Prospectus for Economics of Information Security
L Jean Camp
Informatics Rm 200
1:00 - 2:15 pm MW
I 105
List and links to readings for each day
The course will use the tools of economics to better understand computer security. This is not a course in economics research in that no new tools will be discovered and no new ground will be broken in economic theory. The understanding of economics required for this course is modest, and a strong mathematical background with no economics will certainly suffice. There is no textbook. The course will be based on a series of research papers, primarily drawn for the series of Workshops on Economics of Information Security.
Grading
There are two methods for obtaining credit for this class for doctoral studies. Those in security can take the course for depth credit. This will require a completed research paper. Those in the PhD program who are taking the course for breadth credit are required to do weekly readings.For masters students in any program, taking this as an elective or required course, the choice of a paper or a weekly summary will be made based on your interests. The grading standards will not be as strigent as for the doctoral students in either case.
| 25% | class participation | in class and on oncourse | |
| 75% | For Breadth Credit weekly essays |
due every Friday | |
| 35% | For Depth Credit midterm draft |
due as scheduled | |
| 40% | For Depth Credit final paper |
due as scheduled | |
Possible Publication Venues
Trust 2009 2nd International Conference on Trusted Computing, St. Hugh's College, University of Oxford, UK, April 6-8, 2009. Submissions November 2, 2008.For more information, please see http://www.trust2009.org.
SP 2009 30th IEEE Symposium on Security and Privacy, Oakland/Berkeley, California, USA, May 17-20, 2009. (Submissions due 10 November 2008) http://oakland09.cs.virginia.edu.
IDtrust 2009 8th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryalnd, USA, April 14-16, 2009. (Submissions due 17 November 2008) http://middleware.internet2.edu/idtrust/.
IFIP-CIP 2009 Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA, March 22-25, 2009. For more information, please see http://www.ifip1110.org. Submissions December 31, 2008.
USENIX '09: 2009 USENIX Annual Technical Conference, June 14-19, 2009, San Diego, CA, Paper submissions due: January 9, 2009 http://www.usenix.org/events/usenix09/cfp
IPTPS '09: 8th International Workshop on Peer-to-Peer Systems, Submissions due: January 9, 2009, http://www.usenix.org/events/iptps09/cfp
USENIX Security '09: 18th USENIX Security Symposium, Paper submissions due: February 4, 2009 August 10-14, 2009, Montreal, Canada http://www.usenix.org/events/sec08/cfp
Overview
The class is assumes no background in economics, and therefore must begin with some very basic economics. After this it is divided into major topics, with sessions organized under those themes.Economics Intro
These first sessions will provide the minimal microeconomics necessary to understand the remainder of the term. Concepts of utility and optimization are introduced.Spam
Spam is an economic problem with technical symptoms. How charging for spam is possible in the technical sense, and why it won't work in the real world.Economic of Vulnerabilities
One of the most hotly contested issues in security economics is the disclosure of vulnerabilities. Should there be a market for disclosure? If so, in what form?Pricing Intrusion and Return on Security Investment
If there is an intrusion avoided or a recovery from intrusion the question of cost can be hotly contested. How to begin to balance and argue those costs is the issue in these sessions.Economics of Privacy
Privacy, like security, is the control of information. The economics of privacy can explain some otherwise arbitrary consumer behavior.The Social Side of Security
The course ends with a consideration of the social implications of security.