economics and behavior
play

Economics and Behavior Allan Fong CMSC 818D April 30, 2015 - PowerPoint PPT Presentation

Economics and Behavior Allan Fong CMSC 818D April 30, 2015 Decision making Economics Privacy and Security application What can be done Decision making Economics Privacy and Security application What can be done WHY DID YOU DO THAT?


  1. Economics and Behavior Allan Fong CMSC 818D April 30, 2015

  2. Decision making Economics Privacy and Security application What can be done

  3. Decision making Economics Privacy and Security application What can be done

  4. WHY DID YOU DO THAT?

  5. Maslow's Hierarchy of Needs http://commons.wikimedia.org/wiki/File:Maslow%27s_Hierarchy_of_Needs.svg

  6. Intrinsic motivation vs Extrinsic motivation

  7. Intrinsic motivation vs Extrinsic motivation http://www.conciselearning.com/firstyearexperience.html

  8. Intrinsic motivation vs Extrinsic motivation http://valorconnection.com/6-tips-on-how-to-build-a-super-secure-password/

  9. Other behavior model/theories • Hawthorne effect • Group think • Anchoring • Confirmation bias https://baltimoremanagement.wordpress.com/2011/07/10/the-hawthorne-effect/

  10. Other behavior model/theories • Hawthorne effect • Group think • Anchoring • Confirmation bias http://whatisitwellington.com/2012/10/02/groupthink-the-murderer-of-innovation- how-to-recognise-and-avoid-it/

  11. Other behavior model/theories • Hawthorne effect • Group think • Anchoring • Confirmation bias http://posterng.netkey.at/esr/viewing/index.php?module=viewing_poster&task=vie wsection&pi=121372&ti=398218&searchkey=

  12. Other behavior model/theories • Hawthorne effect • Group think • Anchoring • Confirmation bias http://1.bp.blogspot.com/-Hd4lm-a4rK8/T Farside comics

  13. Asymmetric information Hyperbolic time discount Wang et al, 2014

  14. Asymmetric information Hyperbolic time discount http://www.someecards.com/

  15. Intuition Reasoning Wang et al, 2014

  16. Decision making Economics Privacy and Security application What can be done

  17. Economic model for “rational” decision making Herley, 2009

  18. Economic models • Game Theory • Symmetric vs Asymmetric games • Zero-sum vs non-zero-sum games Adopted from: http://en.wikipedia.org/wiki/Game_theory

  19. Stag and the Hare Tracking a stag, stag can be shared by all, need everyone to cooperate and hiding • Waiting for stag (it will come but not sure how long) • Day passes • Hares appear… • http://www.thehoneybeeandthehare.com/anthology-of-hares/ http://commons.wikimedia.org/wiki/File:Red_Deer_Stag_-_Flickr.jpg Adopted from: http://en.wikipedia.org/wiki/Game_theory

  20. Aggregate Benefit vs Individual Benefit http://www.thehoneybeeandthehare.com/anthology-of-hares/ http://commons.wikimedia.org/wiki/File:Red_Deer_Stag_-_Flickr.jpg Adopted from: http://en.wikipedia.org/wiki/Game_theory

  21. Prisoner’s dilemma (symmetric) Two members of a criminal gang are arrested and imprisoned. Each prisoner is in solitary confinement with no means of speaking to or exchanging messages with the other. The prosecutors do not have currently enough evidence to convict the pair on the principal charge. Each prisoner is given the opportunity either to: betray the other by testifying that the other committed the crime (for a lesser sentence), or remain silent. Adopted from: http://en.wikipedia.org/wiki/Game_theory

  22. Prisoner’s dilemma (symmetric) Two members of a criminal gang are arrested and imprisoned. Each prisoner is in solitary confinement with no means of speaking to or exchanging messages with the other. The prosecutors do not have currently enough evidence to convict the pair on the principal charge. Each prisoner is given the opportunity either to: betray the other by testifying that the other committed the crime (for a lesser sentence), or remain silent. Here is the offer: If A and B each betray the other, each of them serves 2 years in prison If A betrays B but B remains silent, A will be set free and B will serve 3 years in prison (and vice versa) If A and B both remain silent, both of them will only serve 1 year in prison (on the lesser charge) Adopted from: http://en.wikipedia.org/wiki/Game_theory

  23. Prisoner’s dilemma (symmetric) Two members of a criminal gang are arrested and imprisoned. Each prisoner is in solitary confinement with no means of speaking to or exchanging messages with the other. The prosecutors do not have currently enough evidence to convict the pair on the principal charge. Each prisoner is given the opportunity either to: betray the other by testifying that the other committed the crime (for a lesser sentence), or remain silent. Here is the offer: If A and B each betray the other, each of them serves 2 years in prison If A betrays B but B remains silent, A will be set free and B will serve 3 years in prison (and vice versa) If A and B both remain silent, both of them will only serve 1 year in prison (on the lesser charge) Cooperate Defect Cooperate 2,2 0,3 Defect 3,0 1,1 Adopted from: http://en.wikipedia.org/wiki/Game_theory

  24. Decision making Economics Privacy and Security application What can be done

  25. Total Cost Total Benefit Herley, 2009

  26. Total Cost Total Benefit Direct vs Indirect Herley, 2009

  27. Length Total Benefit Composition Dictionary membership Don’t Write it Down Don’t Share it with anyone Change it often Don’t reuse passwords Potential? Any? Evidence?? Keyloggers, brute force, etc. Total Cost Password Rules Herley, 2009

  28. Numeric IP Total Benefit Address-bar typos Incorrect top-level domains Host rather than path Punctuation Right to left domains User benefit vs institution benefits (banks) Close to zero benefit for Users Total Cost “Phishing” Rules Herley, 2009

  29. Total Benefit Understand SSL and how to check Check for a certificate Almost all cert errors are false positives Total Cost Certificate Error Rules Herley, 2009

  30. http://www.paintsquare.com/blog/?fuseaction=view&blogID=166

  31. Recommendations • Better understand of actual harm • User education of cost on system/population • Get rid of irrelevant advice • Prioritize advice

  32. … “rational” rejection of security advice by users Herley, 2009

  33. Ultimatum game (asymmetric) You and Lisa are playing a game. An experimenter puts 100 one dollar bills on a table in front of them. Lisa can divide the money between herself and you however she chooses. You then decides whether to accept her division , in which case each keeps the money as Lisa divided it, or to reject the division , in which case neither receives any money. For example, Lisa divides the money into one stack worth 65 dollars and one worth 35 dollars. She offers the smaller amount to you. If you accepts, you keeps 35 dollars and Lisa keeps 65 dollars. If you rejects the division, neither you nor Lisa receive anything. What would you do? Adopted from: http://en.wikipedia.org/wiki/Game_theory

  34. Ultimatum game (asymmetric) Will you accept if accept if…. Adopted from: http://en.wikipedia.org/wiki/Game_theory

  35. Ultimatum game (asymmetric) Will you accept if accept if…. If you are acting “rationally”, you should accept any division in which Lisa offers you at least one dollar, since doing so leaves you with more money than you would have had otherwise. Adopted from: http://en.wikipedia.org/wiki/Game_theory

  36. Ultimatum game (asymmetric) Will you accept if accept if…. If you are acting “rationally”, you should accept any division in which Lisa offers you at least one dollar, since doing so leaves you with more money than you would have had otherwise. Even a division which gives Lisa 100 dollars and you zero it costs you nothing, so you have no purely rational reason to reject it. Adopted from: http://en.wikipedia.org/wiki/Game_theory

  37. Ultimatum game (asymmetric) Will you accept if accept if…. If you are acting “rationally”, you should accept any division in which Lisa offers you at least one dollar, since doing so leaves you with more money than you would have had otherwise. Even a division which gives Lisa 100 dollars and you zero it costs you nothing, so you have no purely rational reason to reject it. If Lisa knows that you will act rationally, and if she acts rationally herself, then she should offer you one dollar and keep 99 for herself. Adopted from: http://en.wikipedia.org/wiki/Game_theory

  38. Ultimatum game (asymmetric) Will you accept if accept if…. If you are acting “rationally”, you should accept any division in which Lisa offers you at least one dollar, since doing so leaves you with more money than you would have had otherwise. Even a division which gives Lisa 100 dollars and you zero it costs you nothing, so you have no purely rational reason to reject it. If Lisa knows that you will act rationally, and if she acts rationally herself, then she should offer you one dollar and keep 99 for herself. In practice, divisions which you regards as unfair are generally rejected. Adopted from: http://en.wikipedia.org/wiki/Game_theory

  39. “rational” or “not rational” • Driving a car to school if you live 2 blocks away. • Spending $4 for coffee at a coffee bar over $1.50 at CyberCafe. • Leaving your laptop in your car while shopping. • Posting your telephone number on-line. http://yalt.crcna.org/lost-dogs-and-lost-people/

  40. Decision making Economics Privacy and Security application What can be done

  41. Can you please change?

  42. http://www.dnainfo.com/new-york/20150227/greenwich-village/burglars-target- village-residents-who-leave-doors-unlocked-police-say

Recommend


More recommend