![enter image description here](https://c2.staticflickr.com/4/3808/9677247879_a39e3e702c_b.jpg)

>“Many problems in information security exist at least par-
tially because the people involved are not properly moti-
vated to solve them. Incentive-centered design provides
tools and principles to guide technology development for
security systems. As an example, we developed a screen-
ing model and showed how the design principles it pro-
vides have been used in existing security technologies.
The key insight is that human behavior — whether coop-
erative, indifferent or malicious — is not a fixed con-
straint. Rather, humans have goals, and choose their
behavior to advance their goals. Design with this in
mind can produce systems that change incentives, and
thus harness behavior to advance the designer’s goals” 


One of the major concerns of information security is access control. Access control is a concern because insider threats can violate the privacy of the owners of the information. Incentive-centered design approaches to security are fairly new and are ways to produce confidentiality, integrity, and availability, as represented by the commonly known C.I.A. triad that information security professionals use as a guideline.

The new advances in blockchain technology are significant in that in particular it solves the Byzantine generals problem. The Byzantine generals problem presents a situation where you have two generals who have to coordinate an attack, but without a formal agreed method of sharing plans (sequence) they have no way to reach a consensus on a shared state of reality. There are many ways to solve this problem, some which include electing a leader general who is most trusted by vote, who stamps “real” on the state so that the other generals can distinguish real from fake. Another mechanism would have the responsibility be shared, where generals take turns, and finally you have

The issue here is that “trust”, “authority” and “security” are related concepts. The blockchain elegantly solved the Byzantine General's problem by using an incentive centered design. Mining is what secures the network, and the blockchain itself is a trust-minimizing security design, where the trust is distributed in a fairly decentralized manner, so that the ledger is fault tolerant.

There have been other solutions to the Byzantine General's problem such as the RAFT Consensus algorithm or Paxos. All of these various solutions involve finding consensus, and consensus is an agreed upon state of the system. The system could be a virtual machine, it could be a ledger, but when the state is agreed upon then recovery for a node is as simple as downloading the blockchain or downloading the agreed upon state of the network.

These various algorithms allow for decentralize cloud robotics, the Internet of Things, Blockchains, and decentralized virtual computers. 

Access control becomes something which can be managed in entirely different ways when you have a blockchain or similar consensus mechanism. In the blockchain consensus mechanisms typically you need an incentive to secure the network, this produces a cost to transactions, but it also acts as spam protection. 

State of the art access control in a blockchain could take the form of multi-signature wallets, where ownership of a wallet is shared (a shared wallet) between peers in a network. Currently Bitcoin supports multi-signature wallets (shared wallets) but Bitcoin is not state of the art, while Ethereum and Bitshares at this time offer state of the art access control capabilities.


Bitshares has a solution which they label “dynamic account permissions”, which in practice is as flexible as a centralized solution would be. This means you can have the same level of access control in terms of permissions in a decentralized network as you could have in a centralized network.  Ethereum is entirely script-able, and in the case of Ethereum a smart contract can define access control without any limitations. 

Due to the current pace of evolution of these technologies, and the flexibility they offer in terms of access control, you can it to apply homomorphic encryption which Microsoft has just released a breakthrough paper on. Homomorphic encryption would allow for the benefits of decentralization (fault tolerance) to be applied to health records for example. All of these breakthroughs are made possible by a design principle, the incentive centered design which makes blockchain technology possible.
 


References

Web: http://research.microsoft.com/apps/pubs/default.aspx?id=258435
Web: http://www.tomshardware.com/news/microsoft-homomorphic-encryption-biomedical-data,30577.html
Web: https://bitshares.org/technology/dynamic-account-permissions/
Web: https://blog.ethereum.org/2015/11/09/stateful-turing-complete-policies/


Lamport, L. (2001). Paxos made simple. ACM Sigact News, 32(4), 18-25.

Lamport, L., Shostak, R., & Pease, M. (1982). The Byzantine generals problem. ACM Transactions on Programming Languages and Systems (TOPLAS), 4(3), 382-401.

Ongaro, D., & Ousterhout, J. (2014, June). In search of an understandable consensus algorithm. In Proc. USENIX Annual Technical Conference (pp. 305-320).

Wash, R., & MacKie-Mason, J. K. (2006, July). Incentive-Centered Design for Information Security. In HotSec.