Sciweavers

IEEESP
2010

The Iterated Weakest Link

13 years 10 months ago
The Iterated Weakest Link
Abstract. We devise a model for security investment that reflects dynamic interaction between a defender, who faces uncertainty, and an attacker, who repeatedly targets the weakest link. Using the model, we derive and compare optimal security investment over multiple periods, exploring the delicate balance between proactive and reactive security investment. We show how the best strategy depends on the defender’s knowledge about prospective attacks and the sunk costs incurred when upgrading defenses reactively. Our model explains why security underinvestment is sometimes rational even when effective defenses are available and can be deployed independently of other parties’ choices. Finally, we connect the model to real-world security problems by examining two case studies where empirical data is available: computers compromised for use in online crime and payment card security.
Rainer Böhme, Tyler Moore
Added 26 Jan 2011
Updated 26 Jan 2011
Type Journal
Year 2010
Where IEEESP
Authors Rainer Böhme, Tyler Moore
Comments (0)