subjects

Distribution (number theory), Computer science, media_common.quotation_subject, Censorship, Adversary, Computer security, computer.software_genre, Proxy (statistics), computer, Game theory, media_common

Published

2019

11. Analyzing Control Flow Integrity with LLVM-CFI

Author

Jens Grossklags, Paul Muntean, Claudia Eckert, Zhiqiang Lin, Gang Tan, and Matthias Neumayer

Subjects

FOS: Computer and information sciences, 021110 strategic, defence & security studies, Source code, Computer Science - Cryptography and Security, Exploit, Computer science, media_common.quotation_subject, Code reuse, 0211 other engineering and technologies, 02 engineering and technology, Attack surface, computer.software_genre, Computer security, Control flow, 020204 information systems, Gadget, 0202 electrical engineering, electronic engineering, information engineering, Compiler, computer, Cryptography and Security (cs.CR), Control-flow integrity, media_common

Abstract

Control-flow hijacking attacks are used to perform malicious com-putations. Current solutions for assessing the attack surface afteracontrol flow integrity(CFI) policy was applied can measure onlyindirect transfer averages in the best case without providing anyinsights w.r.t. the absolute calltarget reduction per callsite, and gad-get availability. Further, tool comparison is underdeveloped or notpossible at all. CFI has proven to be one of the most promising pro-tections against control flow hijacking attacks, thus many effortshave been made to improve CFI in various ways. However, there isa lack of systematic assessment of existing CFI protections. In this paper, we presentLLVM-CFI, a static source code analy-sis framework for analyzing state-of-the-art static CFI protectionsbased on the Clang/LLVM compiler framework.LLVM-CFIworksby precisely modeling a CFI policy and then evaluating it within aunified approach.LLVM-CFIhelps determine the level of securityoffered by different CFI protections, after the CFI protections weredeployed, thus providing an important step towards exploit cre-ation/prevention and stronger defenses. We have usedLLVM-CFIto assess eight state-of-the-art static CFI defenses on real-worldprograms such as Google Chrome and Apache Httpd.LLVM-CFIprovides a precise analysis of the residual attack surfaces, andaccordingly ranks CFI policies against each other.LLVM-CFIalsosuccessfully paves the way towards construction of COOP-like codereuse attacks and elimination of the remaining attack surface bydisclosing protected calltargets under eight restrictive CFI policies., Comment: Accepted for publication at ACSAC'19 conference. arXiv admin note: substantial text overlap with arXiv:1812.08496

Published

2019

12. Take It or Leave It

Author

Sadegh Farhang, Jens Grossklags, Jake Weidman, Peng Liu, and Mohammad Mahdi Kamani

Subjects

Focus (computing), Computer science, Vendor, business.industry, 05 social sciences, Software performance testing, 02 engineering and technology, computer.software_genre, Upgrade, Software, Software bug, 020204 information systems, Component (UML), 0202 electrical engineering, electronic engineering, information engineering, Microsoft Windows, Operating system, 0501 psychology and cognitive sciences, business, computer, 050107 human factors

Abstract

Software upgrades play a pivotal role in enhancing software performance, and are a critical component of resolving software bugs and patching security issues. However, consumers' eagerness to upgrade to the newest operating system is often tempered after release. In this paper, we focus on the upgrade perceptions and practices of users utilizing Microsoft Windows, with particular consideration given to the current upgrade cycle to Windows 10, which was, for a time, offered at no monetary cost to many users. To better understand the relevant factors for upgrade decisions, we deployed a structured survey, including several open-ended questions to add additional depth. We collected data from 239 Microsoft Windows users and utilized qualitative and quantitative methods to analyze user upgrade practices. Important themes include how to best notify users of upcoming upgrade opportunities, how users perceive privacy issues associated with OS upgrade decisions, and whether security constitutes a significant decision-making factor. We also explore how end-of-life dates, indicating the end of support by the vendor, are perceived by users.

Published

2018

13. $$\tau $$ CFI: Type-Assisted Control Flow Integrity for x86-64 Binaries

Author

Jens Grossklags, Matthias Fischer, Zhiqiang Lin, Claudia Eckert, Gang Tan, and Paul Muntean

Subjects

Discrete mathematics, Source code, Matching (graph theory), Computer science, media_common.quotation_subject, Spec#, 020207 software engineering, 02 engineering and technology, Type (model theory), Control flow, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Benchmark (computing), Overhead (computing), Parameter, computer, media_common, computer.programming_language

Abstract

Programs aiming for low runtime overhead and high availability draw on several object-oriented features available in the C/C++ programming language, such as dynamic object dispatch. However, there is an alarmingly high number of object dispatch (i.e., forward-edge) corruption vulnerabilities, which undercut security in significant ways and are in need of a thorough solution. In this paper, we propose \(\tau {\textsc {CFI}}\), an extended control flow integrity (CFI) model that uses both the types and numbers of function parameters to enforce forward- and backward-edge control flow transfers. At a high level, it improves the precision of existing forward-edge recognition approaches by considering the type information of function parameters, which are directly extracted from the application binaries. Therefore, \(\tau {\textsc {CFI}}\) can be used to harden legacy applications for which source code may not be available. We have evaluated \(\tau {\textsc {CFI}}\) on real-world binaries including Nginx, NodeJS, Lighttpd, MySql and the SPEC CPU2006 benchmark and demonstrate that \(\tau {\textsc {CFI}}\) is able to effectively protect these applications from forward- and backward-edge corruptions with low runtime overhead. In direct comparison with state-of-the-art tools, \(\tau {\textsc {CFI}}\) achieves higher forward-edge caller-callee matching precision.

Published

2018

14. An Economic Study of the Effect of Android Platform Fragmentation on Security Updates

Author

Jens Grossklags, Sadegh Farhang, and Aron Laszka

Subjects

Open source, Computer science, 0502 economics and business, 05 social sciences, Operating system, Proprietary software, 050207 economics, Android (operating system), computer.software_genre, computer, 050205 econometrics, Personalization

Abstract

Vendors in the Android ecosystem typically customize their devices by modifying Android Open Source Project (AOSP) code, adding in-house developed proprietary software, and pre-installing third-party applications. However, research has documented how various security problems are associated with this customization process.

Published

2018

15. Secure Team Composition to Thwart Insider Threats and Cyber-Espionage

Author

Aron Laszka, Jens Grossklags, Pascal Schöttle, Rainer Böhme, and Benjamin Johnson

Subjects

Team composition, Computer Networks and Communications, business.industry, Computer science, Internet privacy, Insider threat, Espionage, Computer security, computer.software_genre, Project team, Project manager, Insider, Adversarial system, business, Game theory, computer

Abstract

We develop a formal nondeterministic game model for secure team composition to counter cyber-espionage and to protect organizational secrets against an attacker who tries to sidestep technical security mechanisms by offering a bribe to a project team member. The game captures the adversarial interaction between the attacker and the project manager who has a secret she wants to protect but must share with a team of individuals selected from within her organization. Our interdisciplinary work is important in the face of the multipronged approaches utilized by well-motivated attackers to circumvent the fortifications of otherwise well-defended targets.

Published

2014

16. Financial Cryptography and Data Security

Author

Bart Preneel and Jens Grossklags

Subjects

Security analysis, Cloud computing security, Computer science, Financial cryptography, Security through obscurity, Security convergence, Data security, Network security policy, Information security, Computer security, computer.software_genre, computer

Published

2017

17. On the Economics of Ransomware

Author

Aron Laszka, Jens Grossklags, and Sadegh Farhang

Subjects

Adversarial system, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Ransomware, 020201 artificial intelligence & image processing, 02 engineering and technology, Business, 16. Peace & justice, Computer security, computer.software_genre, computer, Game theory

Abstract

While recognized as a theoretical and practical concept for over 20 years, only now ransomware has taken centerstage as one of the most prevalent cybercrimes. Various reports demonstrate the enormous burden placed on companies, which have to grapple with the ongoing attack waves. At the same time, our strategic understanding of the threat and the adversarial interaction between organizations and cybercriminals perpetrating ransomware attacks is lacking.

Published

2017

18. End user cybercrime reporting: what we know and what we can do to improve it

Author

Jens Grossklags and Morvareed Bidgoli

Subjects

Government, business.industry, End user, Internet privacy, Law enforcement, Computer security, computer.software_genre, Cybercrime, Incentive, Harm, Action (philosophy), The Internet, business, Psychology, computer

Abstract

After a physical crime occurs an important action typically takes place: the reporting of the crime to the police. However, this action becomes more complex for a victim to properly execute when a cybercrime is experienced, which can be partly explained for instance by a lack of knowledge about cybercrimes and computer security. Cybercrime reporting is crucial because it can provide a multitude of data such as the prevalence of cybercrimes, the types and nature of the cybercrimes present, and the various resulting types of loss or harm (e.g., financial, psychological, emotional). Moreover, cybercrime reporting data is also actionable for two reasons: (1) prevention tips can be produced to educate users of how they can mitigate commonly occurring cybercrimes they may be faced with, and (2) the information provided can be useful for the appropriate law enforcement agencies to potentially reach a proper resolution for the cybercrime victim (i.e., the cybercriminal being caught, the recovery of stolen property). However, comparatively few academic works have focused on better understanding computer users’ cybercrime reporting behaviors. In this paper, we first review the relevant literature, which predominantly focuses on the reasons that contribute to the underreporting of cybercrimes. Next, we highlight four particular challenges of cybercrime reporting. These challenges include the issue of computer users potentially having difficulty in properly identifying cybercrimes they may experience, fostering knowledge of how to report cybercrimes to the appropriate channels, providing incentives for cybercrime reporting, and the extent of feedback victims receive after filing a cybercrime report. Grounded in the surveyed literature and our previous work, we also provide a set of recommendations on how to approach these challenges in order to improve currently existing cybercrime reporting processes.

Published

2016

19. FlipLeakage: A Game-Theoretic Approach to Protect Against Stealthy Attackers in the Presence of Information Leakage

Author

Sadegh Farhang and Jens Grossklags

Subjects

Password, Focus (computing), Computer science, 02 engineering and technology, Undo, Security policy, Computer security, computer.software_genre, symbols.namesake, Resource (project management), Nash equilibrium, 020204 information systems, Information leakage, 0202 electrical engineering, electronic engineering, information engineering, symbols, 020201 artificial intelligence & image processing, computer, Reset (computing)

Abstract

One of the particularly daunting issues in the cybersecurity domain is information leakage of business or consumer data, which is often triggered by multi-stage attacks and advanced persistent threats. While the technical community is working on improved system designs to prevent and mitigate such attacks, a significant residual risk remains that attacks succeed and may not even be detected, i.e., they are stealthy. Our objective is to inform security policy design for the mitigation of stealthy information leakage attacks. Such a policy mechanism advises system owners on the optimal timing to reset defense mechanisms, e.g., changing cryptographic keys or passwords, reinstalling systems, installing new patches, or reassigning security staff. We follow a game-theoretic approach and propose a model titled FlipLeakage. In our proposed model, an attacker will incrementally and stealthily take ownership of a resource e.g., similar to advanced persistent threats. While her final objective is a complete compromise of the system, she may derive some utility during the preliminary phases of the attack. The defender can take a costly recovery move and has to decide on its optimal timing. Our focus is on the scenario when the defender can only partially eliminate the foothold of the attacker in the system. Further, the defender cannot undo any information leakage that has already taken place during an attack. We derive optimal strategies for the agents in FlipLeakage and present numerical analyses and graphical visualizations.

Published

2016

20. Adaptive Steganography and Steganalysis with Fixed-Size Embedding

Author

Benjamin Johnson, Jens Grossklags, Rainer Böhme, Pascal Schöttle, and Aron Laszka

Subjects

Steganalysis, Sequence, Steganography, Computer science, ComputingMilieux_PERSONALCOMPUTING, Data_CODINGANDINFORMATIONTHEORY, Decision rule, Pseudorandom binary sequence, Embedding, Alice (programming language), computer, Algorithm, Game theory, computer.programming_language

Abstract

We analyze a two-player zero-sum game between a steganographer, Alice, and a steganalyst, Eve. In this game, Alice wants to hide a secret message of length \(k\) in a binary sequence, and Eve wants to detect whether a secret message is present. The individual positions of all binary sequences are independently distributed, but have different levels of predictability. Using knowledge of this distribution, Alice randomizes over all possible size-\(k\) subsets of embedding positions. Eve uses an optimal (possibly randomized) decision rule that considers all positions, and incorporates knowledge of both the sequence distribution and Alice’s embedding strategy.

Published

2015

21. A Short Paper on the Incentives to Share Private Information for Population Estimates

Author

Jens Grossklags, Patrick Loiseau, and Michela Chessa

Subjects

Population estimate, Incentive, Analytics, business.industry, Computer science, Internet privacy, Short paper, Data analysis, business, Computer security, computer.software_genre, Private information retrieval, computer

Abstract

Consumers are often willing to contribute their personal data for analytics projects that may create new insights into societal problems. However, consumers also have justified privacy concerns about the release of their data.

Published

2015

22. Should Cyber-Insurance Providers Invest in Software Security?

Author

Aron Laszka and Jens Grossklags

Subjects

Computer science, Investment strategy, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Product (business), Key person insurance, Risk analysis (engineering), Software security assurance, 0202 electrical engineering, electronic engineering, information engineering, Cyber-Insurance, 020201 artificial intelligence & image processing, Risk pool, computer, Economics of security, Vulnerability (computing)

Abstract

Insurance is based on the diversifiability of individual risks: if an insurance provider maintains a large portfolio of customers, the probability of an event involving a large portion of the customers is negligible. However, in the case of cyber-insurance, not all risks are diversifiable due to software monocultures. If a vulnerability is discovered in a widely used software product, it can be used to compromise a multitude of targets until it is eventually patched, leading to a catastrophic event for the insurance provider. To lower their exposure to non-diversifiable risks, insurance providers may try to influence the security of widely used software products in their customer population, for example, through vulnerability reward programs. We explore the proposal that insurance providers should take a proactive role in improving software security, and provide evidence that this approach is viable for a monopolistic provider. We develop a model which captures the supply and demand sides of insurance, provide computational complexity results on the provider's investment decisions, and propose different heuristic investment strategies. We demonstrate that investments can reduce non-diversifiable risks and can lead to a more profitable cyber-insurance market. Finally, we detail the relative merits of the different heuristic strategies with numerical results.

Published

2015

23. When Bitcoin Mining Pools Run Dry

Author

Jens Grossklags, Aron Laszka, and Benjamin Johnson

Subjects

Cryptocurrency, Incentive, Computer science, Denial-of-service attack, Computer security, computer.software_genre, computer, Game theory

Abstract

Bitcoin has established itself as the most successful cryptocurrency with adoption seen in many commercial scenarios. While most stakeholders have jointly benefited from the growing importance of Bitcoin, conflicting interests continue to negatively impact the ecosystem. In particular, incentives to derive short-term profits from attacks on mining pools threaten the long-term viability of Bitcoin.

Published

2015

24. How Task Familiarity and Cognitive Predispositions Impact Behavior in a Security Game of Timing

Author

Jens Grossklags and David Reitter

Subjects

Need for cognition, Modality (human–computer interaction), Action (philosophy), Computer science, Individual difference, Cognition, Disposition, Computer security, computer.software_genre, computer, Cognitive bias, Cognitive psychology, Task (project management)

Abstract

This paper addresses security and safety choices that involve a decision on the timing of an action. Examples of such decisions include when to check log files for intruders and when to monitor financial accounts for fraud or errors. To better understand how performance in timing-related security situations is shaped by individuals' cognitive predispositions, we effectively combine survey measures with economic experiments. Two behavioral experiments are presented in which the timing of online security actions is the critical decision-making factor. The feedback modality in the decision-environment is varied between visual feedback with history (Experiment 1), and temporal feedback without history (Experiment 2). Using psychometric scales, we study the role of individual difference variables, specifically risk propensity and need for cognition. The analysis is based on the data from over 450 participants. We find that risk propensity is not a hindrance in timing tasks. Participants of average risk propensity generally benefit from a reflective disposition (high need for cognition), particularly when visual feedback is given. Overall, participants benefit from need for cognition, however, in the more difficult, temporal-estimation task, this requires familiarity with the task.

Published

2014

25. The Complexity of Estimating Systematic Risk in Networks

Author

Jens Grossklags, Aron Laszka, and Benjamin Johnson

Subjects

Bridging (networking), Network security, business.industry, Computer science, Network science, Complex network, Network topology, computer.software_genre, Systematic risk, Econometrics, Probability distribution, Data mining, business, computer, Expected loss

Abstract

This risk of catastrophe from an attack is a consequence of a network's structure formed by the connected individuals, businesses and computer systems. Understanding the likelihood of extreme events, or, more generally, the probability distribution of the number of compromised nodes is an essential requirement to provide risk-mitigation or cyber-insurance. However, previous network security research has not considered features of these distributions beyond their first central moments, while previous cyber-insurance research has not considered the effect of topologies on the supply side. We provide a mathematical basis for bridging this gap: we study the complexity of computing these loss-number distributions, both generally and for special cases of common real-world networks. In the case of scale-free networks, we demonstrate that expected loss alone cannot determine the riskiness of a network, and that this riskiness cannot be naively estimated from smaller samples, which highlights the lack/importance of topological data in security incident reporting.

Published

2014

26. How many down?

Author

Jens Grossklags, Aron Laszka, and Benjamin Johnson

Subjects

Dependency (UML), business.industry, Computer science, Distributed computing, Scale-free network, computer.software_genre, Network topology, Outcome (game theory), Systematic risk, Cyber-Insurance, Data mining, business, computer, Risk management

Abstract

The systematic risk of a networked system depends to a large extent on its topology. In this paper, we explore this dependency using a model of risk propagation from the literature on interdependent security games. Our main area of focus is on the number of nodes that go down after an attack takes place. We develop a simulation algorithm to study the effects of such attacks on arbitrary topologies, and apply this simulation to scale-free networks. We investigate by graphical illustration how the outcome distribution of such networks exhibits correlation effects that increase the likelihood of losing more nodes at once -- an effect having direct applications to cyber-insurance.

Published

2014

27. Bitspotting: Detecting Optimal Adaptive Steganography

Author

Jens Grossklags, Benjamin Johnson, Rainer Böhme, Aron Laszka, and Pascal Schöttle

Subjects

Sequence, Steganography, Computer science, ComputingMilieux_PERSONALCOMPUTING, Binary number, Data_CODINGANDINFORMATIONTHEORY, Decision rule, Pseudorandom binary sequence, Embedding, Alice (programming language), Algorithm, computer, Game theory, computer.programming_language

Abstract

We analyze a two-player zero-sum game between a steganographer, Alice, and a steganalyst, Eve. In this game, Alice wants to hide a secret message of length \(k\) in a binary sequence, and Eve wants to detect whether a secret message is present. The individual positions of all binary sequences are independently distributed, but have different levels of predictability. Using knowledge of this distribution, Alice randomizes over all possible size-\(k\) subsets of embedding positions. Eve uses an optimal (possibly randomized) decision rule that considers all positions, and incorporates knowledge of both the sequence distribution and Alice’s embedding strategy.

Published

2014

28. Game-Theoretic Analysis of DDoS Attacks Against Bitcoin Mining Pools

Author

Jens Grossklags, Marie Vasek, Aron Laszka, Benjamin Johnson, and Tyler Moore

Subjects

Computer science, business.industry, media_common.quotation_subject, Denial-of-service attack, Investment (macroeconomics), Computer security, computer.software_genre, Competition (economics), Incentive, Digital currency, Cash, The Internet, business, Game theory, computer, media_common

Abstract

One of the unique features of the digital currency Bitcoin is that new cash is introduced by so-called miners carrying out resource-intensive proof-of-work operations. To increase their chances of obtaining freshly minted bitcoins, miners typically join pools to collaborate on the computations. However, intense competition among mining pools has recently manifested in two ways. Miners may invest in additional computing resources to increase the likelihood of winning the next mining race. But, at times, a more sinister tactic is also employed: a mining pool may trigger a costly distributed denial-of-service (DDoS) attack to lower the expected success outlook of a competing mining pool. We explore the trade-off between these strategies with a series of game-theoretical models of competition between two pools of varying sizes. We consider differences in costs of investment and attack, as well as uncertainty over whether a DDoS attack will succeed. By characterizing the game’s equilibria, we can draw a number of conclusions. In particular, we find that pools have a greater incentive to attack large pools than small ones. We also observe that larger mining pools have a greater incentive to attack than smaller ones.

Published

2014

29. Managing the Weakest Link

Author

Jens Grossklags, Aron Laszka, Rainer Böhme, Benjamin Johnson, and Pascal Schöttle

Subjects

Computer science, business.industry, Stochastic game, ComputingMilieux_PERSONALCOMPUTING, Access control, Adversary, Computer security, computer.software_genre, Insider, Project manager, Alice (programming language), business, Resilience (network), computer, Game theory, computer.programming_language

Abstract

We introduce a two-player stochastic game for modeling secure team selection to add resilience against insider threats. A project manager, Alice, has a secret she wants to protect but must share with a team of individuals selected from within her organization; while an adversary, Eve, wants to learn this secret by bribing one potential team member. Eve does not know which individuals will be chosen by Alice, but both players have information about the bribeability of each potential team member. Specifically, the amount required to successfully bribe each such individual is given by a random variable with a known distribution but an unknown realization.

Published

2013

30. Mitigating Covert Compromises

Author

Aron Laszka, Benjamin Johnson, and Jens Grossklags

Subjects

Password, Engineering, business.industry, Botnet, Cryptography, Computer security, computer.software_genre, Security policy, Complete information, Covert, Damages, business, computer, Reset (computing)

Abstract

Attackers of computing resources increasingly aim to keep security compromises hidden from defenders in order to extract more value over a longer period of time. These covert attacks come in multiple varieties, which can be categorized into two main types: targeted and non-targeted attacks. Targeted attacks include, for example, cyberespionage, while non-targeted attacks include botnet recruitment. We are concerned with the subclass of these attacks for which detection is too costly or technically infeasible given the capabilities of a typical organization. As a result, defenders have to mitigate potential damages under a regime of incomplete information. A primary mitigation strategy is to reset potentially compromised resources to a known safe state, for example, by reinstalling computer systems, and changing passwords or cryptographic private keys. In a game-theoretic framework, we study the economically optimal mitigation strategies in the presence of targeted and non-targeted covert attacks. Our work has practical implications for the definition of security policies, in particular, for password and key renewal schedules.

Published

2013

31. Mitigation of Targeted and Non-targeted Covert Attacks as a Timing Game

Author

Jens Grossklags, Aron Laszka, and Benjamin Johnson

Subjects

Non targeted, Computer science, Control (management), Poisson process, Computer security, computer.software_genre, symbols.namesake, Resource (project management), Strategic game, Covert, symbols, computer, Game theory, Timing game

Abstract

We consider a strategic game in which a defender wants to maintain control over a resource that is subject to both targeted and non-targeted covert attacks. Because the attacks are covert, the defender must choose to secure the resource in real time without knowing who controls it. Each move by the defender to secure the resource has a one-time cost and these defending moves are not covert, so that a targeted attacker may time her attacks based on the defender's moves. The time between when a targeted attack starts and when it succeeds is given by an exponentially distributed random variable with a known rate. Non-targeted attackers are modeled together as a single attacker whose attacks arrive following a Poisson process. We find that in this regime, the optimal moving strategy for the defender is a periodic strategy, so that the time intervals between consecutive moves are constant.

Published

2013

32. Trading Agent Kills Market Information

Author

Jens Grossklags and Rainer Böhme

Subjects

Natural experiment, business.industry, Market microstructure, computer.software_genre, Market mechanism, Loan, The Internet, Marketing, Algorithmic trading, business, Research question, Personally identifiable information, computer, Industrial organization

Abstract

The proliferation of Internet technology has created numerous new markets as social coordination mechanisms, including those where human decision makers and computer algorithms interact. Because humans and computers differ in their capabilities to emit and process complex market signals, there is a need to understand the determinants of the provision of market information. We tackle the general research question from the perspective of new electronic credit markets. On online social lending platforms, loan applications typically contain detailed personal information of prospective borrowers next to hard facts, such as credit scores. We investigate whether a change of the market mechanism in the form of the introduction of an automated trading agent shifts the dynamics of information revelation from a high-effort norm to a low-effort information equilibrium. We test our hypothesis with a natural experiment on Smava.de and find strong support for our proposition.

Published

2013

33. It’s All about the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice

Author

Jens Grossklags, Nicolas Christin, Serge Egelman, and Timothy Vidas

Subjects

Computer science, Network security, business.industry, Download, media_common.quotation_subject, computer.file_format, Computer security, computer.software_genre, Payment, Task (project management), Empirical research, Incentive, Malware, Executable, business, computer, media_common

Abstract

We examine the cost for an attacker to pay users to execute arbitrary code--potentially malware. We asked users at home to download and run an executable we wrote without being told what it did and without any way of knowing it was harmless. Each week, we increased the payment amount. Our goal was to examine whether users would ignore common security advice--not to run untrusted executables--if there was a direct incentive, and how much this incentive would need to be. We observed that for payments as low as $0.01, 22% of the people who viewed the task ultimately ran our executable. Once increased to $1.00, this proportion increased to 43%. We show that as the price increased, more and more users who understood the risks ultimately ran the code. We conclude that users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience.

Published

2012

34. Nash Equilibria for Weakest Target Security Games with Heterogeneous Agents

Author

Nicolas Christin, John Chuang, Benjamin Johnson, and Jens Grossklags

Subjects

Exploit, Information economy, Computer science, End user, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Computer security, computer.software_genre, symbols.namesake, Incentive, Nash equilibrium, Best response, symbols, Epsilon-equilibrium, Game theory, computer

Abstract

Motivated attackers cannot always be blocked or deterred. In the physical-world security context, examples include suicide bombers and sexual predators. In computer networks, zero-day exploits unpredictably threaten the information economy and end users. In this paper, we study the conflicting incentives of individuals to act in the light of such threats.

Published

2012

35. The security cost of cheap user interaction

Author

Rainer Böhme and Jens Grossklags

Subjects

Cloud computing security, Computer science, Human-computer interaction in information security, Security through obscurity, Computer security model, Computer security, computer.software_genre, Asset (computer security), Security information and event management, Security testing, computer, Countermeasure (computer)

Abstract

Human attention is a scarce resource, and lack thereof can cause severe security breaches. As most security techniques rely on considerate human intervention in one way or another, this resource should be consumed economically. In this context, we postulate the view that every false alarm or unnecessary user interaction imposes a negative externality on all other potential consumers of this chunk of attention. The paper identifies incentive problems that stimulate overconsumption of human attention in security applications. It further outlines a lump-of-attention model, devised against the backdrop of established theories in the behavioral sciences, and discusses incentive mechanisms to fix the misallocation problem in security notification, for instance the idea of a Pigovian tax on attention consumption.

Published

2011

36. Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information

Author

Jens Grossklags, John Chuang, Nicolas Christin, and Benjamin Johnson

Subjects

business.industry, Computer science, Network security, Information security, Computer security model, Computer security, computer.software_genre, Bounded rationality, symbols.namesake, Nash equilibrium, symbols, Security through obscurity, The Internet, business, Game theory, computer

Abstract

A common assumption in security research is that more individual expertise unambiguously leads to a more secure overall network. We present a game-theoretic model in which this common assumption does not hold. Our findings indicate that expert users can be not only invaluable contributors, but also free-riders, defectors, and narcissistic opportunists. A direct application is that user education needs to highlight the cooperative nature of security, and foster the community sense, in particular, of higher skilled computer users. As a technical contribution, this paper represents, to our knowledge, the first formal study to quantitatively assess the impact of different degrees of information security expertise on the overall security of a network.

Published

2010

37. Nudge: Intermediaries’ Role in Interdependent Network Security

Author

Alvaro A. Cardenas, Jens Grossklags, Svetlana Radosavac, and John Chuang

Subjects

Cloud computing security, Computer science, Network security, business.industry, Internet privacy, Service provider, Computer security model, Asset (computer security), Computer security, computer.software_genre, Security information and event management, Intermediary, Investment decisions, Security service, Security association, Network security policy, business, computer, Industrial organization

Abstract

By employing an interdependent security game-theoretic framework, we study how individual Internet Service Providers can coordinate the investment decisions of end users to improve the security and trustworthiness of the overall system. We discuss two different forms of intervention: rebates in combination with penalties (pay for outcome) and cost-subsidies (pay for effort).

Published

2010

38. Uncertainty in the weakest-link security game

Author

Jens Grossklags and Benjamin Johnson

Subjects

Network security, business.industry, Computer science, media_common.quotation_subject, Internet privacy, Data security, Cryptography, Information security, Computer security, computer.software_genre, Interdependence, business, Link (knot theory), Game theory, computer, media_common

Abstract

Individuals in computer networks not only have to invest to secure their private resources from potential attackers, but have to be aware of the existing interdependencies that exist with other network participants. Indeed, a user's security is frequently negatively impacted by protection failures of even just one other individual, the weakest link.

Published

2009

39. Blue versus Red: Towards a Model of Distributed Security Attacks

Author

Jens Grossklags and Neal Fultz

Subjects

Service (business), Distributed security, Cloud computing security, Computer science, business.industry, Compromise, media_common.quotation_subject, Internet privacy, Self-insurance, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Computer security, computer.software_genre, Security through obscurity, business, Game theory, computer, Economics of security, media_common

Abstract

We develop a two-sided multiplayer model of security in which attackers aim to deny service and defenders strategize to secure their assets. Attackers benefit from the successful compromise of target systems, however, may suffer penalties for increased attack activities. Defenders weigh the force of an attack against the cost of security. We consider security decision-making in tightly and loosely coupled networks and allow defense expenditures in protection and self-insurance technologies.

Published

2009

40. Economics-Informed Design of CDNs

Author

Nicolas Christin, John Chuang, and Jens Grossklags

Subjects

business.industry, media_common.quotation_subject, Internet privacy, Tragedy of the commons, Information Dissemination, Overlay network, computer.software_genre, symbols.namesake, Dominance (economics), Nash equilibrium, symbols, The Internet, Business, Web service, Empowerment, computer, media_common

Abstract

Over the past decade, both the contents available on the Internet, and its means of distribution have undergone a drastic change. In the mid-nineties, the development of electronic commerce and web services had fueled the dominance of HTTP traffic, which resulted in easily distinguishable “clients” and “servers.” However, since then two important events radically transformed the Internet landscape. First, the Napster service [1], launched in 1999, ushered the era of “Peer-to-Peer (P2P)” computing. P2P computing markedly differs from the client-server paradigm that preceded it (and now co-exists with it), in that any host at the edge of the network can act as an information provider. Second, digital production tools became accessible to the masses, through the availability of high-resolution cameras, videorecorders, or high-quality sound cards with sampling capabilities. This in turn led to a proliferation of user-generated contents, which intensified even further as information dissemination platforms, e.g. weblogs, became easier to use. Shortly stated, end-users have gained the tools and resources to now act as active content contributors. However, at the same time (and, paradoxically, maybe because of this empowerment), novel phenomena, such as occurrences of the “tragedy of the commons” [23] have started to be observed on the network. The tragedy of the commons is best explained by its canonical example. Consider a village pasture that can accommodate a fixed number of sheep, and is a “common” good shared among all herdsmen. Each herdsman can see a significant advantage in slightly increasing their own herd – more sheep mean more wool, and in turn more

Published

2008

41. Security and insurance management in networks with heterogeneous agents

Author

Nicolas Christin, Jens Grossklags, and John Chuang

Subjects

Cloud computing security, Threat model, Security through obscurity, Economics, Computer security model, Asset (computer security), Computer security, computer.software_genre, computer, Security information and event management, Countermeasure (computer), Threat

Abstract

Computer users express a strong desire to prevent attacks and to reduce the losses from computer and information security breaches. However, security compromises are common and widespread and highly damaging. Next to attackers' increased sophistication, a root cause for the harm inflicted is that users often fail to optimally protect their resources or to recover gracefully from a security breach.We argue that users often underestimate the strong mutual dependence between their security strategies and the economic environment (e.g., threat model) in which these choices are made and evaluated. This misunderstanding weakens the effectiveness of users' security investments, and is compounded by heterogeneity within the user population, in some cases further reducing incentives for cooperation and coordination.We study how economic agents invest into security in five different economic environments, that are characteristic of different threat models. We consider generalized models of traditional public goods games (e.g., total effort and weakest link) and two recently proposed games (e.g., weakest target game). Agents may split their contributions between a public good (protection) and a private good (self-insurance).Our analysis centers on how agents respond to incentives when important parameters of the game (i.e., loss probability, loss magnitude, and cost of technology) are heterogeneous in the agent population. We also highlight key differences to the case of homogeneous decision makers. For example, security investments may become substantially more sensitive to the size of the network. We extend our results to discuss important modes of intervention.

Published

2008

42. Secure or insure?

Author

Jens Grossklags, John Chuang, and Nicolas Christin

Subjects

education.field_of_study, Computer science, Self-insurance, Population, Information security, Public good, Investment (macroeconomics), Computer security, computer.software_genre, Private good, symbols.namesake, Incentive, Nash equilibrium, symbols, education, Game theory, computer

Abstract

Despite general awareness of the importance of keeping one's system secure, and widespread availability of consumer security technologies, actual investment in security remains highly variable across the Internet population, allowing attacks such as distributed denial-of-service (DDoS) and spam distribution to continue unabated. By modeling security investment decision-making in established (e.g., weakest-link, best-shot) and novel games (e.g., weakest-target), and allowing expenditures in self-protection versus self-insurance technologies, we can examine how incentives may shift between investment in a public good (protection) and a private good (insurance), subject to factors such as network size, type of attack, loss probability, loss magnitude, and cost of technology. We can also characterize Nash equilibria and social optima for different classes of attacks and defenses. In the weakest-target game, an interesting result is that, for almost all parameter settings, more effort is exerted at Nash equilibrium than at the social optimum. We may attribute this to the "strategic uncertainty" of players seeking to self-protect at just slightly above the lowest protection level.

Published

2008

43. Noticing notice

Author

Jens Grossklags, Nathaniel Good, Deirdre K. Mulligan, and Joseph A. Konstan

Subjects

Notice, business.industry, Computer science, End user, Internet privacy, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Context (language use), Adware, Software license, Computer security, computer.software_genre, Software, Installation, business, License, computer

Abstract

Spyware is an increasing problem. Interestingly, many programs carrying spyware honestly disclose the activities of the software, but users install the software anyway. We report on a study of software installation to assess the effectiveness of different notices for helping people make better decisions on which software to install. Our study of 222 users showed that providing a short summary notice, in addition to the End User License Agreement (EULA), before the installation reduced the number of software installations significantly. We also found that providing the short summary notice after installation led to a significant number of uninstalls. However, even with the short notices, many users installed the program and later expressed regret for doing so. These results, along with a detailed analysis of installation, regret, and survey data about user behaviors informs our recommendations to policymakers and designers for assessing the "adequacy" of consent in the context of software that exhibits behaviors associated with spyware.

Published

2007

44. Stopping spyware at the gate

Author

David Thaw, Nathaniel Good, Jens Grossklags, Steven Aronowitz, Deirdre K. Mulligan, Rachna Dhamija, and Joseph A. Konstan

Subjects

Online and offline, education.field_of_study, Notice, Computer science, business.industry, Internet privacy, Population, Regret, Computer security, computer.software_genre, Terms of service, Installation, Targeted advertising, Code (cryptography), business, education, computer

Abstract

Spyware is a significant problem for most computer users. The term "spyware" loosely describes a new class of computer software. This type of software may track user activities online and offline, provide targeted advertising and/or engage in other types of activities that users describe as invasive or undesirable.While the magnitude of the spyware problem is well documented, recent studies have had only limited success in explaining the broad range of user behaviors that contribute to the proliferation of spyware. As opposed to viruses and other malicious code, users themselves often have a choice whether they want to install these programs.In this paper, we discuss an ecological study of users installing five real world applications. In particular, we seek to understand the influence of the form and content of notices (e.g., EULAs) on user's installation decisions.Our study indicates that while notice is important, notice alone may not be enough to affect users' decisions to install an application. We found that users have limited understanding of EULA content and little desire to read lengthy notices. Users found short, concise notices more useful, and noticed them more often, yet they did not have a significant effect on installation for our population. When users were informed of the actual contents of the EULAs to which they agreed, we found that users often regret their installation decisions.We discovered that regardless of the bundled content, users will often install an application if they believe the utility is high enough. However, we discovered that privacy and security become important factors when choosing between two applications with similar functionality. Given two similar programs (e.g. KaZaA and Edonkey), consumers will choose the one they believe to be less invasive and more stable. We also found that providing vague information in EULAs and short notices can create an unwarranted impression of increased security. In these cases, it may be helpful to have a standardized format for assessing the possible options and trade-offs between applications.

Published

2005

45. How loss profiles reveal behavioural biases in interdependent security decisions

Author

Alan Nochenson, Jens Grossklags, and C. F. Larry Heimann

Subjects

Web server, Computer Networks and Communications, Network security, business.industry, Computer science, media_common.quotation_subject, Botnet, Ignorance, computer.software_genre, Computer security, Computer Science Applications, Interdependence, Variable (computer science), Harm, Order (exchange), business, computer, media_common

Abstract

Most current models of interdependent security decision-making do not explicitly account for the concept of variable loss. In these models, entities either incur some fixed loss when infected or they do not - there is no in-between. Contrary to this, there are a large number of scenarios where the eventual harm caused by a successful attack might vary substantially (e.g., if a web server is attacked, it could be taken offline, it could be used to host illegal content, or it could be used as part of a botnet). This paper introduces the concept of a loss profile in order to capture the notion of variable loss. We exemplify our approach by modelling a simple interdependent network security scenario. We further show how behavioural biases such as ignorance to low probability events, can be effectively modelled with the concept of loss profiles.

Published

2014