Security and Privacy: an Economic Approach

A tantárgy neve magyarul / Name of the subject in Hungarian: Security and Privacy: an Economic Approach

Last updated: 2019. január 29.

Budapest University of Technology and Economics
Faculty of Electrical Engineering and Informatics
Electrical Engineering,
Engineering Information Technology,
Elective course
Course ID Semester Assessment Credit Tantárgyfélév
VIHIAV34   2/0/0/f 2  
3. Course coordinator and department Dr. Biczók Gergely,
4. Instructors Dr. Biczók Gergely assistant professor Department of Networked Systems and Services

5. Required knowledge computer networks, network security
6. Pre-requisites
Ajánlott:
The course cannot be taken for students who already took VIHIAV15 Economics of Security and Privacy.
7. Objectives, learning outcomes and obtained knowledge The goal of the course is to give a comprehensive overview of the economics of information security and privacy. This novel point of view is able to shed light on many security problems and promises the solutions to these problems. The economics point of view is particularly appropriate to analyze the incentives of users, service providers and other networking participants and to promises solutions to security issues that arise due to misaligned incentives. The course is taught in English.
8. Synopsis 1. week
Introduction to system security, concepts, actors and security solutions. Detailed discussion of economics issues, motivation for the participants and misaligned incentives.

2. week
Tutorial on microeconomics concepts: game theory primer, normal- and extensive-form games, game solutions and equilibrium concepts, the Prisoner's Dilemma, externalities, the Tragedy of the Commons

3. week
Interdependent security, risks and dependency, total effort, weakest link and best shot models, security investment of selfish participants and equilibrium solutions

4. week
Misaligned incentives of the participants, ISPs involvement in mitigating security risks, detailed assessment of intervention power for various participants, user motivation and its failure, asymmetric information and lemon markets

5. week
Generic model of security investments: the Gordon-Loeb model and its follow-up work, iterated security investments and investment options

6. week
The problem of spam and related issues, motivation for spammers, economics solutions for software flaws

7. week
Measuring the underground economy, spammers, carders and exploits

8. week
Information sharing models, incentives and impact to reveal security breaches, information sharing for software vulnerabilities: vulnerability markets, cooperation against phishing

9. week
Economics of privacy and anonymity, privacy issues and threats, behavioral economics point of view, user privacy evaluation, price discrimination and usability, privacy policies

10. week
Economics of privacy in social networks, privacy of Facebook, privacy policies of social networks, anonymizing private data

11. week
Adoption of security technologies, case studies of SSH and PGP, digital rights management and trusted computing

12. week
Cyber-insurance for security and privacy risk management, issues and solutions, market models, asymmetric information and correlated incidents

13-14. week
Advanced topics and additional discussion

9. Method of instruction Lectures
10. Assessment

a.     during the semester:
Fulfilling the requirements 1 classroom test.
The final grade is the grade obtained for the test.

b.    during the exam period:
-
c.    preliminary exam:
-

11. Recaps Failed classroom tests can be retaken again on the supplement week.
12. Consultations Information given at the course’s website
13. References, textbooks and resources

Course material (lecture notes) is available in electronic format.
Ross Anderson, Rainer Böhme, Richard Clayton, and Tyler Moore, "Security, Economics, and the Internal Market," published by the European Network and Information Security Agency (ENISA)”, 2008

"Anderson, Ross J. Security Engineering: A
Guide to Building Dependable Distributed Systems. John Wiley & Sons,
2010."

14. Required learning hours and assignment
Lectures28
Preparation for lectures
16
Preparation for classroom test
16
Sum60
15. Syllabus prepared by Dr. Félegyházi Márk    assistant professor    BME-HIT,
Dr. Levente Buttyán    associate professor    BME-HIT and
Dr. Biczók Gergely assistant professor    BME-HIT