Schedule

Full Schedule:

Downloadable Schedule
Downloadable Map

Wed June 1

6:30 - 9pm
Malkin Penthouse
Reception

Thursday June 2

7:30-8: Breakfast

8 - 8:30: Greeting

8:15- 10: Investment in Security (Chair: Larry Gordon)

• James R. Conrad, "Analyzing the Risks of Information Security Investments with Monte-Carlo Simulations " (slides)
  
• Pei-yu Chen, Gaurav Kataria and Ramayya Krishnan, "Software Diversity for Information Security" (slides)
  
• Anindya Ghose, Arun Sundararajan, "Pricing Security Software: Theory and Evidence" (slides)

10 - 10:30: Coffee

10:30 – 12: Responses to Security Failure (Chair: Stuart Schechter)

• Avi Goldfarb, "Why do denial of service attacks reduce future visits? Switching costs vs. changing preferences " (slides)
  
• Jennifer S. Granick, "Faking It: Criminal Sanctions and the Cost of Computer Intrustions" (slides)
  
• Tyler Moore, "Countering Hidden-Action Attacks on Networked Systems" (slides)

12:00 - 2:00: Lunch at Fire & Ice (http://www.fire-ice.com/experience/experience.html)

Speaker: Bruce Schneier

2:- 3:30: DRM & Spam (Chair: Ross Anderson)

• Dirk Bergemann, Thomas Eisenbach, Joan Feigenbaum, Scott Shenkerx, "Flexibility as an Instrument in Digital Rights Management" (slides)
  
• Yooki Park and Suzanne Scotchmer, "Digital Rights Management and the Pricing of Digital Products" (slides)
  
• Andrei Serjantov and Richard Clayton, "Modeling Incentives for Email Blocking Strategies" (slides)

3:30 - 4: Tea

4:00 - 5: 30: Incentive Modeling (Chair: Rahul Telang )

• Jay Pil Choi, Chaim Fershtman, and Neil Gandal, "Internet Security, Vulnerability Disclosure, and Software Provision" (slides)
  
• Byung Cho Kim, Pei-Yu Chen, and Tridas Mukhopadhyay, "An Economic Analysis of Software Market with Risk-Sharing Contract" (slides)
• Hasan Cavusoglu, Huseyin Cavusoglu and Srinivasan Raghunathan "Emerging Issues in Responsible Vulnerability Disclosure" (slides)
  

5:30 Dinner: Legal Seafood (included in registration)

7:30 Rump Session (Chair: Andrew Odlyzko)

(see below for details)

Friday June 3

7:30 - 8: 30: Breakfast

8:30 - 10:00:

I. Insurance (Chair: Marty Loeb )

• Rainer Böhme, "Cyber-Insurance Revisited" (slides)
  
• Jay P. Kesan, Ruperto P. Majuca, William J. Yurcik, " Cyber-insurance As A Market-Based Solution To The Problem Of Cybersecurity" (slides)
  
• Hulisi Ogut, Nirup Menon, Srinivasan Raghunathan, "Cyber Insurance and IT Security Investment: Impact of Interdependent Risk " (slides)

10 - 10:30: Coffee

10:30 - 12:

II. Experiments & Field Studies(Chair: Alessandro Acquisti )

• Scott Dynes, Hans Brechbuhl, Eric Johnson, " Information Security in the Extended Enterprise: Some Initial Results From a Field Study of an Industrial Firm " (slides)
  
• Luc Wathieu and Allan Friedman, "An empirical approach to the valuing privacy valuation" (slides)
  
• Bernardo A. Huberman, Eytan Adar and Leslie R. Fine, "Valuating Privacy" (slides)
• Rahul Telang, and Sunil Wattal,"Impact of Software Vulnerability Announcements on the Market Value of Software Vendors – an Empirical Investigation" (slides)

12:00 - 2:00: Buffet Lunch at KSG

Keynote address by Ann Cavoukian (slides)

2:00 - 3:30:

III. Privacy(Chair: Jean Camp)

• Zhulei Tang, Yu (Jeffrey) Hu, Michael D. Smith, "Protecting Online Privacy: Self-Regulation, Mandatory Standards, or Caveat Emptor" (slides)
  
• Alessandro Acquisti, and Jens Grossklags, "Uncertainty, Ambiguity and Privacy" (slides)
  
• Rachel Greenstadt and Michael D. Smith, "Protecting Personal Information: Obstacles and Directions (slides)
  
• David Baumer, Julia Earp, and J.C. Poindexter, "Quantifying Privacy Choices with Experimental Economics" (slides)

3:30 - 4:00: Tea

4:00 - 5:30:

IV. Vulnerabilities(Chair: Huseyin Cavusoglu)

• Dmitri Nizovtsev, and Marie Thursby, "Economic Analysis of Incentives to Disclose Software Vulnerabilities" (slides)
  
• Andy Ozment, "The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting" (slides)
  
• Ashish Arora, Ramayya Krishnan, Rahul Telang, Yubao Yang, "An Empirical Analysis of Vendor Response to Disclosure Policy" (slides)
  

5:30 – 6:00: Business meeting to instantiate new Not For Profit.

Rump

• Adam Shostack, "Avoiding Liability: An Alternative Route to More Secure Products"
  
• Sabah S. Al-Fedaghi, "Privacy as a Base for Confidentiality" (slides)
  
• Ritesh Kumar Tiwari, and Kamalakar Karlapalem, "Cost Tradeoffs For Information Security Assurance"
  
• Pramod A. Jamkhedkar, and Gregory L. Heileman, "The Role of Architecture in DRM Vendor Economics"
  
• Paul Judge, Dmitri Alperovitch, and Weilai Yang, "Understanding and Reversing the Profit Model of Spam
  
• Pramod A. Jamkhedkar, and Gregory L. Heileman,"The Role of Architecture in DRM Vendor Economics"
  
• Marco Cremonini, and Patrizia Martini, "Evaluating Information Security Investments from Attackers Perspective: the Return-On-Attack (ROA)" (slides)
  
• George Danezis, Stephen Lewis and Ross Anderson, "How much is location privacy worth?" (slides)
  
• Brent Rowe and Michael Gallaher, "Could IPv6 Improve Network Security? And, If So, at What Cost?" (slides)
  
• Fariborz Farahmand, Shamkant B. Navathe, Gunter P. Sharp, Philip H. Enslow,"Assessing Damages of Information Security Incidents and Selecting Control Measures, a Case Study Approach" (slides)
  
• Peter E. Sand, Director of Privacy Technology, "The Privacy Value"
  
• Choong Hee Lee and Junseok Hwang, " Private Information Shielding Service for Overcoming Privacy Risk in Recommender System " (slides)
  
• Christopher E. Everett, " Bridging the Gap Between Computer Security and Legal Requirements"

PLEASE NOTE: Thursday, June 2 and Friday, June 3, 2005 are extremely busy days around Harvard Square. Harvard and MIT are both holding reunions and commencement ceremonies on and near those dates. Please make your reservations at one of the nearby hotals as soon as possible.