Logic for Decision Making in Security - Developing the theory and applications of Compliance Budget Logic
Main supervisor: Professor Guy McCusker, University of Bath
Second supervisor: Professor David Pym, University College London
Security breaches often arise as a result of users’ failure to comply with security policies or follow good security practice, even when the implications of such behaviour are known to them. Simple examples include the use of unencrypted USB sticks for the transport of sensitive information, or connecting to public WiFi networks despite the well-known dangers of so doing. There is evidence that this failure to comply with policy arises from the perception that the benefit of compliance is outweighed by the reduction in users’ ability to complete their tasks when complying. In recent work we have proposed a qualitative analysis of the concept of “compliance budget”: the idea that users have a finite budget of time and energy available for such costly compliance activities, beyond which they begin to deviate from secure behaviour. Compliance Budget Logic is a multi-modal logic incorporating a notion of preference which we use to describe and explain users’ security decisions.
This PhD project will develop the theory and applications of this Compliance Budget Logic. The basic theory of the logic will be developed, followed by its application to security decision-making. For example, we may study how the interaction of multiple security policies and multiple budgets (e.g. users’ own time, laptop battery life, etc) may be described and analysed via our logic. Some of this work will be carried out in collaboration with leading security researchers at University College London.
Anticipated start date: 2 October 2017.
Note: Applications may close earlier than the advertised deadline if a suitable candidate is found; therefore, early application is strongly recommended.
Some Research Council funding is available on a competition basis to Home and EU students who have been resident in the UK for 3 years prior to the start of the project. For more information on eligibility, see: https://www.epsrc.ac.uk/skills/students/help/eligibility/.
Funding will cover Home/EU tuition fees, a stipend (£14,553 per annum for 2017/18) and a training support fee of £1,000 per annum for 3.5 years. Early application is strongly recommended.
Applicants classed as Overseas for tuition fee purposes are NOT eligible for funding; however, we welcome all-year-round applications from self-funded candidates and candidates who can source their own funding.
Anderson, G., McCusker, G. and Pym, D., 2016. A Logic for the Compliance Budget. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M. and Casey, W., eds. Proceedings, GameSec 2016- Decision and Game Theory for Security. Springer Verlag, pp. 370-381. (Lecture Notes in Computer Science; 9996)