An ownership-base message admission control mechanism for curbing spam

Unsolicited e-mail has brought much annoyance to users, thus, making e-mail less reliable as a communication tool. This has happened because current email architecture has key limitations. For instance, while it allows senders to send as many messages as they want, it does not provide adequate capability to recipients to prevent unrestricted access to their mailbox. This research develops a new approach to equip recipients with ability to control access to their mailbox.This thesis builds an ownership-based approach to control mailbox usage employing the CyberOrgs model. CyberOrgs is a model that provides facilities to control resources in multi-agent systems. We consider a mailbox to be a precious resource of its owner. Any access to the resource requires its owner's permission. Thus, we give recipients a capability to manage their valuable resource - mailbox. In our approach, message senders obtain a permission to send messages through negotiation. In this negotiation, a sender makes a proposal and the intended recipient evaluates the proposal according to their own policies. A sender's desired outcome of a negotiation is a contract, which conducts the subsequent communication between the sender and the recipient. Contracts help senders and recipients construct a long-term relationship.Besides allowing individuals to control their mailbox, we consider groups, which represent organizations in human society, in order to allow organizations to manage their resources including mailboxes, message sending allowances, and contracts.A prototype based on our approach is implemented. In the prototype, policies are separated from the mechanisms. Examples of policies are presented and a public policy interface is exposed to allow programmers to develop custom policies. Experimental results demonstrate that the system performance is policy-dependent. In other words, as long as policies are carefully designed, communication involving negotiation has minimal overhead compared to communication in which senders deliver messages to recipients directly

Cyber security information sharing in the United States : an empirical study including risk management and control implications, 2000-2003

A tremendous amount of change in traditional business paradigms has occurred over the past decade through the development of Electronic Commerce and ad\ ancements in the field of Information Technology. As lesser-developed countries progress and become more prosperous. traditional . first world' countries have migrated to become strong service oriented economies (Asch, 200 I). Supporting technologies have developed over the past decade which has exploited the benefits of the Internet and other infonnation technologies. While Electronic Commerce continues to grow there is a corresponding impact on computer software and individual privacy (Ghosh and Swaminatha, 200 I). Recently. the U.S. National Institute of Standards and Technology (NIST) found that software bugs cost the U.S. economy approximately $59.5 billion, or .600/0 of the annual Gross Domestic Product (U.S. Department of Commerce, 2003). In addition, we have witnessed a rise in the strength and impact of Denial of Service and other types of computer attacks such as: viruses. trojans. exploit scripts and probes/scans. Popular industry surveys such as the annual Federal Bureau of Investigation/Computer Security Institute (Gordon. Et. AI.. 2006) confirm the growing threats in the Information Assurance field. In addition to these concerns our increased reliance on the Internet enabled systems (loudon and loudon. 2000). E-Commerce systems and Information Technologies an integrated suite of risks which must be managed effectively across the public and private sectors (Backhouse. Et. AI. 2005. Ghosh and Swamintha. 200 I. Parker. 200 I. Graf. 1995. Greenberg and Goldman, 1995). Previous research (Rumizen, 1998. Haver, 1998, Roulier, 1998) examined InterOrganisational, Web Infonnation Systems and Government Information Systems in order to assess how companies and other organisations can effectively design these information systems such that maximum benefits can be achieved for all participating organisations. Furthermore, Davenport, Harris and Delong (2001) and Davenport (1999) explained that collaboration is central to the results of a knowledge management system in which open, nonpolitical, non-competitive entities are involved in environments to achieve optimal individual and collective results. Before this memorable event. some related programmatic initiatives were already in-process at that time. The United States government built upon its active leadership in the areas of computer security and information assurance when it launched a number of important efforts to manage information security threats. This was clearly evident when President Clinton made the U.S. National Infrastructure (Nil) a major national priority in the 1 990s. One critical development occurred in 1998 when the National Infrastructure Protection Centre was established to be the central point for gathering, analysing and disseminating critical cyber security information and built upon the previous success of the national Computer Emergency Response Team (CERT). Earlier research (Rich. 2001, Soo Hoo, 2000. Howard. 1997 and Landwher, 1994) addressed various aspects of information security information and incident reporting. Also. Vatis 0001) addressed some research considerations in this area while investigating foreign network centric and traditional warfare events primarily through Denial of Service and Web Site Defacement attacks. However. areas for new exploration existed especially as they related to U.S. critical infrastructure protection (Karestand. 2003. Vatis. 200 I. U.S. General Accounting Office. 2000. Alexander and Swetham. 19(9). Finally. Information and Network Centric Warfare (Arens and Rosenbloom. 2003. Davies. 2000. Denning and Baugh. 2000. and Schwartau. 1997) are increasing national security issues in the \\' ar on Terrorism and Homeland Security in general

An Economic Answer to Unsolicited Communication

We explore an alternative approach to spam based on economic rather than technological or regulatory screening mechanisms

An Economic Answer to Unsolicited Communication ABSTRACT

We explore an alternative approach to spam based on economic rather than technological or regulatory screening mechanisms. We employ a model of email value which supports two intuitive notions: 1) mechanisms designed to promote valuable communication can often outperform those designed merely to block wasteful communication, and 2) designers of such mechanisms should shift focus away from the information in the message to the information known to the sender. We then use principles of information asymmetry to cause people who knowingly misuse communication to incur higher costs than those who do not. In certain cases, though not all, we can show this approach leaves recipients better off than even an idealized or “perfect ” filter that costs nothing and makes no mistakes. Our mechanism also accounts for individual differences in opportunity costs, and allows for bi-directional wealth transfers while facilitating both sender signaling and recipient screening.