y CFP: The Workshop on the Economics of Securing the Information Infrastructure


                     The Workshop on the Economics of
                  Securing the Information Infrastructure
 
                      http://wesii.econinfosec.org/
                  
                           October 23-24, 2006
                              Arlington, VA
                   
                             CALL FOR PAPERS
    
Our information infrastructure suffers from decades-old vulnerabilities,
from the low-level algorithms that select communications routes to the
application-level services on which we are becoming increasingly
dependent. Are we investing enough to protect our infrastructure? How
can we best overcome the inevitable bootstrapping problems that impede
efforts to add security to this infrastructure? Who stands to benefit
and who stands to lose as security features are integrated into these
basic services? How can technology investment decisions best be
presented to policymakers?

We invite infrastructure providers, developers, social scientists,
computer scientists, legal scholars, security engineers, and especially
policymakers to help address these and other related questions. Authors
of accepted papers will have the opportunity to present their work to
government and corporate policymakers. We encourage collaborative
research from authors in multiple fields and multiple institutions.

Submissions Due: August 6, 2006 (11:59PM PST)*

========================================================================
                            Suggested topics
                  (not intended to be comprehensive)
========================================================================

  The economics of deploying security into:
        The Domain Name System (DNS)   BGP & routing infrastructure
        Email & spam prevention        Programming languages
        Legacy code bases              User interfaces
        Operating systems              Code origin authentication
        
  Measuring the cost of adding security   Liability and legal issues
  Models of deployment penetration        Measuring/estimating damages
  Empirical studies of deployment         Establishing roots of trust
  Identity management infrastructure      Internet politics
  Securing open source code libraries     Antitrust Issues
  Adding security to/over existing APIs   Privacy Issues
  Data archival & warehousing infrastructure


========================================================================
                            Program Committee
========================================================================

  Alessandro Acquisti  Carnegie Mellon University
                       Heinz School of Public Policy & Management
        
  Ross Anderson        University of Cambridge

  Jean Camp            Indiana University

  Huseyin Cavusoglu    Tulane University
        
  Richard Clayton      University of Cambridge
        
  Steve Crocker        Shinkuro / DNSSEC Deployment Working Group
        
  Ben Edelman          Harvard University Department of Economics

  Allan Friedman       Harvard University
                       Kennedy School of Government

  Adam M. Golodner     Cisco Systems

  Larry Gordon         University of Maryland
                        Smith School of Business

  Yacov Haimes         University of Virginia

  Cathy Handley        U.S. Department of Commerce, National
                       Telecommunications & Information Administration
        
  Barry Horowitz       University of Virginia

  Richard Hovey        U.S. Federal Communications Commission (FCC)
        
  Jeff Hunker          Carnegie Mellon University
                       Heinz School of Public Policy & Management
        
  M. Eric Johnson      The Tuck School of Business at Dartmouth College
 
  Jeffrey M. Kopchik   U.S. Federal Deposit Insurance Corporation (FDIC)

                       Technology Supervision Branch
        
  Steve Lipner         Microsoft

  Marty Loeb           University of Maryland
                       Smith School of Business

  Doug Maughan         U.S. Department of Homeland Security (DHS)
                       Science and Technology Directorate
        
  Doug Montgomery      U.S. National Institute of Standards & Technology
                       Internetworking Technologies Group

  Milton Mueller       Syracuse University School of Information Studies

  Andrew Odlyzko       University of Minnesota

  Andy Ozment          MIT Lincoln Laboratory / University of Cambridge

  Shari Lawrence Pfleeger  RAND Corporation
        
  Stuart Schechter     MIT Lincoln Laboratory
        
  Bruce Schneier       Counterpane Internet Security

  Rahul Telang         Carnegie Mellon University
                       Heinz School of Public Policy & Management
        
  Andrew Wyckoff       Organisation for Economic Cooperation and
                       Development (OECD)


========================================================================
                            Workshop Sponsors
========================================================================
    The Institute for Information Infrastructure Protection (I3P)
    The Workshop on the Economics of Information Security (WEIS)

========================================================================
                 Paper Formats and Submission Instructions
========================================================================

See the workshop web site at:

  http://wesii.econinfosec.og/