By Topic

Security & Privacy, IEEE

Issue 1 • Date Jan.-Feb. 2003

Filter Results

Displaying Results 1 - 17 of 17
  • Full text access may be available. Click article title to sign in or learn about subscription options.
  • Two views on security software liability. Let the legal system decide

    Page(s): 70 - 72
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (205 KB)  

    Rather than use the product liability screwdriver as a chisel, why not consider a package of more effective tools. Corporations and individuals that market software despite knowledge of software security flaws should face criminal prosecution as well as civil lawsuits with punitive damages. Perhaps bounties should be available for the first to discover and establish the existence of a security flaw. Publishers should be required to post to the Web and otherwise publicize promptly patch availability. The software equivalent of an Underwriters Laboratories should establish and constantly improve security-related standards and testing protocols. It should be made readily apparent whether a program has passed and at what level. Prospective customers should be educated and encouraged to insist on software that has passed. Stronger software security is important. Software developers and publishers must do better. But product liability is not the right legal tool for the job. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • We are all security consumers

    Page(s): 104
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (172 KB)  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Full text access may be available. Click article title to sign in or learn about subscription options.
  • An analysis of the Slapper worm

    Page(s): 82 - 87
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (225 KB)  

    We can prove that the Slapper is a variation of the Apache Scalper worm by comparing the source code. Modifications introduced in the Slapper worm improved the robustness and efficiency of its predecessor's simplistic P2P networking capabilities. Slapper's author also removed certain features from the original-either because they were redundant or to reduce the perception that it was a tool developed to cause direct harm to networks. Among the features the author removed from the Slapper were capabilities to update itself from a remotely specified Web server (perhaps to prevent someone else from replacing this version with a new one), to attack and infect a host specified with a controlling program, and to send spans. Interestingly, the ability to execute distributed denial-of-service attacks on a controlling user's behalf was kept intact. Slapper's author attempted to make communications with a remote controlling program as stealthy and untraceable as possible by removing several commands to query status and obtain feedback from Slapper nodes. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fairy dust, secrets, and the real world [computer security]

    Page(s): 89 - 93
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (228 KB)  

    Computation must exist in the physical world. Security designs that require secrets must hide and use them in the real world. Unfortunately, the real world offers more paths to secret storage and more observable computational artifacts than these security designs anticipate. Careful integration of physical defenses and security architecture can sometimes succeed against the adversary class designers consider. However, in the long term, we hope for either a quantum leap in physically defensible technology-or a significant reduction in the properties that designs force us to assume about our computers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Remembrance of data passed: a study of disk sanitization practices

    Page(s): 17 - 27
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (354 KB)  

    Many discarded hard drives contain information that is both confidential and recoverable, as the authors' own experiment shows. The availability of this information is little publicized, but awareness of it will surely spread. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The dangers of mitigating security design flaws: a wireless case study

    Page(s): 28 - 36
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (343 KB)  

    Mitigating design flaws often provides the only means to protect legacy equipment, particularly in wireless local area networks. A synchronous active attack against the wired equivalent privacy protocol demonstrates how mitigating one flaw or attack can facilitate another. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • International participation. The continuing march toward security and privacy

    Page(s): 79 - 81
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (241 KB)  

    To create a future with improved prospects for dealing with security and privacy, nations will have to reach agreement on many issues, including Banking and financial services; privacy laws related to sensitive data such as healthcare information; intellectual property (IP) rights, their reasonable protection, and the significant challenge of achieving international agreement on an enforceable set of common standards; cybercrime laws and penalties for breaking them and new networking technologies that adversely impact privacy, the subtleties of which might not be fully appreciated until a product is well entrenched. Many of these issues have been around since the onset of literacy, but the challenge of dealing with them has grown enormously in the information age owing to the speed, storage capacity, intelligence, and ubiquity of modern IT (and its inherent vulnerabilities). View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • What is computer security?

    Page(s): 67 - 69
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (512 KB)  

    Computer and network security, or cybersecurity, are critical issues. But merely protecting the systems that hold data about citizens, corporations, and government agencies it is not enough. The infrastructure of networks, routers, domain name servers, and switches that glue these systems together must not fail, or computers will no longer be able to communicate accurately or reliably. Given the magnitude of securing cyberspace, a reflection on what we are trying to do seems in order. Several questions arise, such as what exactly the infrastructure is, what threats it must be secured against, and how protection can be provided on a cost-effective basis. But underlying all these questions is how to define a secure system. What is security? Having it is obviously good; everyone says so. But few people define it exactly, or even nebulously. This column tries to place cybersecurity in perspective, because it is, of course, central to countries, organizations, and even home users now and in the future. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy vs. information technology

    Page(s): 100 - 103
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (209 KB)  

    Modern information technology is facilitating the steady disappearance of individual privacy - even under normal circumstances. Add a real or hyped threat to the common good, and the erosion of individual privacy is further accelerated. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Copyright extension: Eldred v. Ashcroft

    Page(s): 76 - 78
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (337 KB)  

    In recent years the US Congress has expanded both the scope and duration of copyright law. For example, the United States now recognizes copyrights in sound recordings, computer software, and (since 1990) the moral rights of a visual artist, such as the right to be identified as the author and the right against destruction of a work. Four years ago, the Sonny Bono Act (more formally known as the Copyright Term Extension Act) added 20 years to the duration of both new and existing copyrights. For those building information systems, the expansion of the material protected by intellectual property laws adds significant difficulty in obtaining permissions to use material for online delivery. Despite the flurry of activity during the dot-com era, we have not reached a consensus on a model for selling protected information. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • AI bites man? [science fiction stories]

    Page(s): 63 - 66
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (208 KB)  

    In future installments of this department we'll look at the important writers, thinkers, works, and ideas in speculative fiction that have got us thinking about the way technological change could affect our lives. This is not to imply that science fiction writers represent a particularly prescient bunch-I think the norm is ray guns and spaceships-but when they're good, they're very good. And whatever gets us thinking is good. To get started, let's take a look at some of the key subgenres and eras in science fiction's history. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Software protection: security's last stand?

    Page(s): 95 - 98
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (223 KB)  

    Given that application software protection is necessary, what form and function should it take? There are three principal forms of protection: watermarking, obfuscation, and application performance degradation. These techniques perform three main functions: detection of attempts to pirate, misuse, or tamper with software, protection of software against those attempts, and alteration of the software to ensure that its functionality degrades in an undetectable manner if protection fails. These defenses are required on hardware ranging from single processors to small computer clusters to traditional supercomputers to wide-area distributed computing. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Validation of sensor alert correlators

    Page(s): 46 - 56
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (366 KB)  

    The authors describe the first experimental validation of correlation systems with the goal of assessing the overall progress in the field. Their experiment set out to measure the collective ability of correlators to recognize cyber attacks and designate their targets. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Inside the Windows security push

    Page(s): 57 - 61
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (334 KB)  

    The Microsoft Windows development team spent two months in 2002 analyzing product design, code, and documentation to fix security issues. The results of this security push include a new process and several lessons learned for future projects. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Software security for open-source systems

    Page(s): 38 - 45
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (452 KB)  

    Debate over whether open-source software development leads to more or less secure software has raged for years. Neither is intrinsically correct: open-source software gives both attackers and defenders greater power over system security. Fortunately, several security-enhancing technologies for open-source systems can help defenders improve their security. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu