Budapest University of Technology and Economics, Faculty of Electrical Engineering and Informatics

    Belépés
    címtáras azonosítással
    vissza a tantárgylistához   nyomtatható verzió    

    Economics of Security and Privacy

    A tantárgy neve magyarul / Name of the subject in Hungarian: Economics of Security and Privacy

    Last updated: 2011. április 7.

    Tantárgy lejárati dátuma: 2015. június 30.

    Budapest University of Technology and Economics
    Faculty of Electrical Engineering and Informatics
    Mérnök informatikus szak
    Villamosmérnöki szak
    Szabadon választható tárgy
    Course ID Semester Assessment Credit Tantárgyfélév
    VIHIAV15   2/0/0/f 2  
    3. Course coordinator and department Dr. Félegyházi Márk,
    4. Instructors Dr. Félegyházi Márk senior researcher Department of Telecommunications
    5. Required knowledge computer networks, network security
    6. Pre-requisites
    Ajánlott:
    No prerequisites for this course.
    7. Objectives, learning outcomes and obtained knowledge The goal of the course is to give a comprehensive overview of the economics of information security and privacy. This novel point of view is able to shed light on many security problems and promises the solutions to these problems. The economics point of view is particularly appropriate to analyze the incentives of users, service providers and other networking participants and to promises solutions to security issues that arise due to misaligned incentives. The course is taught in English.
    8. Synopsis 1. week
    Introduction to system security, concepts, actors and security solutions. Detailed discussion of economics issues, motivation for the participants and misaligned incentives.

    2. week
    Tutorial on microeconomics concepts: game theory primer, normal- and extensive-form games, game solutions and equilibrium concepts, the Prisoner's Dilemma, externalities, the Tragedy of the Commons

    3. week
    Interdependent security, risks and dependency, total effort, weakest link and best shot models, security investment of selfish participants and equilibrium solutions

    4. week
    Misaligned incentives of the participants, ISPs involvement in mitigating security risks, detailed assessment of intervention power for various participants, user motivation and its failure, asymmetric information and lemon markets

    5. week
    Generic model of security investments: the Gordon-Loeb model and its follow-up work, iterated security investments and investment options

    6. week
    The problem of spam and related issues, motivation for spammers, economics solutions for software flaws

    7. week
    Measuring the underground economy, spammers, carders and exploits

    8. week
    Information sharing models, incentives and impact to reveal security breaches, information sharing for software vulnerabilities: vulnerability markets, cooperation against phishing

    9. week
    Economics of privacy and anonymity, privacy issues and threats, behavioral economics point of view, user privacy evaluation, price discrimination and usability, privacy policies

    10. week
    Economics of privacy in social networks, privacy of Facebook, privacy policies of social networks, anonymizing private data

    11. week
    Adoption of security technologies, case studies of SSH and PGP, digital rights management and trusted computing

    12. week
    Cyber-insurance for security and privacy risk management, issues and solutions, market models, asymmetric information and correlated incidents

    13-14. week
    Advanced topics and additional discussion
    9. Method of instruction lectures
    10. Assessment a.    during the semester:
        1 test and 1 homework,    the final grade is a weighted sum computed from the grades of the test and the homework (50-50%)
    b.    during the exam period:
    -
    c.    preliminary exam:
    -
    11. Recaps The test can be repeated and the homework can be submitted during the „potlasi het” according to the TVSz.
    12. Consultations Information given at the course’s website
    13. References, textbooks and resources Ross Anderson, Rainer Böhme, Richard Clayton, and Tyler Moore, "Security, Economics, and the Internal Market," published by the European Network and Information Security Agency (ENISA)”, 2008
    14. Required learning hours and assignment
    Kontakt óra28
    Félévközi készülés órákra 
    Felkészülés zárthelyire16
    Házi feladat elkészítése16
    Kijelölt írásos tananyag elsajátítása 
    Vizsgafelkészülés 
    Összesen60
    15. Syllabus prepared by Dr. Félegyházi Márk    senior researcher    BME - HIT
    Dr. Levente Buttyán    associate professor    BME - HIT