Public Service Announcement
The only place to order your free credit report is AnnualCreditReport.com. The other services will either charge you, or keep the information you have authorized them to view and resell it.

A useful document for recent graduates is What To Ask which includes pointers to ways to get involved, job listings and conference ratings.

Activities

My Information Security Economics Website.

Ethical Technologies in the Homes of Seniors, ETHOS; and here is a video overview

Office Hours
I have office hours only during the academic year.
901 E 10th St. Room 200
Mondays 1:00 - 3:00 pm
Fridays 10:00 - 11:00 am

Risk Communication Videos
Target for Behavior Change not Education Is the goal is to ensure that individuals respond appropriately, or to have them exhibit a correct understanding of the mechanics of the risk. If this makes no sense to you, then you probably have some expertise in computer security.
Access control - http://www.youtube.com/watch?v=F9m6A4gWKX8
Keylogger - http://www.youtube.com/watch?v=6zHJoZqrCB0
Phishing - http://www.youtube.com/watch?v=4ZQ9pFTCdy4
To reference please use either
L. Jean Camp, Mental models of privacy and security IEEE Technology And Society Magazine (2009) No 3:28, IEEE, Pages: 37-46.
or
J. Blythe, L. Jean Camp & V. Garg, Targeted risk Communication for Computer Security, 2011 International Conference on Intelligent User Interfaces, (Palo Alto, CA) 13-16 February 2011.

J. Blythe, L. Jean Camp & V. Garg, .Targeted risk Communication for Computer Security., 2011 International Conference on Intelligent User Interfaces, (Palo Alto, CA) 13-16 February 2011.
http://portal.acm.org/citation.cfm?id=1943449&preflayout=tabs
user click traces to determine user expertise and risk profile and generate timely, narrative warnings .

Inventions
Incentive-Based Access Control Working with doctoral graduate Debin Liu we have first paper on incentive-based access control, entitled Mitigating Inadvertent Insider Threas. Future work from this paper now work in progress.

Net Trust: Informing Trust Decisions
Description:The Tech Talk Overview describes how Net Trust works. Current trust mechanisms are built for computers, not humans, despite the reams of available research on human trust decisions. In fact, the most common trust devices (e.g., seals, domain names) require the cooperation of the malicious to function. We have developed a system to use social networks to inform trust decisions. Initial users tests show that Net Trust alters trust behaviors, providing information to people that makes them more trusting of some sites and less trusting of others. Alex Tsow, Camilo Viecco, and L. Jean Camp, Privacy-Aware Architecture for Sharing Web Histories, IBM Journal of Research & Development - or - L. Jean Camp, Reliable, Usable Signaling to Defeat Masquerade Attacks, IS A Journal of Law and Policy in the Information Society, 2007, Vol. 3, No 2: 211-235.
Private social networking, information-sharing with security; perfect forward secrecy after de-friending; highly customized interactions




Research
Computer Security is Risk Communication
Want Technically Naive People to Adopt Security Technology? Talk to them in their own terms...
 Individual security solutions have not been adopted even when individuals have expressed their desire to do so. Our experiment suggests one contributing factor is that the rich array of metaphors used by computer security professionals fail to align with individual's mental models. Speaking of phishing, worms, and infections is not helpful risk communication.

IPv6
 Is the exhaustion of IPv4 an inevitable train wreck? In this paper we generate historical data using whois and compare three policies. The first is prohibition of allocation to those already well-endowed with IPv4. The second is limiting allocations to the minimal allocation that can reasonably expected to be in the routing tables. The third is picking a cut-off date and allocating fractions until that date.


Experimentation
Want Security? Build Privacy.
 There is some question as to why end users do not adopt security technologies. We argue that this is typical of users to behave as human beings in the domain of risk and uncertainty. That is, there are consistent biases that determine if risks are acceptable or not. Responses to risk are determined more by the perception of benevolence of the creator of the risk than by the magnitude of the risk. Here is Trust on the Web, a Tale of User Deceit.



Other work available here.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 



Event Announcements

PETS

WEIS

CSCW

FC

HotSec

CSET

HotPETS

APWG

For information on events related to or including economics of security, please track http://www.infosecon.net/.