Prospectus for Economics of Information Security
Informatics Rm 200
1:00 - 2:15 pm MW
List and links to readings for each day
The course will use the tools of economics to better understand computer security. This is not a course in economics research in that no new tools will be discovered and no new ground will be broken in economic theory. The understanding of economics required for this course is modest, and a strong mathematical background with no economics will certainly suffice. There is no textbook. The course will be based on a series of research papers, primarily drawn for the series of Workshops on Economics of Information Security.
GradingThere are two methods for obtaining credit for this class for doctoral studies. Those in security can take the course for depth credit. This will require a completed research paper. Those in the PhD program who are taking the course for breadth credit are required to do weekly readings.
For masters students in any program, taking this as an elective or required course, the choice of a paper or a weekly summary will be made based on your interests. The grading standards will not be as strigent as for the doctoral students in either case.
|25%||class participation||in class and on oncourse|
|75%||For Breadth Credit
|due every Friday|
|35%||For Depth Credit
|due as scheduled|
|40%||For Depth Credit
|due as scheduled|
Possible Publication VenuesTrust 2009 2nd International Conference on Trusted Computing, St. Hugh's College, University of Oxford, UK, April 6-8, 2009. Submissions November 2, 2008.
For more information, please see http://www.trust2009.org.
SP 2009 30th IEEE Symposium on Security and Privacy, Oakland/Berkeley, California, USA, May 17-20, 2009. (Submissions due 10 November 2008) http://oakland09.cs.virginia.edu.
IDtrust 2009 8th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryalnd, USA, April 14-16, 2009. (Submissions due 17 November 2008) http://middleware.internet2.edu/idtrust/.
IFIP-CIP 2009 Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA, March 22-25, 2009. For more information, please see http://www.ifip1110.org. Submissions December 31, 2008.
USENIX '09: 2009 USENIX Annual Technical Conference, June 14-19, 2009, San Diego, CA, Paper submissions due: January 9, 2009 http://www.usenix.org/events/usenix09/cfp
IPTPS '09: 8th International Workshop on Peer-to-Peer Systems, Submissions due: January 9, 2009, http://www.usenix.org/events/iptps09/cfp
USENIX Security '09: 18th USENIX Security Symposium, Paper submissions due: February 4, 2009 August 10-14, 2009, Montreal, Canada http://www.usenix.org/events/sec08/cfp
OverviewThe class is assumes no background in economics, and therefore must begin with some very basic economics. After this it is divided into major topics, with sessions organized under those themes.
Economics IntroThese first sessions will provide the minimal microeconomics necessary to understand the remainder of the term. Concepts of utility and optimization are introduced.
SpamSpam is an economic problem with technical symptoms. How charging for spam is possible in the technical sense, and why it won't work in the real world.
Economic of VulnerabilitiesOne of the most hotly contested issues in security economics is the disclosure of vulnerabilities. Should there be a market for disclosure? If so, in what form?
Pricing Intrusion and Return on Security InvestmentIf there is an intrusion avoided or a recovery from intrusion the question of cost can be hotly contested. How to begin to balance and argue those costs is the issue in these sessions.
Economics of PrivacyPrivacy, like security, is the control of information. The economics of privacy can explain some otherwise arbitrary consumer behavior.
The Social Side of SecurityThe course ends with a consideration of the social implications of security.