Notes and Papers coming soon!
Security and Privacy in Medical and Home-Care Systems
You may have missed the chance to attend SPIMACS at the ACM CCS, but notes, papers and presentations will be available soon.

Public Service Announcement
The only place to order your free credit report is AnnualCreditReport.com. The other services will either charge you, or keep the information you have authorized them to view and resell it.

Activities
My Information Security Economics Website.

Inventions
Incentive-Based Access Control Working with doctoral candidate Debin Liu we have first paper on incentive-based access control, entitled Mitigating Inadvertent Insider Threas. Future work from this paper now work in progress.

Net Trust: Informing Trust Decisions
Description:The Tech Talk Overview describes how Net Trust works. Current trust mechanisms are built for computers, not humans, despite the reams of available research on human trust decisions. In fact, the most common trust devices (e.g., seals, domain names) require the cooperation of the malicious to function. We have developed a system to use social networks to inform trust decisions. Initial users tests show that Net Trust alters trust behaviors, providing information to people that makes them more trusting of some sites and less trusting of others.


Research
Computer Security is Risk Communication
Want Technically Naive People to Adopt Security Technology? Talk to them in their own terms...
 Individual security solutions have not been adopted even when individuals have expressed their desire to do so. Our experiment suggests one contributing factor is that the rich array of metaphors used by computer security professionals fail to align with individual's mental models. Speaking of phishing, worms, and infections is not helpful risk communication.

IPv6
 Is the exhaustion of IPv6 an inevitable train wreck? In this paper we generate historical data using whois and compare three policies. The first is prohibition of allocation to those already well-endowed with IPv4. The second is limiting allocations to the minimal allocation that can reasonably expected to be in the routing tables. The third is picking a cut-off date and allocating fractions until that date.


Experimentation
Want Security? Build Privacy.
 There is some question as to why end users do not adopt security technologies. We argue that this is typical of users to behave as human beings in the domain of risk and uncertainty. That is, there are consistent biases that determine if risks are acceptable or not. Responses to risk are determined more by the perception of benevolence of the creator of the risk than by the magnitude of the risk. Here is Trust on the Web, a Tale of User Deceit.



Other work available here.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 



Event Announcements

Security and Privacy in Medical and Home-Care Systems, a workshop affiliated with ACM CCS Pronounced Spy-max If you missed the submission deadline, call for participation coming soon.

The call for papers from the 9th Annual Financial Cryptography is available at http://fc09.ifca.ai/. Papers due Sept. 15th.

MetricCon 4.0 Call for Participation, for the event in Toronto in August with Usenix Security.

For information on events related to or including economics of security, please track http://www.infosecon.net/ info - secon dot net.