2025 Theses Doctoral

Economic Approaches to Hardware Security

Hastings, Adam

Computer insecurity continues to cost society billions of dollars per year. Yet this is not a problem without solutions---most security failures have available defenses, but these defenses are often applied inconsistently, if at all. Understanding when and where security is applied requires a rigorous understanding of the costs of security:

What types of costs does security impose? How do these costs manifest in computer systems and computer architecture? Who pays for these costs---and what happens if they do not? These are not just questions of computer science or security but of 𝘦𝘤𝘰𝘯𝘰𝘮𝘪𝘤𝘴 as well. This dissertation presents four works aimed at improving security by advancing an economics-based understanding of it, with a focus on systems and hardware.

The first develops a foundational framework for viewing security as a cost whose tradeoffs must be fairly distributed. The second work uses agent-based economic modeling and simulation to understand the tradeoffs between security and cyber insurance and finds that security is a weakest-link game and that individually optimal security investments do not produce socially optimal outcomes. The third work is an incentive compatible study that measures the opportunity cost of security by eliciting how much performance is worth to end users in terms of dollars. Finally, the fourth work proposes a socio-technical policy proposal for incentivizing the adoption of security within computer architecture and presents a mechanism for measuring the in situ runtime performance overhead of security.

Together, these works lay the foundation for the new and developing field of hardware and system security economics.