You are here: Home Contents V2 N1 V2N1_Carlsson.html
Personal tools

Security Consistency in Information Ecosystems: Structuring the Risk Environment on the Internet



Full text

Journal of Information System Security
Volume 2, Number 1 (2006)
Pages 326
ISSN 1551-0123
Bengt Carlsson — Blekinge Institute of Technology, Sweden
Andreas Jacobsson — Blekinge Institute of Technology, Sweden
Information Institute Publishing, Washington DC, USA




The concepts of information ecosystems and multi agent systems are used to describe a security consistency model where, as a background, humans are presumed to act as Machiavellian beings, i.e. behaving selfishly. Based on this notion, we analyze behaviors initiated by network contaminants derived from the groupings marketing, espionage and malice, and their effects to an entire ecosystem. The contribution of this paper is a security consistency model, which illustrates a comprehensive and systemic view of the evolutionary risk environment in information networks.




Information Ecosystem, Multi Agent Systems, Security Consistency Model, Machiavellian Being, Network Contamination, Spam, Spyware, Virus




Agre, P.E. and Chapman, D. (1987), ‘Pengi: An Implementation of a Theory of Activity’, Sixth National Conference on Artificial Intelligence, July 13-17, Seattle Washington.

Arce, I. (2004), “More Bang for the Bug – an Account of 2003’s Attack Trends”, IEEE Security & Privacy, 2(1): 66-68.

Bishop, M. (2004), Introduction to Computer Security, Addison Wesley, Boston.

Boldt, M., Carlsson, B. and Jacobsson, A. (2004), ‘Exploring Spyware Effects’, 9th Nordic Workshop on Secure IT Systems, Nov 4-5, Helsinki Finland.

Castelfranchi C. and Conte, R. (1996), ‘Distributed Artificial Intelligence and Social Science: Critical Issues’, Foundations of Distributed Artificial Intelligence, eds. G.M.P. O’Hare and N.P. Jennings, John Wiley & Sons.

Choi, S.-Y., Stahl, D.O. and Winston, A.B. (1997), The Economics of Electronic Commerce, Macmillan Technical Publishing, Indianapolis.

Dawkins, R. (1982), The Extended Phenotype, W.H. Freeman and Company, Oxford.

Dennett, D.C. (1995), Darwin’s Dangerous Idea, Allen Lane Penguin Press, London.

‘Directive on Privacy and Electronic Communications’ (2002), Directive 2002/58/EC of the European Parliament and of the council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector.

Donald, M. (1991), Origins of the Modern Mind, Harvard University Press, London.

Dunbar, R. (1997), Grooming, Gossip and the Evolution of Language, Harvard University Press, Boston.

Ferris Research (2005),, 8 Dec 2005.

Genesereth, M. Ginsberg, M. and Rosenschein, J. (1998), ‘Cooperationwithout Communication’, Distributed Artificial Intelligence, eds. Bond and Gasser, Morgan Kaufmann.

Gmytrasiewicz, P.J. and Durfee, E.H. (1995), ‘A Rigorous, Operational Formalization of Recursive Modeling’, First International Conference on Multi Agent Systems, June 12-14, San Francisco CA.

Gärdenfors, P. (2003), How Homo Became Sapiens: On the Evolution of Thinking, Oxford University Press, Oxford.

Hardin, G. (1968), “The Tragedy of the Commons”, Science, 162: 1243-1248.

Jacobsson, A., Boldt, M. and Carlsson, B. (2004), ‘Privacy-Invasive Software in File-Sharing Tools’, 18th IFIP World Computer Congress, Aug 22-27, Toulouse France.

Jacobsson, A. and Carlsson, B. (2003), ‘Privacy and Spam: Empirical Studies of Unsolicited Commercial Email’, IFIP Summer School on Risks & Challenges of the Network Society, Aug 4-8, Karlstad Sweden.

Lindgren, K. (1991), ‘Evolutionary Phenomena in Simple Dynamics’, in Artificial Life II, eds. C.G. Langton, C. Taylor, J.D. Farmer and S. Rasmussen, Addison Wesley.

Lomborg, B. (1994), ‘Game Theory vs. Multiple Agents: The Iterated Prisoner’s Dilemma’, in Artificial Social Systems, eds. C. Castelfranchi and E. Werner, Lecture Notes in Artificial Intelligence, Vol. 830, Springer Verlag.

Lueg, C. (2003), ‘Secondary Effects of Anti-Spam Measures and their Relevance to Information Security Management’, First Australian Information Security Management Conference, 24 Nov, Perth Australia.

McCardle, M. (2003), ‘How Spyware Fits into Defense in Depth’, SANS Reading Room, SANS Institute, 2003., 9 May 2005.

Maynard Smith, J. (1982), Evolution and the Theory of Games, Cambridge University Press, Cambridge.

Nardi, B.A. and O’Day, V.L. (1999), Information Ecologies – Using Technology with Heart, MIT Press, Cambridge.

Newsroom Finland,, 8 Dec 2005.

Rao, A.S. and Georgeff, M.P. (1995), ‘BDI Agents: from Theory to Practice’, First International Conference on Multi Agent Systems, June 12-14, San Francisco CA.

Rosenschein, S. and Kaelbling, K. (1986), ‘The Synthesis of Digital Machines with Provable Epistemic Properties’, Conference on Theoretical Aspects of Reasoning about Knowledge, March, Monterey CA.

Rosenschein, J. and Zlotkin, G. (1994), Rules of Encounter, MIT Press, Cambridge. Russell, S.J. and Norvig, P. (1995), Artificial Intelligence: A Modern Approach, Prentice Hall, Englewood Cliffs.

Sariou, S., Gribble, S.D. and Levy, H.M. (2004), ‘Measurement and Analysis of Spyware in a University Environment’, ACM/USENIX Symposium on Networked Systems Design and Implementation, March 29-31, San Francisco CA.

Shapiro, C. and Varian, H. (1999), Information Rules: A Strategic Guide to the Networked Economy, Harvard Business School Press, Boston.

Skoudis, E. (2004), Malware: Fighting Malicious Code, Prentice Hall PTR, Upper Saddle River.

Spyaudit, Earthlink, Inc., 8 Dec 2005.

‘Spyblock Act’ (2004), S.2145.IS (2nd Session), in the Senate of the United States, Feb 27.

Szor, P. (2005), The Art of Virus Research and Defence, Addison Wesley, Boston.

Townsend, K. (2003), ‘Spyware, Adware, and Peer-to-Peer Networks: The Hidden Threat to Corporate Security’, Pest Patrol, Inc., 8 Dec 2005.

Van Valen, L. (1973), “A New Evolutionary Law”, Evolutionary Theory, 1: 1-30.

Wellman, M.A. (1994), ‘A Computational Market Model for Distributed Configuration Design’, 12th National Conference on Artificial Intelligence, July 31-Aug 4, Seattle WA.

Westin, A.F. (1968), Privacy and Freedom, Atheneum, New York.

Williams, G.C. (1966), Adaptation and Natural Selection, Princeton University Press, Princeton.

Wooldridge, M. and Jennings, N.R. (1995), ‘Agent Theories, Architectures, and Languages: a Survey’, Intelligent Agents, eds. M. Wooldridge and N.R. Jennings, Springer-Verlag.

Ygge, F., Akkermans, H. and Andersson, A. (1998), ’A Multi-Commodity Market Approach to Power Load Management’, International Conference on Multi Agent Systems, July 4 - 7, Paris France.