- Monday, June 23, 2025
-
- 18:00-20:00
- Welcome reception
- Tuesday, June 24, 2025
-
- 08:40
- Registration open
- 09:10
- Welcome address
- 09:15-10:30
- Session 1: Cyber risk management 1 (Chair: Lei Zhou)
- Vendor-Originated Vulnerabilities and Data Breaches: A Large-Scale Empirical Study of Threshold Effects and Mitigation.
Santhosh Srinivas (Virginia Tech), Leting Zhang (University of Delaware), Huigang Liang (University of Memphis) - Scoring the Unscorables: Cyber Risk Assessment Beyond Internet Scans.
Armin Sarabi (University of Michigan), Manish Karir (SignetRisk Analytics, Inc.), Mingyan Liu (University of Michigan) - Expanding the Scope: An Empirical Approach for Identifying High-Risk Users.
Corey Bolger (The University of Tulsa), Tyler Moore (The University of Tulsa)
- Vendor-Originated Vulnerabilities and Data Breaches: A Large-Scale Empirical Study of Threshold Effects and Mitigation.
- 10:30-10:50
- Coffee break
- 10:50-12:30
- Session 2: Cryptocurrency, digital cash, and NFT (Chair: Scott Stransky)
- Tokenomics Impact on User Behavior: Observations from NFT-Collateralized Lending Platforms.
Jin-Dong Dong (Carnegie Mellon University), Daisuke Kawai (Carnegie Mellon University), Nicolas Christin (Carnegie Mellon University) - Cryptocurrency Sanctions: Compliance, Enforcement & Impacts.
Josephine Wolff (Tufts University), Daniel Drezner (Tufts University) - "Spot to The Future" Attacks on Cryptocurrency Derivative Markets.
Andrew Morin (The University of Tulsa), Tyler Moore (The University of Tulsa) - On the Nature and Security of Expiring Digital Cash.
Frank Stajano (University of Cambridge), Ferdinando Samaria (University of Cambridge), Shuqi Zi (University of Cambridge)
- Tokenomics Impact on User Behavior: Observations from NFT-Collateralized Lending Platforms.
- 12:30-13:45
- Lunch
- 13:45-15:00
- Session 3: Privacy (Chair: Rainer Boehme)
- Does Firm Size Influence the Collection of Sensitive Data?: A Study of Child-Orientated Apps.
Grazia Cecere (Institut Mines-Telecom, Business School), Vincent Lefrere (Institut Mines-Telecom, Business School), Catherine Tucker (Massachusetts Institute of Technology (MIT) - Sloan) - Privacy Spillovers across Competing Platforms.
Raveesh Mayya (New York University), Jiding Zhang (Arizona State University) - The Effects of Privacy Regulation on the Supply of Stolen Data.
Anderson Frailey (University of Virginia)
- Does Firm Size Influence the Collection of Sensitive Data?: A Study of Child-Orientated Apps.
- 15:00-15:20
- Coffee break
- 15:20-16:35
- Session 4: Software and vulnerability (Chair: Michel van Eeten)
- Knowledge Worker Strategy: Effort Allocation Dynamics in Cybersecurity Crowdsourcing Platforms.
Dana Etgar Itzhaki (Tel Aviv University), Neil Gandal (Tel Aviv University), Michael Riordan (Columbia University) - Unfairness in the Bug Bounty Ecosystem: Problems, Metrics, and Solutions.
Yangheran Piao (University of Edinburgh), Daniel W. Woods (University of Edinburgh) - Realigning Incentives to Build Better Software: A Holistic Approach to Vendor Accountability.
Gergely Biczok (Budapest University of Technology and Economics/ University of Michigan), Sasha Romanosky (RAND Corporation), Mingyan Liu (University of Michigan)
- Knowledge Worker Strategy: Effort Allocation Dynamics in Cybersecurity Crowdsourcing Platforms.
- 16:40-17:30
- Keynote 1 (Ross Anderson WEIS Lecture) (Chair: David Farber)
- Securing the Software Supply Chain by Solving the Lemons Market.
L Jean Camp (Provost Professor, Luddy School of Informatics, Computing, and Engineering, Indiana University)
- Securing the Software Supply Chain by Solving the Lemons Market.
- 17:45
- Bus departure for dinner
- 18:30-20:30
- Workshop dinner in Shinjuku
- Wednesday, June 25, 2025
-
- 08:40
- Registration open
- 09:10-10:50
- Session 5: Cyber risk management 2 (Chair: Masaki Ishiguro)
- Market Adoption of Cybersecurity: A Dynamic Analysis.
Pengfei Zhang (The University of Texas at Dallas) - Anticipating Personal Cyber Insurance Disputes: A US/UK User Study.
Temima Hrle (University of Edinburgh), Yangheran Piao (University of Edinburgh), Daniel Woods (University of Edinburgh) - Quantifying costs of enhanced security in multifactor authentication.
Seth Hastings (The University of Tulsa), Tyler Moore (The University of Tulsa), Neil Gandal (Tel Aviv University), Noa Barnir (Tel Aviv University) - Advanced Persistent Threat Defense: History and Future in Four Solutions to One Game.
Daniel Arce (University of Texas at Dallas)
- Market Adoption of Cybersecurity: A Dynamic Analysis.
- 10:50-11:10
- Coffee break
- 11:10-12:00
- Session 6: Public policy and cybercrime (Chair: Pallab Sanyal)
- Workers' Rights not to be learned for AI: General Legal Framework Suggested from Japanese Labour Law Context.
Yuki Okamura (NTT Social Informatics Laboratories), Miho Ikeda (NTT Social Informatics Laboratories) - A Measured Response - On the Nexus of Large-Scale Technical Measurements and Cybercrime Policing.
Hugo Bijmans (Delft University of Technology/ TNO), Michel van Eeten (Delft University of Technology), Rolf van Wegberg (Delft University of Technology)
- Workers' Rights not to be learned for AI: General Legal Framework Suggested from Japanese Labour Law Context.
- 12:00-13:40
- Lunch
- 13:40-14:30
- Keynote 2 (Chair: Andrew A. Adams)
- Trends and Risk of AI and How to Mitigate Them.
Kazuaki Nimura (Japan AI Safety Institute (J-AISI))
- Trends and Risk of AI and How to Mitigate Them.
- 14:40-15:30
- Rump session (Chair: Tyler Moore)
- Competition and Cybercrime: A Theoretical Assessment and Empirical Application.
Chitra Marti (New York University, Stern School of Business and Cornerstone Research) - CyLoss: A Cyber Incident Dataset for Cost Modeling.
Weibo Zhao (National University of Singapore), Bonan Ruan (National University of Singapore), Jiahao Liu (National University of Singapore), Yunshan Ma (Singapore Management University), Huanhuan Zheng (National University of Singapore), Zhenkai Liang (National University of Singapore) - Examining Newly Registered Phishing Domains at Scale.
Sharad Agarwal (University College London), Marie Vasek (University College London) - Not just BANAL: How branding shapes cybercrime ecosystems.
Ben Collier (University of Edinburgh), Richard Clayton (University of Cambridge) - Raising the Bar: Assessing Historical Cryptocurrency Exchange Practices in Light of the EU's MiCA and DORA Regulation.
Marilyne Ordekian (University College London), Ingolf Becker (University College London), Tyler Moore (The University of Tulsa), Marie Vasek (University College London) - How informative are cybersecurity risk disclosures? Empirical analysis of breached firms.
Matthew Adams (The University of Tulsa), Tyler Moore (The University of Tulsa) - (Some more without papers can be added on-site.)
- Competition and Cybercrime: A Theoretical Assessment and Empirical Application.
- 15:30-16:30
- Farewell cocktail
Program