Predicted and observed user behavior in the weakest-link security game

Jens Grossklags; Nicolas Christin; John Chuang

Predicted and observed user behavior in the weakest-link security game

Jens Grossklags
, Nicolas Christin
, John Chuang

University of California at Berkeley
CMU/CyLab Japan

Research output: Contribution to conference › Paper › peer-review

14 Scopus citations

Abstract

We aim to advance the understanding of individual security decision-making, by combining formal and behavioral analysis. We sketch a game-theoretic model of security decision-making that generalizes the “weakest link” game, and describe a controlled laboratory experiment to reveal differences between predicted and observed user behavior. Results of a pilot study yield possible explanations for behaviors observed in the wild: users show some willingness to experiment with parameters, rarely converge to a fixed behavior, and face difficulties isolating the impact of individual parameters.

Original language	English
State	Published - 2008
Externally published	Yes
Event	2008 Usability, Psychology, and Security, UPSEC 2008 - San Francisco, United States Duration: 14 Apr 2008 → …

Conference

Conference	2008 Usability, Psychology, and Security, UPSEC 2008
Country/Territory	United States
City	San Francisco
Period	14/04/08 → …

Cite this

@conference{8ef1e99b829b47b29c909f7dd86e91fc,

title = "Predicted and observed user behavior in the weakest-link security game",

abstract = "We aim to advance the understanding of individual security decision-making, by combining formal and behavioral analysis. We sketch a game-theoretic model of security decision-making that generalizes the “weakest link” game, and describe a controlled laboratory experiment to reveal differences between predicted and observed user behavior. Results of a pilot study yield possible explanations for behaviors observed in the wild: users show some willingness to experiment with parameters, rarely converge to a fixed behavior, and face difficulties isolating the impact of individual parameters.",

author = "Jens Grossklags and Nicolas Christin and John Chuang",

note = "Publisher Copyright: {\textcopyright} Usability, Psychology, and Security, UPSEC 2008. All rights reserved.; 2008 Usability, Psychology, and Security, UPSEC 2008 ; Conference date: 14-04-2008",

year = "2008",

language = "English",

}

TY - CONF

T1 - Predicted and observed user behavior in the weakest-link security game

AU - Grossklags, Jens

AU - Christin, Nicolas

AU - Chuang, John

PY - 2008

Y1 - 2008

N2 - We aim to advance the understanding of individual security decision-making, by combining formal and behavioral analysis. We sketch a game-theoretic model of security decision-making that generalizes the “weakest link” game, and describe a controlled laboratory experiment to reveal differences between predicted and observed user behavior. Results of a pilot study yield possible explanations for behaviors observed in the wild: users show some willingness to experiment with parameters, rarely converge to a fixed behavior, and face difficulties isolating the impact of individual parameters.

AB - We aim to advance the understanding of individual security decision-making, by combining formal and behavioral analysis. We sketch a game-theoretic model of security decision-making that generalizes the “weakest link” game, and describe a controlled laboratory experiment to reveal differences between predicted and observed user behavior. Results of a pilot study yield possible explanations for behaviors observed in the wild: users show some willingness to experiment with parameters, rarely converge to a fixed behavior, and face difficulties isolating the impact of individual parameters.

UR - https://www.scopus.com/pages/publications/85076444426

M3 - Paper

AN - SCOPUS:85076444426

T2 - 2008 Usability, Psychology, and Security, UPSEC 2008

Y2 - 14 April 2008

ER -

Predicted and observed user behavior in the weakest-link security game

Abstract

Conference

Other files and links

Fingerprint

Cite this