Tyler Moore
	Tandy Professor of Cyber Security & Information Assurance
	School of Cyber Studies
	Tandy School of Computer Science
	The University of Tulsa
	tyler-moore@utulsa.edu
	Home	Publications	Security Economics	Teaching	News

Teaching

Courses

TU

CS/CYPR 7153 Foundations of Cyber Security

Introduction to cyber security concepts and topics. The security of socio-technical systems will be studied by examining a range of threats, vulnerabilities and countermeasures. Topics include software security, malware, keylogging, data loss and privacy. In addition to technical approaches, human factors, economic, legal and ethical issues will be considered. Students will participate in discussions and hands-on projects.

Semesters taught: Fall 2017, Spring 2018, Spring 2019, Fall 2020

CS 5/7143 Security Economics

Introduces economics as a tool for understanding and managing information security. Reviews key information security challenges and technologies in order to reason about the topics economically. Students are introduced to techniques of analytic and empirical modeling. Economic concepts reviewed include rationality, markets, and information. Models and metrics of security investment are presented, along with cost-benefit analysis techniques. Security games are designed to capture the strategic interaction between defenders, as well as between attacker and defenders. Techniques for empirical investigation and measurement of online crime are presented. Implications for public policy are discussed.

Semesters taught: Fall 2015, Spring 2017, Fall 2018, Fall 2019

CS 4413/6013 Secure Electronic Commerce

Technologies to facilitate secure online communications, such as SSL and digital certificates, are presented. Canonical threats to web security, such as input validation, XSS and CSRF attacks, are demonstrated using hands-on experiments. Engineered defenses against these attacks are then reviewed. Mechanisms for secure payments, such as EMV, tokenization and mobile payments protocols, are discussed along with case studies of attacks on deployed systems. The technical architecture of cryptocurrencies, notably Bitcoin, are presented. Throughout the course, economic considerations, notably the incentives of system designers and attackers, are discussed.

Semesters taught: Spring 2016, Spring 2018, Spring 2019

CS 3073 Introduction to Cyber Security

Semesters taught: Spring 2017, 2018, 2019

CS 2123 Data Structures and Algorithms

Semesters taught: Fall 2016, 2017, 2018, 2019

SMU

CSE3353: Fundamentals of Algorithms

Introduction to algorithm analysis, big Oh notation, algorithm classification by efficiency. Basic algorithm strategies and basic approaches to problem solving. Algorithms in hard- and software. Sorting and searching algorithms. Algorithms for arithmetic operations. Introduction to graph theory and graph algorithms.

Semesters taught: Spring 2013, Spring 2014, Fall 2014

CSE8098: Computer Science Seminar

Semesters taught: Fall 2012, Spring 2013, Fall 2013, Spring 2013, Fall 2014, Spring 2015

CSE5/7338: Security Economics

Introduces economics as a tool for understanding and managing information security. Reviews key information security challenges and technologies in order to reason about the topics economically. Students are introduced to techniques of analytic and empirical modeling. Economic concepts reviewed include rationality, markets, and information. Models and metrics of security investment are presented, along with cost-benefit analysis techniques. Security games are designed to capture the strategic interaction between defenders, as well as between attacker and defenders. Techniques for empirical investigation and measurement of online crime are presented. Implications for public policy are discussed.

Semesters taught: Fall 2012, Fall 2013, Fall 2014

MOOCs

Economics of Cybersecurity

On January 20, 2015, we launched an online course on the Economics of Cybersecurity, as part of edX Professional Education. The course provides a thorough introduction to the field, delivered by leading researchers from Delft University of Technology, University of Cambridge, University of Münster and Southern Methodist University.

The course provides the economic concepts, measurement approaches and data analytics to make better security decisions, as well as understand the forces that shape the security decisions of other actors in the ecosystem of information goods and services. It covers four main areas:

1. Introduction to key concepts in the economics of cybersecurity. Here, we provide an overview of the properties of information goods and how this shapes the security in these markets.
2. Measurements and empirical research into security issues, decisions and incentives of actors. We analyze data on security incidents in different markets, as well apply economic concepts to explain the strategies of attackers and defenders.
3. Economics of information security investment. We discuss and apply different economic models that help determine the costs and benefits of security investments.
4. Market failures and policy interventions. We discuss available economic tools to better align the incentives for cybersecurity, including better technologies, security metrics, cyber insurance and risk transfer, information sharing, and liability assignment.
5. Human behaviour. We explore the lessons from behavioral economics to understand the heuristics and biases of actors when they diverge from what is considered rational behaviour in conventional economic theory.

After successfully completing this course, you will be able to position yourself as a vital subject matter expert regarding the economic drivers that influence cybersecurity. The e-learning course and case studies provide a solid fundamental understanding of the economics of cybersecurity as discipline. We believe these new resources will help to raise the awareness among those of you in the profession today -as well as those of you with a future in cybersecurity- about the role that you can play in helping us to ensure a more secure society.

Videos of all lectures are now available on YouTube.

Wellesley

CS 349B: Quantifying the World (Wellesley College, Spring 2012)

We now live in a world of information, where data can be leveraged to rapidly answer previously unanswerable questions. This course will teach students how to make sense of the large amounts of data frequently available, from hypothesis formation and data collection to methods of analysis and visualization. We begin by discussing how to set up Internet-level experiments and formulate testable hypotheses. We then learn ways to automatically gather, store and query large datasets. Next, we introduce two important classes of analysis: statistical methods (descriptive and predictive) and information visualization. Students will learn to use the Python and R programming languages to carry out data collection, analysis and visualization, culminating in a final project using real data of the students’ choosing.

Semester taught Spring 2012

CS110: Computers and the Internet

Computer Science 110 is a broad introduction to computers, the Internet, information representation, and the art of computer programming. The course begins with an introduction to the World Wide Web and to the HyperText Markup Language (HTML), a language for structuring the content of web pages. The Cascading Style Sheets (CSS) language is introduced as a way to describe the appearance of web pages. Students also learn JavaScript, a scripting language that enables adding dynamic behavior to web pages. The digital representation of information is a common thread that runs through the course. We show how numbers, text, colors, images, sound, and video can all be represented in terms of bits, the fundamental unit of digital information. We also discuss social, legal, and ethical implications of the digital revolution. Topics include critical evaluation of web sources, copyright laws, digital rights management, privacy, and security. The course culminates in a project in which pairs of students design, implement, test, and present websites for a real client

Semester taught: Fall 2011

Search Course Material

Supervising Research

In addition to teaching courses, I supervise student research at both the graduate and undergraduate level.

Old research group photos: 2013

Current PhD Students

• Seth Hastings 2020 - present
• Andrew Morin 2019 - present
• Arghya Mukherjee 2018 - present
• Shuonan Niu 2018 - present
• Geoffrey Simpson (TU) 2017 - present
• Codi West 2019 - present

MS Students

Undergraduate Students

• Weston Phillips (TU) 2019 - present
• Meaghan Longenberger (TU) 2018 - present
• Zimo (Jerry) Chai (TU) 2017 - 2018
• Hannah Robbins (TU) 2017 - present
• Tom Wu (TU) 2017 - present
• Aaron Krusniak (TU) 2016 - present
• Steven Diaz (TU) 2016 - present
• Joe Brett (TU) 2016
• Noah Mendoza (SMU) 2015
• Andrew Fulsom (SMU) 2015
• Justin Konersmann (SMU), 2014 -- implemented a tool to measure denial-of-service attacks on Bitcoin.
• Viral Kotecha (SMU), 2014 -- investigating scams involving Bitcoin.
• Luke Oglesbee (SMU), 2014 -- StopBadware intern working on automatic detection of web-based malware.
• Chase Harker (SMU), 2013 -- implemented a tool to automatically convert long-form URLs into shortened URLs using scores of different services.
• Jarret Shook (SMU), 2013-2014 -- designed and implemented a multi-threaded tool to programmaticly invoke virtual machines to visit arbitrary websites and record key evidence of cybercriminal activities.
• Elena Villamil (SMU), 2013-2014 -- implemented a tool to automatically gather and analyze regulatory filings relevant to cybersecurity breaches at publicly-traded companies.
• John Wadleigh (SMU), 2013-2014 -- designed and implemented a mechanism to automatically identify popular WordPress plugins, as well as analyze their relative incidence of compromise.
• Jie Han (Wellesley College), 2010-2012 -- designed and implemented data collection and visualization of online Ponzi schemes. Paper published at Financial Crypto 2012
• Marie Vasek (Wellesley College), 2011-2012 -- designed and conducted an experiment evaluating the effectiveness of malware notices. Paper published at USENIX Workshop on Cybersecurity Experimentation and Test (CSET) 2012
• Era Vuksani (Wellesley College), 2011-2012 -- designed an educational computer security game, published as an Honors thesis at Wellesley College.

High School Students (TURC Junior Scholars)

• Eli Brock 2017

Visiting Students

• Daniel Woods (University of Oxford, UK), 2018-2019
• Markus Riek (University of Münster, Germany), 2013-2014 -- developed a structural equation model for a secondary analysis of an EU survey on cybercrime attitudes and experiences. Paper published at WEIS 2014.

Alumni

• Marie Vasek (Ph.D., TU): Faculty, University College London
  Thesis: Measuring Bitcoin-based cybercrime
• JT Hamrick (Ph.D., TU) 2015 - 2020: CTO, Hikari Labs
• Michael Collett (M.S., TU)
• Prakash Thapa (M.S., TU)
• Philippe Bled (M.S., TU)
• Muwei Zheng (M.S., TU): PhD Student, UC Davis
• Matthew Weeden (M.S., TU)
  Thesis: A system for sharing abuse data with web hosting providers
• David Benson (SMU postdoc): School of Advanced Air and Space Studies
• Jake Drew (Ph.D., SMU)
  Thesis: Scalable machine learning using applications in bioinformatics and cybercrime
• Lewis Sykalski (D.Eng., SMU)
  Praxis: A reusable framework for security dataset analysis
• Thomas Griffin (M.S., SMU)
• John Wadleigh (M.S., SMU)
  Thesis: Tracking how cybercriminals compromise websites to sell counterfeit goods