Scheduled System Maintenance:
Some services will be unavailable Sunday, March 29th through Monday, March 30th. We apologize for the inconvenience.
By Topic

Security & Privacy, IEEE

Issue 2 • Date March-April 2003

Filter Results

Displaying Results 1 - 15 of 15
  • Privacy Concerns

    Publication Year: 2003 , Page(s): 11 - 13
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (190 KB) |  | HTML iconHTML  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Post-apocalypse now

    Publication Year: 2003 , Page(s): 53 - 55
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (243 KB) |  | HTML iconHTML  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Engineering or sloganeering? the counterattack on privacy

    Publication Year: 2003 , Page(s): 84 - 87
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (230 KB) |  | HTML iconHTML  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Locks and full disclosure

    Publication Year: 2003 , Page(s): 88
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (165 KB) |  | HTML iconHTML  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Teaching students to design secure systems

    Publication Year: 2003 , Page(s): 56 - 58
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (201 KB) |  | HTML iconHTML  

    The pedagogy used to teach computer security to students new to the field is usually handled by a one- or two-course augmentation to an existing curriculum. Furthermore, the courses tend to be technology-centric and often do not uncover the underlying processes that students can transfer to new situations. In this article, we look more closely at determining an appropriate scope and sequence for information assurance (IA) and briefly describe a project whose goal is the articulation of an IA curriculum. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Biometric recognition: security and privacy concerns

    Publication Year: 2003 , Page(s): 33 - 42
    Cited by:  Papers (134)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (552 KB) |  | HTML iconHTML  

    Biometrics offers greater security and convenience than traditional methods of personal recognition. In some applications, biometrics can replace or supplement the existing technology. In others, it is the only viable approach. But how secure is biometrics? And what are the privacy implications?. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • From the ground up: the DIMACS software security workshop

    Publication Year: 2003 , Page(s): 59 - 66
    Cited by:  Papers (13)  |  Patents (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (309 KB) |  | HTML iconHTML  

    The DIMACS Software Security Workshop held in New Jersey explored issues such as security engineering, architecture and implementation risks, security analysis, mobile and malicious code, education and training, and open research issues. Many promising techniques have grown from connections between computer security, programming languages, and software engineering, and one workshop goal was to bring these communities closer together to crystallize the software security subfield. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Selecting the Advanced Encryption Standard

    Publication Year: 2003 , Page(s): 43 - 52
    Cited by:  Papers (15)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (346 KB) |  | HTML iconHTML  

    The USA National Institute of Standards and Technology selected the Advanced Encryption Standard, a new standard symmetric key encryption algorithm, from 15 qualifying algorithms. NIST has also made efforts to update and extend their standard cryptographic modes of operation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Copyright enforcement or censorship: new uses for the DMCA?

    Publication Year: 2003 , Page(s): 67 - 69
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (247 KB) |  | HTML iconHTML  

    Section 512 of the Digital Millennium Copyright Act (DMCA) has a provision that protects ISPs from liability for transmitting copyright violations-as long as they have and follow a process for removing infringements when notified of them. Given the DMCA's wording, any attempt to be sure that we will know in the future what was said today will depend on clarifying the rights and responsibilities of libraries and the archive organizations that have traditionally maintained historical records; the special status of the US Library of Congress and the US National Archives and Records Administration might be of use here. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Rights amplification in master-keyed mechanical locks

    Publication Year: 2003 , Page(s): 24 - 32
    Cited by:  Papers (2)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (760 KB) |  | HTML iconHTML  

    This article examines mechanical lock security from a computer-science and cryptology perspective, focusing on new and practical attacks for amplifying rights in master-keyed mechanical pin tumbler locks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Moving forward? [digital security]

    Publication Year: 2003 , Page(s): 70 - 71
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (185 KB) |  | HTML iconHTML  

    The US government and the European Commission recently made major Cyber security policy pronouncements in their attempts to achieve the right mix. The US strategy states that the newly created Department of Homeland Security will become a federal center of excellence for Cyber security, providing a focal point for federal outreach to state and local authorities, nongovernmental organizations, the private sector, academia, and the public. The EC proposal would establish a European Network and Information Security Agency to serve as a center of competence where both member states and European Union (EU) institutions could seek advice on Cyber security-related matters. The author compares and contrasts these Cyber security documents, recognizing that only time will reveal the differences in execution and effectiveness between the strategies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The weakest link revisited [information security]

    Publication Year: 2003 , Page(s): 72 - 76
    Cited by:  Papers (8)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (527 KB) |  | HTML iconHTML  

    It is a common saying that a chain is only as strong as its weakest link-a phrase information security officers, IT managers, consultants, researchers, journalists, and opinion makers reiterate ad nauseam when referring to an organization's information security posture. Most in the information security community would agree that a security architecture is only as strong as its weakest link. However, they usually cannot agree on what that is, and no expert risks making a definite statement about it. We can argue that a security strategy's weakest component will vary from one organization to in other but perhaps we should compare past perceptions of what a weakest link is to what it could well be in the near future. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Honeynet Project: trapping the hackers

    Publication Year: 2003 , Page(s): 15 - 23
    Cited by:  Papers (34)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (621 KB) |  | HTML iconHTML  

    What specific threats do computer networks face from hackers? Who's perpetrating these threats and how? The Honeynet Project is an organization dedicated to answering these questions. It studies the bad guys and shares the lessons learned. The group gathers information by deploying networks (called honeynets) that are designed to be compromised. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Why secure applications are difficult to write

    Publication Year: 2003 , Page(s): 81 - 83
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (305 KB)  

    The author categorizes application security concerns into four specific issues: input streams, output production, internal data, and algorithms and computation. The first two concerns - input and output - are related to the environment in which applications execute. The last two - data and algorithms - are related to an application's awareness of its own internal secrets. Those secrets could be the data an application stores or the algorithm it uses to perform its work. All four issues relate to awareness: secure software must always be aware of what is going on, both inside its perimeter and out to respond effectively to malicious threats. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Patient privacy in electronic prescription transfer

    Publication Year: 2003 , Page(s): 77 - 80
    Cited by:  Papers (8)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (213 KB) |  | HTML iconHTML  

    In paper-based prescribing in the United Kingdom's National Health Service (NHS), patients are responsible for protecting the privacy of their prescription information while it is in transit from the prescriber to the dispenser. The UK government has introduced a plan for future NHS reform that includes a change from paper-based prescribing to a national electronic transfer of prescriptions (ETP) system. This brings with it concerns for patient data privacy and questions about the burden of trust placed on professionals in the ETP system. As recently seen in the Emilio Calatayud case in the United States, systems that contain an aggregation of identifiable personal information can be abused. A similar case could result from malpractice in an ETP system. We have developed and implemented an ETP system for the UK NHS. We present our system for protecting the privacy of patient data, describe how we implemented it in Java, and discuss how others can use our system for other applications both inside and outside the healthcare sector. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu