资源描述:
《【国防经济学英文论文】The Economics of Information Security》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、TheEconomicsofInformationSecurity∗RossAndersonandTylerMooreUniversityofCambridge,ComputerLaboratory15JJThomsonAvenue,CambridgeCB30FD,UnitedKingdomfirstname.lastname@cl.cam.ac.ukAbstractTheeconomicsofinformationsecurityhasrecentlybecomeathrivingandfast-movingdisc
2、ipline.Asdistributedsystemsareassembledfrommachinesbelongingtoprincipalswithdivergentinterests,wefindthatincentivesarebecomingasimpor-tantastechnicaldesigninachievingdependability.Thenewfieldprovidesvaluableinsightsnotjustinto‘security’topics(suchasbugs,spam,phish
3、ing,andlawen-forcementstrategy)butintomoregeneralareassuchasthedesignofpeer-to-peersystems,theoptimalbalanceofeffortbyprogrammersandtesters,whyprivacygetseroded,andthepoliticsofdigitalrightsmanagement.IntroductionOverthepast6years,peoplehaverealizedthatsecurityfa
4、ilureiscausedatleastasoftenbybadincentivesasbybaddesign.Systemsareparticularlypronetofailurewhenthepersonguardingthemisnotthepersonwhosufferswhentheyfail.Thegrowinguseofsecuritymechanismstoenableonesystemusertoexertpoweroveranotheruser,ratherthansimplytoexcludepe
5、oplewhoshouldnotbeusersatall,introducesmanystrategicandpolicyissues.Thetoolsandconceptsofgametheoryandmicroeconomictheoryarebecomingjustasimportantasthemathematicsofcryptographytothesecurityengineer.Wereviewrecentresultsandliveresearchchallengesintheeconomicsofi
6、nformationsecurity.Asthedisciplineisstillyoung,ourgoalinthisreviewistopresentseveralpromisingapplicationsofeconomictheoriesandideastopracticalinformationsecurity∗ThisrevieworiginallyappearedinScience314(5799),pp.610–613,October27,2006(http://dx.doi.org/10.1126/s
7、cience.1130992).1problemsratherthantoenumeratethemanyestablishedresults.Wefirstconsidermis-alignedincentivesinthedesignanddeploymentofcomputersystems.Next,westudytheimpactofexternalities:Networkinsecurityissomewhatlikeairpollutionortrafficcongestion,inthatpeoplewho
8、connectinsecuremachinestotheInternetdonotbearthefullconsequencesoftheiractions.Thedifficultyinmeasuringinformationsecurityriskspresentsanotherchallenge:Theseriskscannot
