The security cost of cheap user interaction

Rainer Böhme; Jens Grossklags

doi:10.1145/2073276.2073284

The security cost of cheap user interaction

Rainer Böhme, Jens Grossklags

Penn State University Park

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

30 Scopus citations

Abstract

Human attention is a scarce resource, and lack thereof can cause severe security breaches. As most security techniques rely on considerate human intervention in one way or another, this resource should be consumed economically. In this context, we postulate the view that every false alarm or unnecessary user interaction imposes a negative externality on all other potential consumers of this chunk of attention. The paper identifies incentive problems that stimulate overconsumption of human attention in security applications. It further outlines a lump-of-attention model, devised against the backdrop of established theories in the behavioral sciences, and discusses incentive mechanisms to fix the misallocation problem in security notification, for instance the idea of a Pigovian tax on attention consumption.

Original language	English (US)
Title of host publication	NSPW'11 - Proceedings of the 2011 New Security Paradigms Workshop
Pages	67-82
Number of pages	16
DOIs	https://doi.org/10.1145/2073276.2073284
State	Published - 2011
Event	2011 New Security Paradigms Workshop, NSPW'11 - Marin County, CA, United States Duration: Sep 12 2011 → Sep 15 2011

Publication series

Name	Proceedings New Security Paradigms Workshop

Other

Other	2011 New Security Paradigms Workshop, NSPW'11
Country/Territory	United States
City	Marin County, CA
Period	9/12/11 → 9/15/11

All Science Journal Classification (ASJC) codes

Safety, Risk, Reliability and Quality
Hardware and Architecture
Software
Information Systems

Access to Document

10.1145/2073276.2073284

Cite this

@inproceedings{b52e38c647744ad898fec64cabdb9a5e,

title = "The security cost of cheap user interaction",

abstract = "Human attention is a scarce resource, and lack thereof can cause severe security breaches. As most security techniques rely on considerate human intervention in one way or another, this resource should be consumed economically. In this context, we postulate the view that every false alarm or unnecessary user interaction imposes a negative externality on all other potential consumers of this chunk of attention. The paper identifies incentive problems that stimulate overconsumption of human attention in security applications. It further outlines a lump-of-attention model, devised against the backdrop of established theories in the behavioral sciences, and discusses incentive mechanisms to fix the misallocation problem in security notification, for instance the idea of a Pigovian tax on attention consumption.",

author = "Rainer B{\"o}hme and Jens Grossklags",

year = "2011",

doi = "10.1145/2073276.2073284",

language = "English (US)",

isbn = "9781450310789",

series = "Proceedings New Security Paradigms Workshop",

pages = "67--82",

booktitle = "NSPW'11 - Proceedings of the 2011 New Security Paradigms Workshop",

note = "2011 New Security Paradigms Workshop, NSPW'11 ; Conference date: 12-09-2011 Through 15-09-2011",

}

TY - GEN

T1 - The security cost of cheap user interaction

AU - Böhme, Rainer

AU - Grossklags, Jens

PY - 2011

Y1 - 2011

N2 - Human attention is a scarce resource, and lack thereof can cause severe security breaches. As most security techniques rely on considerate human intervention in one way or another, this resource should be consumed economically. In this context, we postulate the view that every false alarm or unnecessary user interaction imposes a negative externality on all other potential consumers of this chunk of attention. The paper identifies incentive problems that stimulate overconsumption of human attention in security applications. It further outlines a lump-of-attention model, devised against the backdrop of established theories in the behavioral sciences, and discusses incentive mechanisms to fix the misallocation problem in security notification, for instance the idea of a Pigovian tax on attention consumption.

AB - Human attention is a scarce resource, and lack thereof can cause severe security breaches. As most security techniques rely on considerate human intervention in one way or another, this resource should be consumed economically. In this context, we postulate the view that every false alarm or unnecessary user interaction imposes a negative externality on all other potential consumers of this chunk of attention. The paper identifies incentive problems that stimulate overconsumption of human attention in security applications. It further outlines a lump-of-attention model, devised against the backdrop of established theories in the behavioral sciences, and discusses incentive mechanisms to fix the misallocation problem in security notification, for instance the idea of a Pigovian tax on attention consumption.

UR - http://www.scopus.com/inward/record.url?scp=84855681364&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84855681364&partnerID=8YFLogxK

U2 - 10.1145/2073276.2073284

DO - 10.1145/2073276.2073284

M3 - Conference contribution

AN - SCOPUS:84855681364

SN - 9781450310789

T3 - Proceedings New Security Paradigms Workshop

SP - 67

EP - 82

BT - NSPW'11 - Proceedings of the 2011 New Security Paradigms Workshop

T2 - 2011 New Security Paradigms Workshop, NSPW'11

Y2 - 12 September 2011 through 15 September 2011

ER -

The security cost of cheap user interaction

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this