Incentive-Centered Design and Access Control
January 14, 2016
Photo Credit: Keys that no longer work, for places that no longer exist via hjl cc
One of the major concerns of information security is access control. Access control is a concern because insider threats can violate the privacy of the owners of the information. Incentive-centered design approaches to security are fairly new and are ways to produce confidentiality, integrity, and availability, as represented by the commonly known C.I.A. triad that information security professionals use as a guideline.
“Many problems in information security exist at least partially because the people involved are not properly motivated to solve them. Incentive-centered design provides tools and principles to guide technology development for security systems. As an example, we developed a screening model and showed how the design principles it provides have been used in existing security technologies. The key insight is that human behavior — whether cooperative, indifferent or malicious — is not a fixed constraint. Rather, humans have goals, and choose their behavior to advance their goals. Design with this in mind can produce systems that change incentives, and thus harness behavior to advance the designer’s goals”(Wash, Mackie-Mason, 2006)
Incentive-Centered Design and the Byzantine Generals Problem
The new advances in blockchain technology are significant in that in particular it solves the Byzantine Generals Problem. The Byzantine Generals Problem presents a situation where you have two generals who have to coordinate an attack, but without a formal agreed method of sharing plans (sequence) they have no way to reach a consensus on a shared state of reality.
There are many ways to solve this problem; some which include electing a leader general who is most trusted by vote and who stamps “real” on the state so that the other generals can distinguish real from fake. Another mechanism would have the responsibility be shared, where generals take turns.
The issue here is that “trust”, “authority” and “security” are related concepts. The blockchain elegantly solved the Byzantine Generals Problem by using an incentive-centered design. Mining is what secures the network. The blockchain itself is a trust-minimizing shared finite state machine utilizing an incentive centered design so that trust is distributed in a fairly decentralized manner therefore rendering the ledger fault tolerant.
There have been other solutions to the Byzantine Generals Problem such as the RAFT Consensus algorithm or Paxos. All of these solutions involve finding consensus as an agreed upon state of the system. The system could be a virtual machine, it could be a ledger, but when the state is agreed upon, then recovery for a node is as simple as downloading the blockchain or downloading the agreed upon state of the network.
These various algorithms allow for decentralized cloud robotics, the Internet of Things, blockchains, and decentralized virtual computers.
Access Control with a Blockchain
Access control becomes something which can be managed in entirely different ways when you have a blockchain or similar shared consensus mechanism. In the blockchain consensus mechanisms typically you need an incentive to secure the network. This produces a cost to transactions, but it also acts as spam protection.
State of the art access control in a blockchain could take the form of multi-signature wallets, where ownership of a wallet is shared (a shared wallet) between peers in a network. Currently Bitcoin supports multi-signature wallets (shared wallets), but Bitcoin is not the state of the art. Ethereum and Bitshares at this time offer state of the art access control capabilities.
Bitshares has a solution called “dynamic account permissions”, which in practice is as flexible as a centralized solution would be. You can have the same level of access control in terms of permissions in a decentralized network as you could have in a centralized network. Ethereum is entirely script-able, and when considering Ethereum as a smart contract, you can define access control without any limitations.
Due to the current pace of evolution of these technologies and the flexibility they offer in terms of access control, you can apply it to homomorphic encryption which Microsoft just released a breakthrough paper on regarding this topic.
Homomorphic encryption would allow for the benefits of decentralization (fault tolerance) to be applied to health records for example. All of these breakthroughs are made possible by a design principle; the incentive-centered design which makes blockchain technology possible.
About the Guest Author
Dana Edwards is a technological visionary, an information security expert and a
social futurist. Born and raised in Boston Massachusetts, he
obtained a Bachelors degree in ethics, social & political philosophy
from UMass, a Masters degree in Cybersecurity from UMUC, and is CompTIA
He has been fascinated by and continuously studied computer
technology and information security since 1997 when he received his
first computer. As a student, teacher and problem solver, he wishes to
share some of his knowledge with the world, and to inspire, conduct, and
promote innovative experiments in cybersecurity.
Lamport, L. (2001). Paxos made simple. ACM Sigact News, 32(4), 18-25.
Lamport, L., Shostak, R., & Pease, M. (1982). The Byzantine generals problem. ACM Transactions on Programming Languages and Systems (TOPLAS), 4(3), 382-401.
Ongaro, D., & Ousterhout, J. (2014, June). In search of an understandable consensus algorithm. In Proc. USENIX Annual Technical Conference (pp. 305-320).
Wash, R., & MacKie-Mason, J. K. (2006, July). Incentive-Centered Design for Information Security. In HotSec.