Budapest University of Technology and Economics, Faculty of Electrical Engineering and Informatics

    Belépés
    címtáras azonosítással

    vissza a tantárgylistához   nyomtatható verzió    

    Security and Privacy: an Economic Approach

    A tantárgy neve magyarul / Name of the subject in Hungarian: Security and Privacy: an Economic Approach

    Last updated: 2016. november 3.

    Budapest University of Technology and Economics
    Faculty of Electrical Engineering and Informatics
    Electrical Engineering,
    Engineering Information Technology,
    Elective course
    Course ID Semester Assessment Credit Tantárgyfélév
    VIHIAV34   2/0/0/f 2  
    3. Course coordinator and department Dr. Biczók Gergely, Hálózati Rendszerek és Szolgáltatások Tanszék
    4. Instructors Dr. Biczók Gergely assistant professor Department of Networked Systems and Services

    5. Required knowledge computer networks, network security
    6. Pre-requisites
    Ajánlott:
    The course cannot be taken for students who already took VIHIAV15 Economics of Security and Privacy.
    7. Objectives, learning outcomes and obtained knowledge The goal of the course is to give a comprehensive overview of the economics of information security and privacy. This novel point of view is able to shed light on many security problems and promises the solutions to these problems. The economics point of view is particularly appropriate to analyze the incentives of users, service providers and other networking participants and to promises solutions to security issues that arise due to misaligned incentives. The course is taught in English.
    8. Synopsis 1. week
    Introduction to system security, concepts, actors and security solutions. Detailed discussion of economics issues, motivation for the participants and misaligned incentives.

    2. week
    Tutorial on microeconomics concepts: game theory primer, normal- and extensive-form games, game solutions and equilibrium concepts, the Prisoner's Dilemma, externalities, the Tragedy of the Commons

    3. week
    Interdependent security, risks and dependency, total effort, weakest link and best shot models, security investment of selfish participants and equilibrium solutions

    4. week
    Misaligned incentives of the participants, ISPs involvement in mitigating security risks, detailed assessment of intervention power for various participants, user motivation and its failure, asymmetric information and lemon markets

    5. week
    Generic model of security investments: the Gordon-Loeb model and its follow-up work, iterated security investments and investment options

    6. week
    The problem of spam and related issues, motivation for spammers, economics solutions for software flaws

    7. week
    Measuring the underground economy, spammers, carders and exploits

    8. week
    Information sharing models, incentives and impact to reveal security breaches, information sharing for software vulnerabilities: vulnerability markets, cooperation against phishing

    9. week
    Economics of privacy and anonymity, privacy issues and threats, behavioral economics point of view, user privacy evaluation, price discrimination and usability, privacy policies

    10. week
    Economics of privacy in social networks, privacy of Facebook, privacy policies of social networks, anonymizing private data

    11. week
    Adoption of security technologies, case studies of SSH and PGP, digital rights management and trusted computing

    12. week
    Cyber-insurance for security and privacy risk management, issues and solutions, market models, asymmetric information and correlated incidents

    13-14. week
    Advanced topics and additional discussion

    9. Method of instruction Lectures and individual project work with consultation support, discussing a well-defined subtopic in security/privacy
    economics based on a recommended reading list (project assignment: week 3).
    Project findings should be submitted as a 10-page document and presented orally (10 minutes).
    10. Assessment a.    during the semester:
      1 written project report and oral presentation
    b.    during the exam period:
    -
    c.    preliminary exam:
    -

    11. Recaps The project report can be submitted until 12:00pm of the last working day during the supplement week, the oral presentation can be performed after the report submission.
    12. Consultations Information given at the course’s website
    13. References, textbooks and resources

    Course material (lecture notes) is available in electronic format.
    Ross Anderson, Rainer Böhme, Richard Clayton, and Tyler Moore, "Security, Economics, and the Internal Market," published by the European Network and Information Security Agency (ENISA)”, 2008

    "Anderson, Ross J. Security Engineering: A
    Guide to Building Dependable Distributed Systems. John Wiley & Sons,
    2010."

    14. Required learning hours and assignment
    Kontakt óra28
    Félévközi készülés órákra16
    Felkészülés zárthelyire 
    Házi feladat elkészítése16
    Kijelölt írásos tananyag elsajátítása 
    Vizsgafelkészülés 
    Összesen60
    15. Syllabus prepared by Dr. Félegyházi Márk    assistant professor    BME-HIT,
    Dr. Levente Buttyán    associate professor    BME-HIT and
    Dr. Biczók Gergely assistant professor    BME-HIT