All contents on this web page, including papers, presentations and photos, are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.
I am a postdoctoral fellow at the Center for Research on Computation and Society (CRCS) at Harvard University. My research at CRCS focuses on the economics of information security, the study of electronic crime, and the development of policy for strengthening security. Additional research interests include decentralized network (e.g., peer-to-peer, ad-hoc and sensor network) security, critical infrastructure protection and digital forensics. In the fall of 2011, I will be joining Wellesley College as a Norma Wilentz Hess Visiting Assistant Professor of Computer Science.
In July 2008, I completed my PhD in Computer Science at the University of Cambridge, St John's College, supervised by Ross Anderson. You can view my dissertation here. As an undergraduate, I attended the University of Tulsa, graduating with a BS in Computer Science and a BS in Applied Mathematics. My PhD studies were supported by a Marshall Scholarship and NSF Graduate Research Fellowship.
My CV is available here.
I'm an active researcher in the economics of information security. Here is a selection of papers that I have written in the area grouped by topic. For a more comprehensive listing of papers in the field, see Ross Anderson's Economics and Security Resource Page.
Ross Anderson and Tyler Moore. "The Economics of Information Security." Science 314 (5799), pp.610-613, October 27, 2006. [Paper | Link to publisher]
Tyler Moore, Richard Clayton and Ross Anderson. "The Economics of Online Crime." Journal of Economic Perspectives 23(3), pp. 3-20, 2009. [Paper | Link to publisher | Italian translation]
Tyler Moore and Ross Anderson. "Economics and Internet Security: a Survey of Recent Analytical, Empirical and Behavioral Research." Harvard Computer Science Technical Report TR-03-11 (to appear as a chapter in the Oxford Handbook of the Digital Economy, 2011) [Paper]
Tyler Moore. "The Economics of Cybersecurity: Principles and Policy Options". International Journal of Critical Infrastructure Protection 3 (3-4), pp. 103-117, December 2010. [Paper | Link to publisher] (Based on a report for the US National Academy of Sciences, Proceedings of a Workshop on Deterring Cyberattacks, pp. 3-23)
Ross Anderson, Rainer Böhme, Richard Clayton and Tyler Moore. "Security Economics and European Policy." Seventh Workshop on the Economics of Information Security. June 26-28, 2008: Hanover, NH, USA. [Paper | Press: Network World, Security Focus, The Register] (Based on this report written for ENISA)
Nektarios Leontiadis, Tyler Moore and Nicolas Christin. "Measuring and Analyzing Search-Redirection Attacks in the Illict Online Prescription Drug Trade". 20th USENIX Security Symposium. August 10-12, 2011: San Francisco, CA. [Paper | Blog Post]
Tyler Moore and Benjamin Edelman. "Measuring the Perpetrators and Funders of Typosquatting." 14th International Conference on Financial Cryptography and Data Security. January 25-28, 2010: Tenerife, Spain. [Paper | Web Appendix | Press: New Scientist, The Register, ZDNet]
Tyler Moore and Richard Clayton. "Examining the Impact of Website Take-down on Phishing." Second APWG eCrime Researcher's Summit. October 4-5, 2007: Pittsburgh, PA, USA.
[Paper | Presentation | Link to publisher | Press: PC World, Infosecurity Magazine]
Tyler Moore and Richard Clayton. "The Consequence of Non-Cooperation in the Fight Against Phishing." Third APWG eCrime Researchers Summit. October 15-16, 2008: Atlanta, GA. [Paper | Presentation]
Tyler Moore and Richard Clayton. "The Impact of Incentives on Notice and Take-down." Seventh Workshop on the Economics of Information Security. June 26-28, 2008: Hanover, NH, USA.
[Paper | Press: The Guardian]
Tyler Moore and Richard Clayton. "The Impact of Public Information on Phishing Attack and Defense." Communications and Strategies 81(1), pp. 45-68, 2011.
[Paper | Original conference paper from FC 2009 | Presentation | Link to publisher for conference version]
Rainer Böhme, Tyler Moore. "The Iterated Weakest Link - A Model of Adaptive Security Investment." 8th Workshop on the Economics of Information Security (WEIS). June 24-24, 2009: London, UK. [Full Paper | Presentation | Essay in IEEE Security and Privacy -- winner of the Gordon Prize in Managing Cybersecurity Resources | Link to publisher]
Tyler Moore, Allan Friedman and Ariel Procaccia. "Would a 'Cyber Warrior' Protect Us? Exploring Trade-offs Between Attack and Defense of Information Systems". 13th New Security Paradigms Workshop (NSPW). September 21-23, 2010: Concord, Massachusetts. [Paper]
Due to its interdisciplinary nature, it can be difficult to keep track of all the venues for publishing research in the field of security economics. Below is a partial list of conferences that encourage papers on the economics of information security.
WEIS, the Workshop on the Economics of Information Security. WEIS is the flagship conference for research on the economics of information security, held in June each year. WEIS 2011 will be held in Arlington, Virginia, hosted by George Mason University on June 14-15. Papers are due February 28. All papers from past WEIS conferences are available on their respective websites (WEIS 2010 and WEIS 2002-2009).
Financial Crypto (FC). In addition to applied cryptography papers, FC encourages submissions on the economics of information security, especially if it relates to financial security or fraud. FC 2011 takes place February 28-March 4, 2011 in St Lucia. The program includes a session on Security Economics, in addition to panels and papers on banking security. Papers from past conferences are linked to from the IFCA website.
APWG eCrime Researchers Summit. APWG eCrime encourages submissions which measure electronic crime and the underground economy. The conference usually takes place October.
IFIP WG 11.10 International Conference on Critical Infrastructure Protection. The IFIP 11.10 conference solicits papers related to the economics of critical infrastructure protection. The next conference takes place March 23-25, 2011 in Dartmouth, NH.
Trust, the International Conference on Trusted Computing -- Socio-economic Strand. Trust takes security economics papers with an emphasis on trustworthy infrastructures. Trust 2011 will be held at Carnegie Mellon University, Pittsburgh, PA, June 22-24, 2011. Submissions due March 1, 2011.
Jean Camp maintains a list of EIS publication venues here. Please email me to let me know about new venues that encourage EIS publications.
"Cooperative attack and defense in distributed networks." University of Cambridge, St. John's College, July 2008. [Link]
Tyler Moore, Nektarios Leontiadis and Nicolas Christin. "Fashion Crimes: Trending-Term Exploitation on the Web". 18th ACM Conference on Computer and Communications Security. October 18-20, 2011: Chicago, IL.
Nektarios Leontiadis, Tyler Moore and Nicolas Christin. "Measuring and Analyzing Search-Redirection Attacks in the Illict Online Prescription Drug Trade". 20th USENIX Security Symposium. August 10-12, 2011: San Francisco, CA. [Paper | Blog Post]
Susan Landau and Tyler Moore. "Economic Tussles in Federated Identity Management". 10th Workshop on the Economics of Information Security. June 14-15, 2011: Fairfax, VA. [Paper]
Steven Hofmeyr, Tyler Moore, Stephanie Forrest, Benjamin Edwards, George Stelle. "Modeling Internet-Scale Policies for Cleaning up Malware". 10th Workshop on the Economics of Information Security. June 14-15, 2011: Fairfax, VA. [Paper]
Tyler Moore and Richard Clayton. "Ethical Dilemmas in Take-down Research". 2nd Workshop on the Ethics of Computer Security Research (WECSR). March 4, 2011: St Lucia. [Paper | Presentation]
Tyler Moore. "The Economics of Cybersecurity: Principles and Policy Options". International Journal of Critical Infrastructure Protection 3 (3-4), pp. 103-117, December 2010. [Paper | Link to publisher] (Based on a report for the US National Academy of Sciences, Proceedings of a Workshop on Deterring Cyberattacks, pp. 3-23)
Tyler Moore, Allan Friedman and Ariel Procaccia. "Would a 'Cyber Warrior' Protect Us? Exploring Trade-offs Between Attack and Defense of Information Systems". 13th New Security Paradigms Workshop (NSPW). September 21-23, 2010: Concord, Massachusetts. [Paper]
Tyler Moore and Benjamin Edelman. "Measuring the Perpetrators and Funders of Typosquatting". 14th International Conference on Financial Cryptography and Data Security. January 25-28, 2010: Tenerife, Spain. [Paper | Web Appendix | Press: New Scientist, The Register, ZDNet]
Tal Moran and Tyler Moore. "The Phish Market Protocol: Securely Sharing Attack Data Between Competitors". 14th International Conference on Financial Cryptography and Data Security. January 25-28, 2010: Tenerife, Spain. [Paper]
Tyler Moore, Richard Clayton and Ross Anderson. "The Economics of Online Crime." Journal of Economic Perspectives 23(3), pp. 3-20, 2009. [Paper | Link to publisher | Italian translation]
Rainer Böhme, Tyler Moore. "The Iterated Weakest Link - A Model of Adaptive Security Investment." 8th Workshop on the Economics of Information Security (WEIS). June 24-24, 2009: London, UK. [Paper | Presentation]
Tyler Moore, Richard Clayton and Henry Stern. "Temporal Correlations between Spam and Phishing Websites." 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '09). April 21, 2009: Boston, MA. [Paper | Presentation]
Tyler Moore and Richard Clayton. "Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing." 13th International Conference on Financial Cryptography and Data Security. February 23-26, 2009: Barbados. [Paper | Presentation | Link to publisher]
Tyler Moore and Richard Clayton. "The Consequence of Non-Cooperation in the Fight Against Phishing." Third APWG eCrime Researchers Summit. October 15-16, 2008: Atlanta, GA. [Paper | Presentation]
Tyler Moore and Richard Clayton. "The Impact of Incentives on Notice and Take-down." Seventh Workshop on the Economics of Information Security. June 26-28, 2008: Hanover, NH, USA.
[Paper | Press: The Guardian]
Ross Anderson, Rainer Böhme, Richard Clayton and Tyler Moore. "Security Economics and European Policy." Seventh Workshop on the Economics of Information Security. June 26-28, 2008: Hanover, NH, USA.
[Paper | Press: Network World, Security Focus, The Register]
Tyler Moore and Richard Clayton. "Evaluating the Wisdom of Crowds in Assessing Phishing Websites." 12th International Financial Cryptography and Data Security Conference (FC08). January 28-31, 2008: Cozumel, Mexico.
[Paper | Presentation |Link to publisher | Press: Infosecurity Magazine | Virus Bulletin]
Tyler Moore and Richard Clayton. "Examining the Impact of Website Take-down on Phishing." Second APWG eCrime Researcher's Summit. October 4-5, 2007: Pittsburgh, PA, USA. (Best Paper Award, Cambridge Computer Lab 2008 Publication of the Year)
[Paper | Presentation | Link to publisher | Press: PC World, Infosecurity Magazine]
Tyler Moore and Richard Clayton. "An Empirical Analysis of the Current State of Phishing Attack and Defence." Sixth Workshop on the Economics of Information Security. June 7-8, 2007: Pittsburgh, PA, USA.
[Paper | Presentation | Press: The Guardian, Infosecurity Magazine, Computing (article and leader), BCS News]
Ross Anderson, Tyler Moore, Shishir Nagaraja, and Andy Ozment. "Incentives and Information Security." In N. Nisan, T. Roughgarden, E. Tardos, and V. Vazirani, editors: Algorithmic Game Theory, pp. 633-649. Cambridge University Press, New York (2007)
[Link to publisher]
Ross Anderson and Tyler Moore. "The Economics of Information Security: A Survey and Open Questions." Fourth Bi-annual Conference on the Economics of the Software and Internet Industries. January 19-20, 2007: Toulouse, France.
[Paper]
Ross Anderson and Tyler Moore. "The Economics of Information Security." Science 314 (5799), pp.610-613, October 27, 2006.
[Paper | Link to publisher]
Tyler Moore. "The Economics of Digital Forensics." Fifth Workshop on the Economics and Information Security. June 26-28, 2006: Cambridge, England.
[Paper | Press: The Register, ZDNet]
Tyler Moore and Ross Anderson. "Trends in Security Economics." European Network and Information Security Agency Quarterly. December 2005.
[Paper]
Tyler Moore. "Countering Hidden-Action Attacks on Networked Systems." Fourth Workshop on the Economics and Information Security. June 2-3, 2005: Cambridge, MA, USA.
[Paper | Presentation]
Tyler Moore, Maxim Raya, Jolyon Clulow, Panos Papadimitratos, Ross Anderson and Jean-Pierre Hubaux. "Fast Exclusion of Errant Devices from Vehicular Networks". Fifth Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON). June 16-20, 2008: San Francisco, CA, USA.
[Paper | Link to publisher]
Tyler Moore, Jolyon Clulow, Ross Anderson and Shishir Nagaraja. "New Strategies for Revocation in Ad-Hoc Networks". Fourth European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS). July 2-3, 2007: Cambridge, England. In LNCS 4572, pp. 232--246, 2007: Springer, Heidelberg, Germany. (Best Paper Award)
[Paper | Presentation | Link to publisher | Press: New Scientist, Techworld]
Tyler Moore and Jolyon Clulow. "Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks". In H. Venter, M. Eloff, L. Labuschagne, J. Eloff, and R. von Solms (eds.): New Approaches for Security, Privacy and Trust in Complex Environments, Proceedings of the IFIP TC 11 22nd International Information Security Conference (SEC 2007), 14-16 May 2007, Sandton, South Africa. IFIP Vol. 232, pp. 157-168, 2007: Springer, Heidelberg, Germany.
[Paper | Presentation | Link to publisher]
Jolyon Clulow, Gerhard Hancke, Markus Kuhn and Tyler Moore. "So Near and yet So Far: Distance-Bounding Attacks in Wireless Networks." Third European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS). September 20-21, 2006: Hamburg, Germany. In LNCS 4357, pp. 83--97, 2006: Springer, Heidelberg, Germany.
[Paper | Presentation | Link to publisher]
Jolyon Clulow and Tyler Moore. "Suicide for the Common Good: a New Strategy for Credential
Revocation in Self-Organizing Systems." ACM SIGOPS Operating Systems Reviews, volume 40, no. 3, pp. 18-21, July 2006.
[Paper | Link to publisher]
Tyler Moore. "A Collusion Attack on Pairwise Key Predistribution
Schemes for Distributed Sensor Networks." Third IEEE International
Workshop on Pervasive Computing and Communication Security. In
[Paper
| Presentation | Link to publisher]
Tyler Moore, Anthony Meehan, Gavin Manes and Sujeet Shenoi. "Using Signaling Information in Telecom Network Forensics". In M. Pollit and S. Shenoi, editors: Advances in Digital Forensics, IFIP 194, Springer, pp. 177-188, 2005.
Todd Kosloff, Tyler Moore, Jesse Keller, Gavin Manes and Sujeet Shenoi. "Attacks on Public Telephone Networks: Technologies and Challenges". SPIE Conference on Technologies for Homeland Defense and Law Enforcement. April 21, 2003: Orlando, FL, USA. Proceedings of SPIE, vol. 5071, no. 72. [Link to publisher]
Todd Kosloff, Tyler Moore, Jesse Keller, Gavin Manes and Sujeet Shenoi. "SS7 Messaging Attacks on Public Telephone Networks: Attack Scenarios and Detection". ACM Workshop on the Scientific Aspects of Cyber Terrorism. November 21, 2002: Washington, DC.
Gary Lorenz, Tyler Moore, Gavin Manes, John Hale and Sujeet Shenoi. "Securing SS7 Telecommunications Networks". Second IEEE Systems, Man and Cybernetics Information Assurance Workshop. June 5-6, 2001: West Point, New York.
WEIS 2011, the 10th Workshop on the Economics of Information Security.
George Mason University, Arlington, VA, June 14-15, 2011. Submissions due February 28, 2011 (Program committee member)
Past years: 2010 (PC chair), 2009 (PC co-chair), 2008 (PC member), 2007 (PC member), 2006 (general chair)
Financial Crypto 2011, the 15th International Financial Cryptography and Data Security Conference, St Lucia, 2009. (Program committee member)
Past years: 2009 (general chair)
NSPW 2011, the New Security Paradigms Workshop. Marin County, CA, September 12-15, 2011 (Program committee member)
Trust 2011, the 4th International Conference on Trusted Computing -- Socioeconomic Strand. Carnegie Mellon University, Pittsburgh, PA, June 22-24, 2011. Submissions due March 1, 2011 (Program committee member)
Past years: 2009-2010 (PC member)
IFIP WG 11.10 International Conference on Critical Infrastructure Protection. Dartmouth College, Hanover, NH, March 23-25, 2011. (Program committee member)
Past years: 2010 (Program co-chair), 2007-2009 (PC Member)
ACM SAC, Information Security Research and Applications Track 2009 (PC member)
ESAS 2007, the 4th European Workshop on Security and Privacy in Ad Hoc and Sensor Networks, Cambridge, UK, July 2-3, 2007. (Local arrangements chair)
PerSec 2007, the Fourth IEEE Workshop on Pervasive Computing and Communications Security. New York, March 2007 in conjunction with IEEE PerCom. (Program committee member)
IEEE Transactions on Dependable and Secure Computing
IEEE Security and Privacy Magazine
ACM Mobile Computing and Communications Review
ACM Computing Surveys
Elsevier International Journal of Critical Infrastructure Protection
My WEIS 2008 paper with Richard Clayton comparing the speed of website removal for various types of wicked content has been written up in the Guardian. Richard has written a blog post describing the part of the paper which has attracted the media's attention, namely, that websites hosting child-sexual-abuse images are removed much more slowly than any other type of content being actively removed from the Internet.
ENISA -- the European Network and Information Security Agency -- has published a report on security economics and European policy, which I co-authored along with Ross Anderson, Rainer Böhme and Richard Clayton. The report weighs policy options for tackling information security threats in a comprehensive manner. See press coverage in The Register. A shortened version summarizing the recommendations appeared at WEIS 2008, and is available here. After I presented the paper at WEIS, this work attracted additional press coverage in Network World and Security Focus.
My paper with Richard Clayton examining the effectiveness of phishing site take-down strategies has been written up in the Guardian, Infosecurity Magazine, Computing (article and leader), and BCS News.
My subsequent paper with Richard Clayton presented at APWG eCrime 2007 has been written about in PC World.
I recently wrote an article entitled Phishing and the economics of e-crime for Infosecurity Magazine. The article describes at a high level the empirical measurements of phishing I have been working on with Richard Clayton.
Infosecurity Magazine has written a news article describing our paper evaluating the so-called wisdom of crowds as a way to assess phishing websites.
The New Scientist has published an article describing our suicide protocol for revocation in distributed networks. Subsequently, another article has appeared in Techworld.
My paper on the economics of digital forensics has attracted some media coverage from the Register and ZDNet.
Other news from the Cambridge Security Group is available on our blog, Light Blue Touchpaper.
Email: tmoore@seas.harvard.edu
All contents on this web page, including papers, presentations and photos, are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.