MC2 Seminar: "Network Security Economics: Identifying Choke Points and Understanding Incentives to Improve Online Security" by Dr. Nicolas Christin - Carnegie Mellon University

Wed Apr 17, 2013 5:00 PM

Location: Room 1115 Computer Science Instructional Center (CSI)

Dr. Nicolas Christin
Information Networking Institute, Carnegie Mellon University

With the rise of financially-motivated computer abuse, understanding economic incentives of both attackers and targets has become critical to strengthening online security. In this talk, Dr. Christin will advocate the need for an interdisciplinary research agenda, ranging from network measurements and analysis to game-theoretic modeling.

He will first show how empirical network measurements help better design intervention mechanisms against attackers. Using the online sale of unlicensed pharmaceutical drugs as a case study, he will describe how longitudinal, large-scale measurements and analysis reveal important structural properties of a priori complex criminal ecosystems. He will in particular demonstrate the existence of "choke points" both in traffic brokering and product supply, which should be prime targets for intervention.

In addition to disrupting attackers' operations, improving overall network security also requires users strengthen their defenses -- but which incentives do they have to do so? Dr. Christin will introduce a game-theoretic model that his team developed to describe how rational users respond to security threats in large-scale networks. He will use this model to show how network effects, specifically negative network externalities, strongly influence security decision making. He will conclude by outlining a roadmap for future security research combining measurements, mathematical modeling and behavioral aspects.

Nicolas Christin is the Associate Director of the Information Networking Institute at Carnegie Mellon University, and a research faculty (Senior Systems Scientist) in CyLab, Electrical and Computer Engineering, and Engineering and Public Policy. He holds a Diplôme d'Ingénieur from École Centrale Lille, and M.S. and Ph.D. degrees in Computer Science from the University of Virginia. After a postdoc in the School of Information at the University of California, Berkeley, he joined Carnegie Mellon in 2005. He served for three years as resident faculty at CMU CyLab Japan, before returning to Carnegie Mellon's main campus in 2008. His research interests are in computer and information systems networks; most of his work is at the boundary of systems and policy research, with a slant toward security aspects. He has most recently focused on online crime, security economics, and psychological aspects of computer security. He equally enjoys field measurements and mathematical modeling.