Information security economics - And beyond

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4622 LNCS, Issue , 2007, Pages 68-91

  Anderson, Ross ^a   Moore, Tyler ^a  

^a UNIVERSITY OF CAMBRIDGE   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

DISTRIBUTED COMPUTER SYSTEMS; PROGRAM DEBUGGING;

DIGITAL RIGHTS MANAGEMENT; FAST-MOVING DISCIPLINE;

SECURITY OF DATA;

EID: 38149088764     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-74143-5_5     Document Type: Conference Paper

References (108)

1. Mastanduno, M.: Economies and Security in Statecraft and Scholarship. International Organization 52(4) (1998)
2. Anderson, R.J.: Why Cryptosystems Fail. Communications of the ACM 37(11), 32-40 (1994)
3. Ayres, I., Levitt, S.: Measuring Positive Externalities from Unobservable Victim Precaution: An Empirical Analysis of Lojack, NBER Working Paper no W5928; also in The Quarterly Journal of Economics. 113, 43-77
4. Camp, J., Wolfram, C.: Pricing Security. In: Proceedings of the CERT Information Survivability Workshop, October 24-26, 2000, pp. 31-39 (2000)
5. Varian, H.: Managing Online Security Risks, Economic Science Column, The New York Times (June 1, 2000)
6. Böhm, N., Brown, I., Gladman, B.: Electronic Commerce: Who Carries the Risk of Fraud? Journal of Information, Law and Technology 3 (2000)
7. Anderson, R. J.: Closing the Phishing Hole - Fraud, Risk and Nonbanks. In: Nonbanks in the Payment System, Santa Fe (May 2007)
8. Moore, T.: Countering Hidden-Action Attacks on Networked Systems. In: Fourth Workshop on the Economics of Information Security, Harvard (2005)
9. Anderson, R.J.: The Eternity Service. In: Pragocrypt 96 (1996)
10. Danezis, G., Anderson, R.J.: The Economics of Resisting Censorship. IEEE Security & Privacy 3(1), 45-50 (2005)
11. Goodhart, D.: Too Diverse? In: Prospect (February 2004) at http://www.guardian.co.uk/race/story/0,11374,1154684,00.html
12. Anderson, R.J.: Why Information Security is Hard - An Economic Perspective. In: 17th Annual Computer Security Applications Conference, December 2001 (2001), and at http://www.cl.cam.ac.uk/users/rjal4/Papers/econ.pdf
13. Hirshleifer, J.: From weakest-link to best-shot: the voluntary provision of public goods. Public Choice 41, 371-386 (1983)
14. Varian, H.: System Reliability and Free Riding. In: Economics of Information Security, pp. 1-15. Kluwer, Dordrecht (2004)
15. Kunreuther, H., Heal, G.: Interdependent Security. Journal of Risk and Uncertainty 26(2-3), 231-249 (2003)
16. Katz, M., Shapiro, C.: Network Externalities, Competition, and Compatibility. The American Economic Review 75(3), 424-440 (1985)
17. Ozment, J.A., Schechter, S.E.: Bootstrapping the Adoption of Internet Security Protocols. In: Fifth Workshop on the Economics of Information Security, Cambridge, UK, June 26-28,
18. Anderson, R.J.: Open and Closed Systems are Equivalent (that is, in an ideal world. In: Perspectives on Free and Open Source Software, pp. 127-142. MIT Press, Cambridge (2005)
19. Rescorla, E.: Is Finding Security Holes a Good Idea? In: Third Workshop on the Economics of Information Security (2004)
20. Ozment, J.A.: The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting. In: Fourth Workshop on the Economics of Information Security (2005)
21. Ozment, J.A., Schechter, S.E.: Milk or Wine: Does Software Security Improve with Age? In: 15th Usenix Security Symposium (2006)
22. Arora, A., Telang, R., Xu, H.: Optimal Policy for Software Vulnerability Disclosure. In: Third Workshop on the Economics of Information Security, Minneapolis, MN, May 2004 (2004)
23. Arora, A., Krishnan, R., Nandkumar, A., Telang, R., Yang, Y.: Impact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis. In: Third Workshop on the Economics of Information Security (2004)
24. Curtis, B., Krasner, H., Iscoe, N.: A Field Study of the Software Design Process for Large Systems. Communications of the ACM 31(11), 1268-1287 (1988)
25. Shapiro, C., Varian, H.: Information Rules. Harvard Business School Press (1998)
26. Akerlof, G.: The Market for 'Lemons: Quality Uncertainty and the Market Mechanism. The Quarterly Journal of Economics 84(3), 488-500 (1970)
27. Anderson, R.J.: Cryptography and Competition Policy - Issues with Trusted Computing. In: Second Workshop on Economics and Information Security (2003)
28. VISA, PIN Management Requirements: PIN Entry Device Security Requirements Manual (2004)
29. Schechter, S.E.: Computer Security Strength & Risk: A Quantitative Approach. Harvard University (May 2004)
30. Kannan, K., Telang, R.: Economic Analysis of Market for Software Vulnerabilities. In: Third Workshop on the Economics of Information Security (2004)
31. Böhme, R.: A Comparison of Market Approaches to Software Vulnerability Disclosure. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 298-311. Springer, Heidelberg (2006)
32. Ozment, J.A.: Bug Auctions: Vulnerability Markets Reconsidered. In: Third Workshop on the Economics of Information Security (2004)
33. Böhme, R., Kataria, G.: Models and Measures for Correlation in Cyber-Insurance. In: Fifth Workshop on the Economics of Information Security (2006)
34. Ogut, H., Menon, N., Raghunathan, S.: Cyber Insurance and IT Security Investment: Impact of Interdependent Risk. In: Fourth Workshop on the Economics of Information Security (2005)
35. Posner, R.: An Economic Theory of Privacy. Regulation, 19-26 (1978)
36. Posner, R.: Privacy, Secrecy and Reputation. Buffalo Law Review 28(1) (1979)
37. Hirshleifer, J.: Privacy: its Origin, Function and Future. Journal of Legal Studies 9, 649-664 (1980)
38. Varian, H.: Economic Apects of Personal Privacy. In: Privacy and Self-Regulation in the Information Age, National Telecommunications and Information Administration report (1996)
39. Odlyzko, A.M.: Privacy, economics, and price discrimination on the Internet. In: ICEC '03: Proceedings of the 5th international conference on Electronic commerce, pp. 355-366
40. Acquisti, A., Varian, H.: Conditioning Prices on Purchase History. Marketing Science 24(3) (2005)
41. Acquisti, A., Grossklags, J.: Privacy and Rationality: Preliminary Evidence from Pilot Data. In: Third Workshop on the Economics of Information Security, Minneapolis, Mn (2004)
42. Vila, T., Greenstadt, R., Moinar, D.: Why we can't be bothered to read privacy policies. In: Economics of Information Security, pp. 143-154. Kluwer, Dordrecht (2004)
43. Swire, P.: Efficient Confidentiality for Privacy, Security, and Confidential Business Information. Brookings-Wharton Papers on Financial Services Brookings (2003)
44. Campbell, K., Gordon, L.A., Loeb, M., Zhou, L.: The economic cost of publicly announced information security breaches: empirical evidence from the stock market. Journal of Computer Security 11(3), 431-448 (2003)
45. Acquisti, A., Friedman, A., Telang, R.: Is There a Cost to Privacy Breaches? In: Fifth Workshop on the Economics of Information Security (2006)
46. Bouckaert, J., Degryse, H.: Opt In Versus Opt Out: A Free-Entry Analysis of Privacy Policies. In: Fifth Workshop on the Economics of Information Security (2006)
47. Varian, H., Wallenberg, F., Woroch, G.: The Demographics of the Do-Not-Call List. IEEE Security & Privacy 3(1), 34-39 (2005)
48. Dingledine, R., Matthewson, N.: Anonymity Loves Company: Usability and the Network Effect. In: Workshop on Usable Privacy and Security Software (2004)
49. http://tor.eff.org
50. Varian, H.: New chips and keep a tight rein on consumers, even after they buy a product. New York Times (July 4, 2002)
51. Samuelson, P., Scotchmer, S.: The Law and Economics of Reverse Engineering. Yale Law Journal (2002)
52. von Hippel, E.: Open Source Software Projects as User Innovation Networks. Open Source Software Economics (Toulouse) (2002)
53. Lookabaugh, T., Sicker, D.: Security and Lock-In: The Case of the U.S. Cable Industry. In: Workshop on the Economics of Information Security, also in Economics of Information Security. Advances in Information Security, vol. 12, pp. 225-246. Kluwer, Dordrecht (2003)
54. Oberholzer, F., Strumpf, K.: The Effect of File Sharing on Record Sales - An Empirical Analysis. Cambridge, Ma (2004)
55. Varian, H.: Keynote address to the Third Digital Rights Management Conference, Berlin, Germany (January 13, 2005)
56. Cobb, S.: The Economics of Spam. ePrivacy Group (2003), http://www.spamhelp.org/articles/economics_of_spam.pdf
57. Böhme, R., Holz, T.: The Effect of Stock Spam on Financial Markets. In: Workshop on the Economics of Information Security (2006)
58. Frieder, L., Zittrain, J.: Spam Works: Evidence from Stock Touts and Corresponding Market Activity. Berkman Center Research Publication No. 2006-11 (2006)
59. Akella, A., Seshan, S., Karp, R., Shenker, S., Papadimitriou, C.: Selfish Behavior and Stability of the Internet: A Game-Theoretic Analysis of TCP. ACM SIGCOMM, 117-130
60. Koutsoupias, E., Papadimitriou, C.: Worst-case equilibria. In: Meinel, C., Tison, S. (eds.) STACS 99. LNCS, vol. 1563, pp. 387-396. Springer, Heidelberg (1999)
61. Roughgarden, T., Tardos, E.: How bad is selfish routing? Journal of the ACM 49(2), 236-259 (2002)
62. Fabrikant, A., Luthra, A., Maneva, E., Papadimitriou, C, Shenker, S.: On a network creation game. In: 22nd PODC, pp. 347-351 (2003)
63. Anshelevich, E., Dasgupta, A., Tardos, E., Wexler, T.: Near-optimal network design with selfish agents. In: 35th STOC, pp. 511-520(2003)
64. Anshelevich, E., Dasgupta, A., Kleinberg, J., Tardos, E., Wexler, T., Roughgarden, T.: The price of stability for network design with fair cost allocation. In: 45th FOCS, pp. 295-304 (2004)
65. Halldórsson, M.M., Halpern, J., Li, L., Mirrokni, V.: On spectrum sharing games. In: 23rd PODC, pp. 107-114 (2004)
66. Aspnes, J., Chang, K., Yampolskiy, A.: Inoculation strategies for victims of viruses and the sum-of-squares partition problem. In: 16th ACM-SIAM Symposium on Discrete Algorithms, pp. 43-52 (2005)
67. Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Crypto 92, pp. 139-147.
68. Laurie, B., Clayton, R.: Proof-of-Work' Proves Not to Work. In: Third Workshop on the Economics of Information Security (2004)
69. Serjantov, A., Clayton, R.: Modeling Incentives for Email Blocking Strategies. In: Fourth Workshop on the Economics of Information Security (2005)
70. Feldman, M., Lai, K., Stoica, I., Chuang, J.: Robust Incentive Techniques for Peerto-Peer Networks. In: Fifth ACM Conference on Electronic Commerce (2004)
71. Dellarocas, C.: Analyzing the economic efficiency of eBay-like online reputation mechanisms. In: Third ACM Conference on Electronic Commerce (2001)
72. Serjantov, A., Anderson, R.J.: On dealing with adversaries fairly. In: Third Workshop on the Economics of Information Security (2004)
73. Landwehr, C.: Improving Information Flow in the Information Security Market. In: Economics of Information Security, pp. 155-164. Kluwer, Dordrecht (2004)
74. Anderson, R.J.: Security Engineering. Wiley, Chichester (2001)
75. European Commission proposal for a Council framework decision on attacks against information systems (April 2002)
76. German Federal Government's Comments on the TCG and NGSCB in the Field of Trusted Computing (2004), at http://www.bsi.bund.de/sichere_plattformen/ index.htm
77. Barnes, D.: Deworming the Internet. Texas Law Journal 83(279), 279-329 (2004)
78. Garcia, A., Horowitz, B.: The Potential for Underinvestment in Internet Security: Implications for Regulatory Policy. In: Fifth Workshop on the Economics of Information Security (2006)
79. Moore, T.: The Economics of Digital Forensics. In: Fifth Workshop on the Economics of Information Security (2006)
80. Ghose, A., Rajan, U.: The Economic Impact of Regulatory Information Disclosure on Information Security Investments, Competition, and Social Welfare. In: Fifth Workshop on the Economics of Information Security (2006)
81. Edelman, B.: Adverse Selection in Online 'Trust' Certificates. In: Fifth Workshop on the Economics of Information Security (2006)
82. Beattie, S., Arnold, S., Cowan, C., Wagle, P., Wright, C., Shostack, A.: Timing the Application of Security Patches for Optimal Uptime. In: LISA 2002, pp. 233-242 (2002)
83. Arora, A., Forman, C., Nandkumar, A., Telang, R.: Competitive and Strategic Effects in the Timing of Patch Release. In: Fifth Workshop on the Economics of Information Security (2006)
84. Gal-Or, E., Ghose, A.: Economic Consequences of Sharing Security Information. In: Information System Research, pp. 186-208 (2005)
85. Gordon, L.A., Loeb, M., Lucyshyn, W.: An Economics Perspective on the Sharing of Information Related to Security Breaches. In: First Workshop on the Economics of Information Security, Berkeley, CA, May 16-17 2002, pp. 16-17 (2002)
86. Nisan, N., Ronen, A.: Algorithmic mechanism design (extended abstract). In: STOC '99, pp. 129-140 (1999)
87. Nisan, N., Segal, I.: The communication complexity of efficient allocation problems. Draft. Second version (March 5, 2002)
88. Feigenbaum, J., Papadimitriou, C., Sami, R., Shenker, S.: A BGP-based mechanism for lowest-cost routing. In: PODC '02, pp. 173-182 (2002)
89. Shneidman, J., Parkes, D.C., Massouli, L.: Faithfulness in internet algorithms. In: PINS '04: Proceedings of the ACM SIGCOMM workshop on Practice and theory of Incentives in Networked Systems (2004)
90. Newman, M.: The structure and function of complex networks. SIAM Review 45, 167-256
91. Sah, R.: Social osmosis and patterns of crime. Journal of Political Economy 99(6), 1272-1295 (1991)
92. Ballester, C., Calvó-Armengol, A., Zenou, Y.: 'Who's, who in crime networks? Wanted - The Key Player, No 617, Working Paper Series from Research Institute of Industrial Economics
93. Bramoulle, Y., Kranton, R.: Strategic experimentation in networks. NajEcon Working Paper no. 784828000000000417 from http://www.najecon.org
94. Jackson, M.: The economics of social networks. CalTech Division of the Humanities and Social Sciences Working Paper 1237. In: Proceedings of the 9th World Congress of the Econometric Society CUP (2006)
95. Démange, G., Wooders, M.: Group formation in economics: networks, clubs and coalitions. Cambridge University Press, Cambridge (2005)
96. Albert, R., Jeong, H., Barabsi, A.-L.: Error and attack tolerance of complex networks. Nature 406(1), 387-482 (2000)
97. Nagaraja, S., Anderson, R.J.: The Topology of Covert Conflict. In: Fifth Workshop on the Economics of Information Security, UK (2006)
98. Li, L., Alderson, D., Willinger, W., Doyle, J.: A first-principles approach to understanding the internet's router-level topology. In: SIGCOMM 2004, pp. 3-14 (2004)
99. Danezis, G., Wittneben, B.: The Economics of Mass Surveillance. In: Fifth Workshop on the Economics of Information Security (2006)
100. Harley, J.: keynote talk, Government UK IT Summit, (May 2007)
101. Asch, S.E.: 'Social Psychology', OUP (1952)
102. Milgram, S.: 'Obedience to Authority: An Experimental View', HarperCollins (1974, reprinted 2004)
103. Zimbardo, P.: 'The Lucifer Effect', Random House (2007)
104. Wolfson, A.: A hoax most cruel. The Courier-Journal (2005)
105. Cranor, L.: 'Security Usability', O'Reilly (2005)
106. Schneier, B.: The Psychology of Security. In: RSA (2007), at http ://www.schneier.com
107. Gilbert, D.: If only gay sex caused global warming, LA Times (July 2, 2006)
108. Baron-Cohen, S.: The Essential Difference: Men, Women, and the Extreme Male Brain, Penguin (2003)