Toward a Game Theoretic Optimization Framework for Rational Security Prompting

We're back again with another Duo Tech Talk! This time, we're excited to host Elissa Redmiles (@eredmil1) to share her work on rational security prompting!

Elissa is a Postdoctoral Researcher at Microsoft Research and an incoming professor at Princeton University. Elissa’s research interests are broadly in the areas of security and privacy. She uses computational, economic, and social science methods to understand users’ security and privacy decision-making processes, specifically investigating inequalities that arise in these processes and mitigating those inequalities through the design of systems that facilitate safety equitably across users. Elissa received her Ph.D. in Computer Science from the University of Maryland. As a graduate student, she was the recipient of the NSF Graduate Research Fellowship, a Facebook Fellowship, and the National Defense Science and Engineering Graduate Fellowship (NDSEG). Her work has appeared in popular press publications such as Scientific American, Business Insider, Newsweek, and CNET and has been recognized with the John Karat Usable Privacy and Security Research Award and a Distinguished Paper Award at USENIX Security 2018.

Security behaviors (e.g., use of two factor authentication) can help avoid incidents, but can also increase costs, both user costs -- in time and mental effort -- and engineering resources and other fees (e.g., SMS costs) to implement and encourage behaviors. As such, it would be best to optimize prompting users to engage in secure behaviors: quantitatively determining which behaviors are most optimal for which users at which times. Elissa and her collaborators' work modeling the rationality of users' security decisions allows them to predict user security behavior (2FA decisions ) as a function of user understanding of risks and benefits, as well as factors of the user (such as their internet skill). In this talk, Elissa will discuss on going work from her and her collaborators in which they propose a game theoretic optimization framework (mechanism design) that can account for firm costs (2FA SMS fees, engineering fees) and user costs (e.g., time for behavior) and optimize the trade offs between them.

Streaming Live at 6:30pm on Youtube:
https://duo.sc/techtalk-sep-2019