By Topic

Security & Privacy, IEEE

Issue 3 • Date May-June 2003

Filter Results

Displaying Results 1 - 17 of 17
  • Full text access may be available. Click article title to sign in or learn about subscription options.
  • Spyware: Menace, nuisance, or both?

    Page(s): 10 - 11
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (269 KB)  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computer security: Art and science [Book Review]

    Page(s): 14
    Save to Project icon | Request Permissions | PDF file iconPDF (179 KB)  
    Freely Available from IEEE
  • Hey, robot!

    Page(s): 51 - 55
    Save to Project icon | Request Permissions | PDF file iconPDF (572 KB)  
    Freely Available from IEEE
  • The case for software warranties

    Page(s): 80 - 82
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (190 KB)  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Full text access may be available. Click article title to sign in or learn about subscription options.
  • Guilty until proven innocent?

    Page(s): 88 - 87
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (329 KB)  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Who watches the security educators?

    Page(s): 56 - 58
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (386 KB)  

    Security knowledge in all fields has historically been a double-edged sword. The information that makes it possible to protect a system, an activity, or a person, is also the information that can be used to harm that system, chat activity, that person. How knowledge is used, and the opinions of who ever is judging that use, makes the difference. The debate regarding appropriate teaching philosophies for security educators is a longstanding one, with modern battle lines drawn primarily around two philosophies efense assurance and attack understanding. Most educators fall somewhere in between these perspectives. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Masks: bringing anonymity and personalization together

    Page(s): 18 - 23
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (651 KB)  

    Unlike most privacy tools, the Masks framework gives Web sites general information to personalize services without compromising the user's anonymity. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Understanding trusted computing: will its benefits outweigh its drawbacks?

    Page(s): 60 - 62
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (238 KB)  

    The Trusted Computing Platform Architecture (TCPA) and the Microsoft's Palladium have similar (though not identical) architectures and similar goals. Both systems are part of a more general approach called trusted computing (TC). In this article the author introduces TC's basic concepts and discusses their implications. However, the individual proposals are still in flux and some kind of convergence between them seems likely, so he only discusses the general features of TC. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Poisoning the software supply chain

    Page(s): 70 - 73
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (492 KB)  

    To the indiscriminate and opportunistic attacker, breaking into a software package's development and distribution site and waiting until unsuspecting users install it is more efficient than locating and hacking into users' systems individually. Starting in 2002 and continuing in to 2003, we've seen new emphasis on this type of attack. All the recent activity has showcased the trend that attacks against open-source software distribution sites are increasing. The author looks at how softwares distribution-both open source and proprietary-can invite attacks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Slow dancing [security issues]

    Page(s): 67 - 68
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (185 KB)  

    Lately, the tectonic forces that move large governmental and private organizations seem to be carrying them in the same direction on security and privacy issues. However, given the overall complexity, the difficulty in finding common ground among stakeholders, and the case with which economic and political priorities can overshadow small progress in achieving security and privacy awareness (let alone improvements), we should not harbor unrealistic expectations about significant Success in the near future. The fragility of some of the enterprises involved is also an important factor: it will take sustained commitment from heavyweights in government and industry to make any real progress. Strong, sustainable leadership, forward-looking government policies, and a private sector that is willing to put flesh on the bones of some of its proposals are essential to transforming security and privacy into societal enablers rather than dead weight that stifles opportunity. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IP traceback: a new denial-of-service deterrent?

    Page(s): 24 - 31
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (502 KB)  

    The increasing frequency of malicious computer attacks on government agencies and Internet businesses has caused severe economic waste and unique social threats. IP traceback-the ability to trace IP packets to their origins-is a significant step toward identifying, and thus stopping, attackers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hide and seek: an introduction to steganography

    Page(s): 32 - 44
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (655 KB)  

    Although people have hidden secrets in plain sight-now called steganography-throughout the ages, the recent growth in computational power and technology has propelled it to the forefront of today's security techniques. Essentially, the information-hiding process in a steganographic system starts by identifying a cover medium's redundant bits (those that can be modified without destroying that medium's integrity). The embedding process creates a stego medium by replacing these redundant bits with data from the hidden message. This article discusses existing steganographic systems and presents recent research in detecting them via statistical steganalysis. Here, we present recent research and discuss the practical application of detection algorithms and the mechanisms for getting around them. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward reliable user authentication through biometrics

    Page(s): 45 - 49
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (260 KB)  

    Biometric authentication systems identify users by their measurable human characteristics. Although biometrics promise greater system security because identifying characteristics are tied to specific users, many issues remain unresolved. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The good, the bad, and the ugly: what might change if we had good DRM

    Page(s): 63 - 66
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1206 KB)  

    Various vendors claim to have solved the online piracy problem in manners that can enable the safe sale of information to Web users. The technologies they sell include watermarking, hardware key "dongles", encryption and monitoring. The major place people worry about digital rights management's (DRM) impact is with existing Web sites that provide free information. Whatever benefits it might bring, DRM software's downside will undoubtedly include the collection of large amounts of user data that could prove valuable to marketers, snoopers, and others besides those who sell online content. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Humans in the loop: human-computer interaction and security

    Page(s): 75 - 79
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (215 KB)  

    The security field suffers from an endemic problem: despite our best efforts, the current infrastructure is continually full of security vulnerabilities. The systems that comprise this infrastructure also are full of boundaries and interfaces where humans and systems must interact: most secure systems exist to serve human users and carry out human-oriented processes, and are designed and built by humans. From the perspective of the human-computer interaction (HCO community), many of these interfaces do not reflect good thinking on how to make them easy to use in a manner that results in security. From the perspective of the security community, many widespread security problems arguably might stem from bad interaction between humans and systems. I recently attended a workshop (ACM/CHI 2003 Workshop on Human-Computer Interaction and Security Systems) that tried to bring together these communities to trigger further inquiry into this area. In this article, I want to discuss the workshop and how the thinking there applies to the secure systems topic this department addresses. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu