The Tenth Workshop on Economics of Information Security (WEIS 2011)

George Mason University, USA

June 14–15, 2011

All events take place at the Mason Inn
George Mason University Hotel and Conference Center

Monday, June 13

6pm-8pm Welcome Reception
Location: George Mason University Hotel and Conference Center

Tuesday, June 14

9:00am-9:10am Welcome

9:10am-10:10am Keynote Address

Dr. Christopher Greer
Assistant Director
Information Technology R&D
Office of Science and Technology Policy
The White House

10:10am-10:40am Break

10:40am-noon Session 1: Attacks

The Impact of Immediate Disclosure on Attack Diffusion and Volume
Sam Ransbotham
Sabyasachi Mitra

Where Do All the Attacks Go?
Dinei Florencio
Cormac Herley

Sex, Lies and Cyber-crime Survey
Dinei Florencio
Cormac Herley

The Underground Economy of Fake Antivirus Software
Brett Stone-Gross
Ryan Abman
Richard A. Kemmerer
Christopher Kruegel
Douglas G. Steigerwald

Noon-1:30pm Lunch

1:30pm-2:50pm Session 2: Identity

The Inconvenient Truth about Web Certificates
Nevena Vratonjic
Julien Freudiger
Vincent Bindschaedler
Jean-Pierre Hubaux

Social Networks, Personalized Advertising, and Privacy Controls
Catherine Tucker

Economic Tussles in Federated Identity Management
Susan Landau
Tyler Moore

Negative Information Looms Longer than Positive Information
Laura Brandimarte
Alessandro Acquisti
Joachim Vosgerau

2:50pm-3:20pm Break

3:20pm-4:00pm Session 3: Resilience

Resilience of the Internet Interconnection Ecosystem
Chris Hall
Ross Anderson
Richard Clayton
Evangelos Ouzounis
Panagiotis Trimintzios

Modeling Internet-Scale Policies for Cleaning up Malware
Steven Hofmeyr
Tyler Moore
Stephanie Forrest
Benjamin Edwards
George Stelle

4:00pm-5:00pm Rump session

Conference Dinner
George Mason University Hotel and Conference Center
6:00pm - 8:00pm

Wednesday, June 15

9:10am-10:10am Invited Talk

Neuroeconomics, Experimental Economics: What They Can Tell US About Human Risk Decisionmaking

Dr. Kevin McCabe
Professor of Economics and Director, Center for the Study of Neuroeconomics
George Mason University

10:10am-10:40am Break

10:40am-noon Session 4: Theory

Fixed Costs, Investment Rigidities, and Risk Aversion in Information Security: A Utility-theoretic Approach
Christos Ioannidis
David Pym
Julian Williams

Who Should be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments
Terrene August
Tunay Tunca

An Organizational Learning Perspective on Proactive vs. Reactive investment in Information Security
Juhee Kwon
M. Eric Johnson

Assessing Home Internet Users' Demand for Security: Will They Pay ISPs?
Dallas Wood
Brent Rowe

Noon-1:30pm Lunch

1:30pm-2:30pm Panel

Federal R&D Initiatives in Cyber Economics
-Presentation 1
-Presentation 2

Members of the Federal Cyber Security R&D Working Group

Dr. L. Jean Camp, Indiana University

2:30pm-3:30pm Session 5: Paying for Security

Information Targeting and Coordination: An Experimental Study
Matthew Hashim
Sandra Maximiano
Karthik Kannan

Security Standardization in the Presence of Unverifiable Control
Chul H. Lee
Xianjun Geng
Srinivasan Raghunathan

Economic Methods and Decision Making by Security Professionals
Simon Shiu
Adrian Baldwin
Yolanta Beres
Marco Cassa Mont
Geoff Duggan

3:30pm-4:00pm Break

4:00pm-5:00pm Session 6: Privacy

Real Name Verification Law on the Internet: a Poison or Cure for Privacy?
Daegon Cho

Health Disclosure Laws and Health Information Exchanges
Idris Adjerid
Alessandro Acquisti
Rema Padman
Rahul Telang
Julia Adler-Milstein

The Privacy Landscape: Product Differentiation on Data Collection
Sören Preibusch
Joseph Bonneau


Thursday, June 16

Workshop on Cybersecurity Incentives (WoCI)

(separate registration)