By Topic

Computer

Issue 4  Part Supplement • Date April 2002

Filter Results

Displaying Results 1 - 10 of 10
  • Editor's message - The long march

    Publication Year: 2002 , Page(s): 1 - 4
    Save to Project icon | Request Permissions | PDF file iconPDF (278 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • The Resurrecting Duckling: security issues for ubiquitous computing

    Publication Year: 2002 , Page(s): 22 - 26
    Cited by:  Papers (34)  |  Patents (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (530 KB)  

    Imagine the future: hundreds of embedded computers per person, all cooperating via ad hoc wireless networks. What will the security implications be? Peer-to-peer and ubiquitous computing systems involve many principals, but their network connectivity is intermittent and not guaranteed. Traditional approaches to authentication, from Kerberos to public-key certificates, are therefore unworkable, because they rely on online connectivity to an authentication or revocation server. The paper considers new solutions. It discusses the Resurrecting Duckling security policy model. The traditional taxonomy of security threats identifies three main classes which are considered: confidentiality, integrity or availability View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computer security education: training, scholarship, and research

    Publication Year: 2002 , Page(s): 31 - 30
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (357 KB)  

    Traditionally, computer security education falls into two distinct classes. The first is training, marked by an emphasis on particular systems, situations, or environments rather than broad principles. The second is scholarly (or scholarship), marked by an emphasis on underlying principles, concepts, and their application. The paper discusses a training course on Unix security, a scholarly course on computer security and the role of research in training education and scholarly education View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information assurance in the twenty-first century

    Publication Year: 2002 , Page(s): 16 - 19
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (339 KB)  

    Securing our networks is a huge task. To defend ourselves from cyber threats, private institutions, industry groups, and governments worldwide must make a strong commitment and cooperate at unprecedented levels View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Bug hunting: the seven ways of the Security Samurai

    Publication Year: 2002 , Page(s): 11 - 15
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (420 KB)  

    The burgeoning bug population has enhanced public awareness about security. The author outlines common bug hunting methods and techniques for actually finding bugs. To systematically find bugs, individuals do need common sense (to know what to look for), dedication (to spend endless hours poking through software code), and a bit of luck (to find meaningful results). Also helpful are a touch of arrogance, a handful of tricks and tools, and considerable social skills for effective teamwork. In fact, the required qualities don't differ much from those a typical human being needs to live well in modern society. The author defines bug hunting as a systematic process in which one or more individuals try to find security flaws in a predetermined set of "technologies", including software products, hardware devices, algorithms, formal protocols, and real-world networks and systems. Constraints on the practice might include time, resource availability, technical expertise, money, work experience, and so on View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Intrusion detection: a brief history and overview

    Publication Year: 2002 , Page(s): 27 - 30
    Cited by:  Papers (52)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (314 KB)  

    The goal of intrusion detection is seemingly simple: to detect intrusions. However, the task is difficult, and in fact intrusion detection systems do not detect intrusions at all, they only identify evidence of intrusions, either while they are in progress or after the fact. The paper considers data collection issues, intrusion detection techniques, system effectiveness and network wide analysis View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computer attack trends challenge Internet security

    Publication Year: 2002 , Page(s): 5 - 7
    Cited by:  Papers (10)  |  Patents (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (422 KB)  

    Organizations relying on the Internet face significant challenges to ensure that their networks operate safely and that their systems continue to provide critical services even in the face of attack. The article seeks to help raise awareness of some of those challenges by providing an overview of current trends in attack techniques and tools View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The case for outsourcing security

    Publication Year: 2002 , Page(s): 20 - 26
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (517 KB)  

    Deciding to outsource network security is difficult. The stakes are high, so it is no wonder that paralysis is a common reaction when contemplating whether to outsource or not. The primary argument for outsourcing is financial: a company can get the security expertise it needs much more cheaply by hiring someone else to provide it. The paper considers what to outsource and how to choose and outsourcer View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Multiple vulnerabilities in SNMP

    Publication Year: 2002 , Page(s): 2 - 4
    Cited by:  Papers (3)  |  Patents (5)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (379 KB)  

    For more than a decade, many network administrators have relied on SNMP, the Simple Network Management Protocol, to monitor and manage network devices. Now in its third release, SNMP has become the de facto standard for network management since its development in 1987. However, a recent report from the computer security watchdog CERT Coordination Center indicates that vulnerabilities in many SNMP implementations have left the products of more 100 vendors vulnerable to attack. Successful exploitation of these vulnerabilities could lead to unauthorized privileged access, denial of service attacks, or other undesirable behaviors View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security challenges for the electricity infrastructure

    Publication Year: 2002 , Page(s): 8 - 10
    Cited by:  Papers (18)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (443 KB)  

    Because critical infrastructures touch us all, the growing potential for infrastructure problems stems from multiple sources, including system complexity, economic growth, deregulation, terrorism, and even the weather. Electric power systems constitute the fundamental infrastructure of modern society. A successful terrorist attempt to disrupt electricity supplies could have devastating effects on national security, the economy, and every citizen's life. Yet power systems have widely dispersed assets that can never be absolutely defended against a determined attack. Indeed, because of the intimate connections between power systems and society's other infrastructures, we need to consider three different kinds of threats: attacks upon the power system; attacks by the power system; and attacks through the power system View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

Computer, the flagship publication of the IEEE Computer Society, publishes highly acclaimed peer-reviewed articles written for and by professionals representing the full spectrum of computing technology from hardware to software and from current research to new applications.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Sumi Helal
University of Florida
sumi.helal@gmail.com