All contents on this web page, including papers, presentations and photos, are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.
I am a postdoctoral research fellow at the Center for Research on Computation and Society (CRCS) at Harvard University. My research at CRCS focuses on the economics of information security, the study of electronic crime, and the development of policy for strengthening security. Additional research interests include decentralized network (e.g., peer-to-peer, ad-hoc and sensor network) security, critical infrastructure protection and digital forensics.
In July 2008, I completed my PhD in Computer Science at the University of Cambridge, St John's College, supervised by Ross Anderson. You can view my dissertation here. As an undergraduate, I attended the University of Tulsa, graduating with a BS in Computer Science and a BS in Applied Mathematics. My PhD studies were supported by a Marshall Scholarship and NSF Graduate Research Fellowship.
My CV is available here.
"Cooperative attack and defense in distributed networks." University of Cambridge, St. John's College, July 2008. [Link]
Tyler Moore, Richard Clayton and Ross Anderson. "The Economics of Online Crime." Journal of Economic Perspectives 23(3), pp. 3-20, 2009. [Paper | Link to publisher | Italian translation]
Rainer Böhme, Tyler Moore. "The Iterated Weakest Link - A Model of Adaptive Security Investment." 8th Workshop on the Economics of Information Security (WEIS). June 24-24, 2009: London, UK. [Paper | Presentation]
Tyler Moore, Richard Clayton and Henry Stern. "Temporal Correlations between Spam and Phishing Websites." 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '09). April 21, 2009: Boston, MA. [Paper | Presentation]
Tyler Moore and Richard Clayton. "Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing." 13th International Conference on Financial Cryptography and Data Security. February 23-26, 2009: Barbados. [Paper | Presentation | Link to publisher]
Tyler Moore and Richard Clayton. "The Consequence of Non-Cooperation in the Fight Against Phishing." Third APWG eCrime Researchers Summit. October 15-16, 2008: Atlanta, GA. [Paper | Presentation]
Tyler Moore and Richard Clayton. "The Impact of Incentives on Notice and Take-down." Seventh Workshop on the Economics of Information Security. June 26-28, 2008: Hanover, NH, USA.
[Paper | Press: The Guardian]
Ross Anderson, Rainer Böhme, Richard Clayton and Tyler Moore. "Security Economics and European Policy." Seventh Workshop on the Economics of Information Security. June 26-28, 2008: Hanover, NH, USA.
[Paper | Press: Network World, Security Focus, The Register]
Tyler Moore and Richard Clayton. "Evaluating the Wisdom of Crowds in Assessing Phishing Websites." 12th International Financial Cryptography and Data Security Conference (FC08). January 28-31, 2008: Cozumel, Mexico.
[Paper | Presentation |Link to publisher | Press: Infosecurity Magazine | Virus Bulletin]
Tyler Moore and Richard Clayton. "Examining the Impact of Website Take-down on Phishing." Second APWG eCrime Researcher's Summit. October 4-5, 2007: Pittsburgh, PA, USA. (Best Paper Award, Cambridge Computer Lab 2008 Publication of the Year)
[Paper | Presentation | Link to publisher | Press: PC World, Infosecurity Magazine]
Tyler Moore and Richard Clayton. "An Empirical Analysis of the Current State of Phishing Attack and Defence." Sixth Workshop on the Economics of Information Security. June 7-8, 2007: Pittsburgh, PA, USA.
[Paper | Presentation | Press: The Guardian, Infosecurity Magazine, Computing (article and leader), BCS News]
Ross Anderson, Tyler Moore, Shishir Nagaraja, and Andy Ozment. "Incentives and Information Security." In N. Nisan, T. Roughgarden, E. Tardos, and V. Vazirani, editors: Algorithmic Game Theory, pp. 633-649. Cambridge University Press, New York (2007)
[Link to publisher]
Ross Anderson and Tyler Moore. "The Economics of Information Security: A Survey and Open Questions." Fourth Bi-annual Conference on the Economics of the Software and Internet Industries. January 19-20, 2007: Toulouse, France.
[Paper]
Ross Anderson and Tyler Moore. "The Economics of Information Security." Science 314 (5799), pp.610-613, October 27, 2006.
[Paper | Link to publisher]
Tyler Moore. "The Economics of Digital Forensics." Fifth Workshop on the Economics and Information Security. June 26-28, 2006: Cambridge, England.
[Paper | Press: The Register, ZDNet]
Tyler Moore and Ross Anderson. "Trends in Security Economics." European Nework and Information Security Agency Quarterly. December 2005.
[Paper]
Tyler Moore. "Countering Hidden-Action Attacks on Networked Systems." Fourth Workshop on the Economics and Information Security. June 2-3, 2005: Cambridge, MA, USA.
[Paper | Presentation]
Tyler Moore, Maxim Raya, Jolyon Clulow, Panos Papadimitratos, Ross Anderson and Jean-Pierre Hubaux. "Fast Exclusion of Errant Devices from Vehicular Networks". Fifth Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON). June 16-20, 2008: San Francisco, CA, USA.
[Paper | Link to publisher]
Tyler Moore, Jolyon Clulow, Ross Anderson and Shishir Nagaraja. "New Strategies for Revocation in Ad-Hoc Networks". Fourth European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS). July 2-3, 2007: Cambridge, England. In LNCS 4572, pp. 232--246, 2007: Springer, Heidelberg, Germany. (Best Paper Award)
[Paper | Presentation | Link to publisher | Press: New Scientist, Techworld]
Tyler Moore and Jolyon Clulow. "Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks". In H. Venter, M. Eloff, L. Labuschagne, J. Eloff, and R. von Solms (eds.): New Approaches for Security, Privacy and Trust in Complex Environments, Proceedings of the IFIP TC 11 22nd International Information Security Conference (SEC 2007), 14-16 May 2007, Sandton, South Africa. IFIP Vol. 232, pp. 157-168, 2007: Springer, Heidelberg, Germany.
[Paper | Presentation | Link to publisher]
Jolyon Clulow, Gerhard Hancke, Markus Kuhn and Tyler Moore. "So Near and yet So Far: Distance-Bounding Attacks in Wireless Networks." Third European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS). September 20-21, 2006: Hamburg, Germany. In LNCS 4357, pp. 83--97, 2006: Springer, Heidelberg, Germany.
[Paper | Presentation | Link to publisher]
Jolyon Clulow and Tyler Moore. "Suicide for the Common Good: a New Strategy for Credential
Revocation in Self-Organizing Systems." ACM SIGOPS Operating Systems Reviews, volume 40, no. 3, pp. 18-21, July 2006.
[Paper | Link to publisher]
Tyler Moore. "A Collusion Attack on Pairwise Key Predistribution
Schemes for Distributed Sensor Networks." Third IEEE International
Workshop on Pervasive Computing and Communication Security. In
[Paper
| Presentation | Link to publisher]
Tyler Moore, Anthony Meehan, Gavin Manes and Sujeet Shenoi. "Using Signaling Information in Telecom Network Forensics". In M. Pollit and S. Shenoi, editors: Advances in Digital Forensics, IFIP 194, Springer, pp. 177-188, 2005.
Todd Kosloff, Tyler Moore, Jesse Keller, Gavin Manes and Sujeet Shenoi. "Attacks on Public Telephone Networks: Technologies and Challenges". SPIE Conference on Technologies for Homeland Defense and Law Enforcement. April 21, 2003: Orlando, FL, USA. Proceedings of SPIE, vol. 5071, no. 72. [Link to publisher]
Todd Kosloff, Tyler Moore, Jesse Keller, Gavin Manes and Sujeet Shenoi. "SS7 Messaging Attacks on Public Telephone Networks: Attack Scenarios and Detection". ACM Workshop on the Scientific Aspects of Cyber Terrorism. November 21, 2002: Washington, DC.
Gary Lorenz, Tyler Moore, Gavin Manes, John Hale and Sujeet Shenoi. "Securing SS7 Telecommunications Networks". Second IEEE Systems, Man and Cybernetics Information Assurance Workshop. June 5-6, 2001: West Point, New York.
WEIS 2009, the 8th Workshop on the Economics of Information Security. University College London, UK, June 24-25, 2009. Submissions due February 28, 2009 (Program committee member)
Trust 2009, the 2nd International Conference on Trusted Computing -- Socioeconomic Strand. St Hugh's College, Oxford, UK, April 6-8, 2009. Submissions due February 1, 2009 (Program committee member)
4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection. National Defense University, Washington, DC, March 14-17, 2010. Submissions due December 31, 2009 (Program co-chair, IFIP WG 11.10 vice chair)
Financial Crypto 2009, the 13th International Financial Cryptography and Data Security Conference, Barbados, 2009. (General chair)
Fifth Annual IFIP WG 11.9 International Conference on Digital Forensics. Orlando, Florida, January 25-28, 2009. (Program committee member)
ESAS 2007, the 4th European Workshop on Security and Privacy in Ad Hoc and Sensor Networks, Cambridge, UK, July 2-3, 2007. (Local arrangements chair)
PerSec 2007, the Fourth IEEE Workshop on Pervasive Computing and Communications Security. New York, March 2007 in conjunction with IEEE PerCom. (Program committee member)
IEEE Transactions on Dependable and Secure Computing
IEEE Security and Privacy Magazine
ACM Mobile Computing and Communications Review
ACM Computing Surveys
Elsevier International Journal of Critical Infrastructure Protection
My WEIS 2008 paper with Richard Clayton comparing the speed of website removal for various types of wicked content has been written up in the Guardian. Richard has written a blog post describing the part of the paper which has attracted the media's attention, namely, that websites hosting child-sexual-abuse images are removed much more slowly than any other type of content being actively removed from the Internet.
ENISA -- the European Network and Information Security Agency -- has published a report on security economics and European policy, which I co-authored along with Ross Anderson, Rainer Böhme and Richard Clayton. The report weighs policy options for tackling information security threats in a comprehensive manner. See press coverage in The Register. A shortened version summarizing the recommendations appeared at WEIS 2008, and is available here. After I presented the paper at WEIS, this work attracted additional press coverage in Network World and Security Focus.
My paper with Richard Clayton examining the effectiveness of phishing site take-down strategies has been written up in the Guardian, Infosecurity Magazine, Computing (article and leader), and BCS News.
My subsequent paper with Richard Clayton presented at APWG eCrime 2007 has been written about in PC World.
I recently wrote an article entitled Phishing and the economics of e-crime for Infosecurity Magazine. The article describes at a high level the empirical measurements of phishing I have been working on with Richard Clayton.
Infosecurity Magazine has written a news article describing our paper evaluating the so-called wisdom of crowds as a way to assess phishing websites.
The New Scientist has published an article describing our suicide protocol for revocation in distributed networks. Subsequently, another article has appeared in Techworld.
My paper on the economics of digital forensics has attracted some media coverage from the Register and ZDNet.
Other news from the Cambridge Security Group is available on our blog, Light Blue Touchpaper.
I'm an active researcher in the economics of information security. Due to its interdisciplinary nature, it can be difficult to keep track of all the venues for publishing research in this field. Below is a partial list of conferences that encourage papers on the economics of information security.
WEIS, the Workshop on the Economics of Information Security. WEIS is the flagship conference for research on the economics of information security, held in June each year. In 2010, WEIS will be hosted at Harvard; papers are due February 22.
Financial Crypto. In addition to applied cryptography papers, FC encourages submissions on the economics of information security, especially if it relates to financial security or fraud. FC 2010 takes place January 25-28, 2010 in Tenerife. Submissions are due September 15, 2009.
APWG eCrime Researchers Summit. APWG eCrime encourages submissions which measure electronic crime and the underground economy. The next conference takes place October 20-21, 2009.
IFIP WG 11.10 International Conference on Critical Infrastructure Protection. The IFIP 11.10 conference solicits papers related to the economics of critical infrastructure protection. The next conference takes place March 14-17, 2010 in Washington, DC. Submissions are due December 31, 2009.
ACM SAC, Information Security Research and Applications Track. SAC 2010 takes place March 22-26, 2010 in Switzerland. Submissions are due September 8, 2009.
Jean Camp maintains a list of EIS publication venues here. Please email me to let me know about new venues that encourage EIS publications.
Email: tmoore@seas.harvard.edu
All contents on this web page, including papers, presentations and photos, are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.