Why information security is hard - An economic perspective

被引:162
作者
Anderson, R [1 ]
机构
[1] Univ Cambridge, Comp Lab, Cambridge CB3 0FD, England
来源
17TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS | 2001年
关键词
D O I
10.1109/ACSAC.2001.991552
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. In this note, I put forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons.
引用
收藏
页码:358 / 365
页数:8
相关论文
共 20 条
[1]   MARKET FOR LEMONS - QUALITY UNCERTAINTY AND MARKET MECHANISM [J].
AKERLOF, GA .
QUARTERLY JOURNAL OF ECONOMICS, 1970, 84 (03) :488-500
[2]  
ANDERSON J, 1973, ESDTR7351 US AIR FOR
[3]   WHY CRYPTOSYSTEMS FAIL [J].
ANDERSON, RJ .
COMMUNICATIONS OF THE ACM, 1994, 37 (11) :32-40
[4]  
Anderson Ross., 2001, SECURITY ENG GUIDE B
[5]   Copy protection for DVD video [J].
Bloom, JA ;
Cox, IJ ;
Kalker, T ;
Linnartz, JPMG ;
Miller, ML ;
Traw, CBS .
PROCEEDINGS OF THE IEEE, 1999, 87 (07) :1267-1276
[6]  
BRADY RM, 1999, 476 CAMBR U COMP LAB
[7]  
*CERT, 1999, RES DISTR SYST INTR
[8]   A FIELD-STUDY OF THE SOFTWARE-DESIGN PROCESS FOR LARGE SYSTEMS [J].
CURTIS, B ;
KRASNER, H ;
ISCOE, N .
COMMUNICATIONS OF THE ACM, 1988, 31 (11) :1268-1287
[9]  
Davis D, 1996, PROCEEDINGS OF THE SIXTH ANNUAL USENIX SECURITY SYMPOSIUM: FOCUSING ON APPLICATIONS OF CRYPTOGRAPHY, P171
[10]  
*EUR UN, 2001, COM2001298 EUR UN