By Topic

IEEE Security & Privacy

Issue 2 • Date March-April 2013

Filter Results

Displaying Results 1 - 24 of 24
  • Front Cover

    Publication Year: 2013, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (1577 KB)
    Freely Available from IEEE
  • Table of Contents

    Publication Year: 2013, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (1192 KB)
    Freely Available from IEEE
  • Breaking-in Research

    Publication Year: 2013, Page(s):3 - 4
    Request permission for commercial reuse | PDF file iconPDF (379 KB) | HTML iconHTML
    Freely Available from IEEE
  • Masthead

    Publication Year: 2013, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (245 KB)
    Freely Available from IEEE
  • Security, Privacy, Policy, and Dependability Roundup

    Publication Year: 2013, Page(s):6 - 7
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (173 KB) | HTML iconHTML

    Our news briefs cover the latest in security, privacy, policy, and dependability. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Silver Bullet Talks with Steve Bellovin

    Publication Year: 2013, Page(s):8 - 11
    Request permission for commercial reuse | PDF file iconPDF (496 KB) | HTML iconHTML
    Freely Available from IEEE
  • Crossing the Great Divide: Transferring Security Technology from Research to the Market

    Publication Year: 2013, Page(s):12 - 13
    Request permission for commercial reuse | PDF file iconPDF (499 KB) | HTML iconHTML
    Freely Available from IEEE
  • Crossing the "Valley of Death": Transitioning Cybersecurity Research into Practice

    Publication Year: 2013, Page(s):14 - 23
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1056 KB) | HTML iconHTML

    New and innovative technologies will only make a difference if they're deployed and used. It doesn't matter how visionary a technology is unless it meets user needs and requirements and is available as a product via user-acceptable channels. One of the cybersecurity research community's biggest ongoing challenges is transitioning technology into commercial or open source products available in the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Building a Bridge across the Transition Chasm

    Publication Year: 2013, Page(s):24 - 33
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1018 KB) | HTML iconHTML

    Best practices for transitioning commercially funded research to operational environments don't always apply to government-funded cybersecurity endeavors due to constraints imposed by government regulations, certifications, and funding cycles. Most approaches for crossing this "valley of death" have been offered from the perspective of government sponsors and acquisition authorities. This article ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Federated Identity Management - We Built It; Why Won't They Come?

    Publication Year: 2013, Page(s):34 - 41
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (493 KB) | HTML iconHTML

    Solutions for federated identity management (FIM) are maturing; however, the adoption rate of this technology hasn't been as high as expected. The authors conducted and analyzed eleven semistructured interviews with representatives from the Norwegian oil and gas industry to learn more about the perceived benefits and challenges of FIM adoption. Their results show that some benefits of FIM adoption... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Crossing the Great Divide: From Research to Market

    Publication Year: 2013, Page(s):42 - 46
    Request permission for commercial reuse | PDF file iconPDF (839 KB)
    Freely Available from IEEE
  • Protecting Your Software Updates

    Publication Year: 2013, Page(s):47 - 54
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (588 KB) | HTML iconHTML

    As described in many blog posts and the scientific literature, exploits for software vulnerabilities are often engineered on the basis of patches, which often involves the manual or automated identification of vulnerable code. The authors evaluate how this identification can be automated with the most frequently referenced diffing tools, demonstrating that for certain types of patches, these tools... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • LTE/SAE Security Issues on 4G Wireless Networks

    Publication Year: 2013, Page(s):55 - 62
    Cited by:  Papers (17)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1136 KB) | HTML iconHTML

    The authors give an overview on the state of the art of potential security issues that occur in the deployment of the LTE/SAE (Long-Term Evolution/System Architecture Evolution) protocol in emerging 4G wireless technologies. Although security concerns and challenges in wireless networks will remain a hot topic in the future, the LTE/SAE standard could adapt to these rising challenges, becoming mor... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • By Executive Order: Delivery of Cyber Intelligence Imparts Cyber Responsibilities

    Publication Year: 2013, Page(s):63 - 67
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (643 KB) | HTML iconHTML

    The US, like most countries, is grappling with how to handle cybersecurity issues, especially threats to critical infrastructure. How and where should a government intervene, and which entities have responsibility for notice and action? The authors comment on a recent US Executive Order and its evolution from failed attempts to enact cybersecurity legislation. Although the details are specific to ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Time-Outing Internet Services

    Publication Year: 2013, Page(s):68 - 71
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (352 KB) | HTML iconHTML

    Uncertainty and response time instability can affect invoked Web services' usability, performance, trustworthiness, and dependability. To resolve uncertainty, researchers have applied a three-pronged approach. First, they remove uncertainty through advances in data collection, response time measurement, and benchmarking. Second, they employ a mathematical foundation for modeling uncertainty. Final... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Authorship Is Continuous: Managing Code Plagiarism

    Publication Year: 2013, Page(s):72 - 74
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (182 KB) | HTML iconHTML

    Code plagiarism is an increasing problem in computer science courses. To deal with this problem, the Vipassana software tool gives instructors improved visibility into their students' programming process. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • What Happened to the Crypto Dream?, Part 1

    Publication Year: 2013, Page(s):75 - 76
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (131 KB) | HTML iconHTML

    One way to use cryptography for privacy is to tweak various systems to be privacy-preserving. But the more radical cypherpunk movement sought to wield crypto as a weapon of freedom, autonomy, and privacy that would fundamentally and inexorably reshape social, economic, and political power structures. This installment of On the Horizon primarily examines the latter use. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Shortage of Privacy Engineers

    Publication Year: 2013, Page(s):77 - 79
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (358 KB) | HTML iconHTML

    Companies have an urgent need for trained privacy engineers who can hit the ground running. New courses and degree programs are needed to train students for these privacy engineering jobs. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Network Service Authentication Timing Attacks

    Publication Year: 2013, Page(s):80 - 82
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (733 KB) | HTML iconHTML

    The common wisdom is that string comparison timing attacks against a hashed password are impossible. However, these attacks can still be effective if attackers give up on the ideal of stealing all the characters representing the user's password or the entire hash. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Avoiding a War on Unauthorized Computation

    Publication Year: 2013, Page(s):83 - 88
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (177 KB) | HTML iconHTML

    Any attempt to regulate-or, indeed, legally define-exploits will cause irreparable harm to both coder freedoms and consumer systems' trustworthiness. It will reduce the sum of our knowledge about how systems can and cannot behave-and thus of what they can and cannot be trusted with. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • When Does Targeting Make Sense for an Attacker?

    Publication Year: 2013, Page(s):89 - 92
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (940 KB) | HTML iconHTML

    How do so many Internet users escape harm? The range of attacks is enormous and growing; we know that most users neglect even basic defense measures. Yet things somehow muddle along: 2 billion people use the Internet and seem to derive more good than harm from it. If security is only as good as the weakest link, why don't worst-case outcomes happen regularly? Why isn't everyone hacked every day? T... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Complementary Perspectives on Privacy and Security: Economics

    Publication Year: 2013, Page(s):93 - 95
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (999 KB) | HTML iconHTML

    Economics and behavioral economics offer different but complementary approaches to understanding privacy and security. This article explains briefly their differences and similarities, and why they matter in our thinking about security and privacy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IT for Oppression

    Publication Year: 2013, Page(s): 96
    Request permission for commercial reuse | PDF file iconPDF (313 KB) | HTML iconHTML
    Freely Available from IEEE
  • Magazine Subscribe [Advertisement]

    Publication Year: 2013, Page(s): c4
    Request permission for commercial reuse | PDF file iconPDF (1583 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu