DIMACS Workshop on Information Security Economics

January 18 - 19, 2007
DIMACS Center, CoRE Building, Rutgers University

Jean Camp, Indiana University, ljean@ljean.com
Alessandro Acquisti, Carnegie Mellon University, acquisti@andrew.cmu.edu
Presented under the auspices of the Special Focus on Communication Security and Information Privacy and
Special Focus on Computation and the Socio-Economic Sciences.

Workshop Program:

Thursday January 18, 2007

 8:00 -  8:30  Breakfast and Registration (DIMACS Lounge)

 8:30 -  9:00  Welcome and Opening Remarks
               Fred Roberts, DIMACS Director       
               Jean Camp, Indiana University 
               Alessandro Acquisti, Carnegie Mellon University

 9:00 - 10:20  Session 1: The Economic Perspective 
               Internet Security, Vulnerability Disclosure, & Software Provision
               Neil Gandal, University of Tel Aviv

               Privacy, Incentives, & Contractual Efficiency in the Market 
               for Consumer Software
               Jens Grossklags, UC Berkeley 

               Perspectives from Microeconomic Theory and Game Theory
               Beth Allen, University of Minnesota

               Incentive-Centered Design for Information Security
               Rick Wash and Jeff Mackie-Mason, University of Michigan

10:20 - 10:50  Break

10:50 - 12:10  Session 2: Engineering & Psychology

               Routing Security Economics
               Stephen Bellovin, Columbia University 

               Security Engineering & Economics
               Ross Anderson and Tyler Moore, Cambridge University 

               The Psychology of Security
               Bruce Schneier, BT Counterpane 

               Privacy Engineering 
               Lorrie Cranor, Carnegie Mellon University and 
               Sarah Spiekermann, Humboldt University

12:10 -  1:30  Lunch - DIMACS Lounge 

 1:30 -  2:50  Session 3: Policy and Law 

               Surveillance of Emergent Associations:  
               Freedom of Association in a Network Society
               Katherine J. Strandburg, DePaul University

               Notice of Security Breaches as a Lightweight Regulation
               Deirdre Mulligan, UC Berkeley

               Security Through Obscurity: When It Works & When It Doesn't
               Peter Swire, Ohio State University

               Data Policy Violations
               Dan Geer, Verdasys

 2:50 -  3:20  Break

 3:20 -  4:40  Breakout 1: Goal: Define core of research agenda.
               Find common interests, & determine common priorities. 
               Search for useful overlaps, & discuss various methodological 
               strengths & weaknesses. Is there a common definition of security? 
               Enumerate the metrics, tests of validity, & implications for 
               each others' work. 
 4:40 -  5:30  Breakout Reports

 6:30          Workshop Banquet I3P: The Institute for Information 
               Infrastructure Protection
               Dinner at: SOHO ON GEORGE - 335 George Street - New Brunswick, New Jersey
               with thanks to I3P: The Institute for Information Infrastructure Protection

Friday January 19, 2007

 8:30 -  9:00  Breakfast and Registration (DIMACS Lounge)

 9:00 - 10:20  Session 4: Business Applications  

               Vulnerability Hunters: Surveying Participants in a
               Poorly Understood Labor Market
               Stuart Schechter, MIT Lincoln Laboratories and Andy Ozment, Cambridge University

               Modeling & Economics of IT Risk Management & Insurance
               Stephanos Griztalis and Costas Lambrinoudakis, University of the Aegean

               Models & Measures for Correlation in Cyber-Insurance
               Gaurav Kataria, Carnegie Mellon University and Rainer Böhme, University of Dresden

               Linking the Economics of Cyber Security & Corporate Reputation
               Barry Horowitz, University of Virginia

10:20 - 10:50  Break

10:50 - 12:10  Session 5: Case Studies 

               Information Security & IT Risk Management in the Real World: 
               Results from Field Studies
               Scott Dynes, Dartmouth College

               Competing with Free: The Impact of Movie Broadcasts on 
               DVD Sales & Internet Piracy
               Michael Smith and Rahul Telang, Carnegie Mellon University

               Fuzzy MLS: An Experiment on Quantified Risk-Adaptive Access Control
               Pau-Chen Chen, Pankaj Rohatgi and Claudia Keser, IBM

               Countermeasures Against Government-Scale Monetary Forgeries
               Nicolas Christin, Carnegie Mellon University

12:10 -  1:30  Lunch (DIMACS Lounge)

 1:30 -  2:50  Session 6: Systems

               Valet Services: Improving Hidden Servers with a Personal Touch
               Paul Syverson, NRL

               Anonymity Services & Tor
               Roger Dingledine, Tor

               Designing Review Ranking Systems: Combining Economics with Opinion Mining
               Anindya Ghose, New York University

               Network formation, Sybil Attacks & Reputation Systems
               George Danezis, University of Leuven

 2:50 -  3:20  Break

 3:20 -  4:40  Breakout 2: Goal: Coordination
               Can we better serve our own ends? For example, do the 
               assumptions in economics enable better design? Does the 
               work in computer science inform law? Make explicit some 
               implicit assumptions about information security economics 
               that has hindered cross-disciplinary work. While the previous 
               breakout focuses on goals and metrics, this should focus on methods. 

 4:40 -  5:30  Concluding Session: Abbreviated Breakout Reports 
               Presentation of the set of questions to be discussed and 
               follow-up for the creation of the workshop report.

Previous: Participation
Next: Registration
Workshop Index
DIMACS Homepage
Contacting the Center
Document last modified on January 17, 2007.