Welcome

Bruce Schneier, Sam Ransbotham

Keynote: Peter Swire Professor of Law, Georgia Institute of Technology

The Pedagogic Cybersecurity Framework and the Non-Code Aspects of Cybersecurity

 Chair: Alessandro Acquisti

A Research Agenda for Cyber Risk and Cyber Insurance

(Gregory Falco, Martin Eling, Danielle Jablanski, Lawrence A. Gordon, Shaun Shuxun Wang, Joan Schmit, Russell Thomas, Mauro Elvedi, Thomas Maillart, Emy Donavan, Simon Dejung, Matthias Weber, Eric Durand, Franklin Nutter, Uzi Scheffer, Gil Arazi, Gilbert Ohana, and Herb Lin)

Valuing Cybersecurity Research Datasets

(Tyler Moore, Erin Kenneally, Michael Collett, and Prakash Thapa)

Measuring the Changing Cost of Cybercrime

(Ross Anderson, Chris Barton, Rainer Böhme, Richard Clayton, Carlos Ganan, Tom Grasso, Michael Levi, Marie Vasek, and Tyler Moore)

 Chair: Martin Loeb

The County Fair Cyber Loss Distribution: Drawing Inferences from Insurance Prices

(Daniel Woods, Tyler Moore, and Andrew Simpson)

The Stock Market Impact of Information Security Investments: The Case of Security Standards

(Dennis D. Malliouris and Andrew C. Simpson)

Exponential Discounting in Security Games of Timing

(Jonathan Merlevede, Benjamin Johnson, Jens Grossklags, and Tom Holvoet)

 Chair: Dmitry Zhdanov

Economics of Ransomware Attacks

(Terrence August, Duy Dao, and Marius Florin Niculescu)

Cybersecurity and Platform Competition

(Daniel Arce)

Improving Vulnerability Remediation Through Better Exploit Prediction

(Jay Jacobs, Sasha Romanosky, Idris Adjerid, and Wade Baker)

 Chair: Sasha Romanosky

Bug Bounty Programs, Security Investment and Law Enforcement: A Security Game Perspective

(Jiali Zhou and Kai-Lung Hui)

Identifying the Arbitrageurs on Mt. Gox: First Evidence from the Leaked Dataset

(Pietro Saggese and Rainer Böhme)

Does Sharing Make My Data More Insecure? An Empirical Study on Health Information Exchange and Data Breaches

(Leting Zhang, Min-Seok Pang, and Sunil Wattal)

Hey Google, What Exactly Do Your Security Patches Tell Us? A Large-Scale Empirical Study on Android Patched Vulnerabilities

(Sadegh Farhang, Mehmet Bahadir Kirdan, Aron Laszka, and Jens Grossklags)

 Chair: Rainer Böhme

Why Bitcoin will Fail to Scale

(Nikhil Malik, Manmohan Aseri, Param Vir Singh, and Kannan Srinivasan)

The Economics of Cryptocurrency Pump and Dump Schemes

(James Hamrick, Farhang Rouhi, Arghya Mukherjee, Amir Feder, Neil Gandal, Tyler Moore, and Marie Vasek)

A Deep Dive into Bitcoin Mining Pools: An Empirical Analysis of Mining Shares

(Matteo Romiti, Aljosha Judmayer, Alexei Zamyatin, and Bernhard Haslhofer)

Diversification Across Mining Pools: Optimal Mining Strategies under PoW

(Panagiotis Chatzigiannis, Foteini Baldimtsi, Igor Griva, and Jiasun Li)

 Chair: Frank Nagle

The Economic Cost of Cybersecurity Breaches: A Broad-Based Analysis

(Jacob Haislip, Kalin Kolev, Robert Pinsker, and Thomas Steffen)

Software Vulnerability Disclosure and Security Investment

(Arrah-Marie Jo)

Do Data Breach Disclosure Laws Increase Firms’ Investment in Securing Their Digital Infrastructure?

(Raviv Murciano-Goroff)

 Chair: Jean Camp

Fixing HTTPS Misconfigurations at Scale: An Experiment with Security Notifications

(Eric Zeng, Frank Li, Emily Stark, Adrienne Porter Felt, and Parisa Tabriz)

Delaying Informed Consent: An Empirical Investigation of Mobile Apps’ Upgrade Decisions

(Raveesh Mayya and Siva Viswanathan)

The Impact of Ad-Blockers on Consumer Behavior: A Lab Experiment

(Alisa Frik, Amelia Haviland, and Alessandro Acquisti)

Online Tracking and Publishers’ Revenues: An Empirical Analysis

(Veronica Marotta, Vibhanshu Abhishek, and Alessandro Acquisti)

 Chair: Tyler Moore

Rump Session:

Participants are invited to give 5 minute talks on new ideas, reflections on presented work, ongoing research, research published recently in other venues, or entertaining perspectives. To reserve a slot, please sign up with the Rump Session Chair (tyler-moore@utulsa.edu) during the conference.