Rick Wash

By Rick Wash

Home computer users frequently lack the skills necessary to ensure proper security. Hackers exploit this to control large networks of computers (‘botnets’) that are used for spam, extortion, and fraud. I integrate ideas from psychology and economics to design software that provides incentives that induce better security choices by home computer users.

Rick Wash, “Incentive Design for Home Computer Security.“ Extended Abstract at the ACM SIGCHI Conference on Computer-Human Interaction 2007 Doctoral Consortium. January 2007.

Download: PDF

By Emilee Rader and Rick Wash

del.icio.us is a website for “social bookmarking” where users can store and access their bookmarks online, along with descriptive keywords or “tags.” When a user of del.icio.us logs in to their account and adds a bookmark, she may also tag that bookmark with any 10 or fewer single words that she feels are somehow related to that web page. Both the tags and the bookmarks are then publicly available; searching by a tag produces all of the bookmarked web pages ever tagged with that word. Because the tags are public, it is possible that users’ choices regarding what tags to apply could be influenced by the tagging practices of others, and a consensus might emerge for which tags should be used in a given context. However, it has long been accepted that people use language imprecisely, and meaning is negotiated on-the-fly during conversation. This imprecision is evident not only in communication, but also when people are asked to create keywords for recipes and names for common editing operations, and when user-generated index terms are compared with Library of Congress subject headings. In fact, the probability that two people will generate the same label for the same object is widely held to be less than 20%.

A question remains about whether users of del.icio.us practice social or selfish tagging. An analysis of bookmark, user and tag data for 349 web pages downloaded via del.icio.us was conducted to discover whether the “vocabulary problem” is present in the way users select tags for web pages. Results indicate that there is very little inter-user agreement, suggesting that most users consciously or inadvertently tag selfishly. These tagging practices have important implications for the findability of web pages in del.icio.us.

Emilee Rader and Rick Wash, “Tagging with Del.icio.us: Social or Selfish?“ Extended Abstract at Computer Supported Cooperative Work (CSCW) 06 Poster Session. November 2006.

Download: PDF, Poster

By Rick Wash and Jeff MacKie-Mason

Humans are “smart components” in a system, but cannot be directly programmed to perform; rather, their autonomy must be respected as a design constraint and incentives provided to induce desired behavior. Sometimes these incentives are properly aligned, and the humans don’t represent a vulnerability. But often, a misalignment of incentives causes a weakness in the system that can be exploited by clever attackers. Incentive-centered design tools help us understand these problems, and provide design principles to alleviate them. We describe incentive-centered  design and some tools it provides. We provide a number of examples of security problems for which Incentive Centered Design might be helpful. We elaborate with a general screening model that offers strong design principles for a class of security problems.

Rick Wash and Jeff MacKie-Mason. “Incentive Centered Design and Information Security,” Presented at the First Workshop on Hot Topics in Security (HotSec). July 2006.

Download: PDF

By Rick Wash, Libby Hemphill, and Paul Resnick

The RideNow Project is designed to help individuals within a group or organization coordinate ad hoc shared rides. This paper describes three design decisions the RideNow team made in order to allow incremental adoption and evolution and to capitalize on local conditions. (1) The system allows users to interact with the system through email or Web, because we anticipate that email will be most convenient when there are few users but the Web interface will be more useful as the number of users increase. (2) The system does not force structure on user-entered data such as dates, times, and locations, instead allowing conventions to emerge. (3) We use the group’s shared physical spaces to provide additional information about ride sharing activity.

Rick Wash, Libby Hemphill, and Paul Resnick. “Design Decisions in the RideNow Project”.  Proceedings of the ACM Conference on Supporting Group Work (GROUP), 2005

Download: PDF

By Thede Loder, Marshall Van Alstyne, and Rick Wash

We explore an alternative approach to spam based on economic rather than technological or regulatory screening mechanisms. We employ a model of email value which supports two intuitive notions: 1) mechanisms designed to promote valuable communication can often outperform those designed merely to block wasteful communication, and 2) designers of such mechanisms should shift focus away from the information in the message to the information known to the sender. We then use principles of information asymmetry to cause people who knowingly misuse communication to incur higher costs than those who do not. In certain cases, though not all, we can show this approach leaves recipients better off than even an idealized or “perfect” filter that costs nothing and makes no mistakes. Our mechanism also accounts for individual differences in opportunity costs, and allows for bi-directional wealth transfers while facilitating both sender signaling and recipient screening.

Thede Loder, Marshall Van Alstyne, and Rick Wash. An Economic Solution to the Spam Problem. Proceedings of the ACM Conference on Electronic Commerce, 2004.

Download: PDF, PS

* This material is based upon work supported by the National Science Foundation under Grant No. 0114368.

By Jose Nazario, Jeremy Anderson, Rick Wash, and Chris Connelly

Network worms, simple slang terminology for automated intrusion agents, represent a persistent threat to a growing Internet in an increasingly networked world. However, their evolution has been somewhat limited, and they still rely on the same basic paradigms, which contain fundamental flaws. We analyze the basic components of a worm and apply this analysis to three worms found in the wild on the Internet. We then proceed to analyze the limiting factors of existing worm paradigms and outline new ideas which we expect to become prevalent. These new worms will prove to be more difficult to identify and eradicate. It is our intention in sharing this knowledge to stimulate the development of strategies to detect and counteract the threat of smarter network worms.

Download: PDF, PS