By Topic

IEEE Security & Privacy

Issue 2 • Date Mar-Apr 2004

Filter Results

Displaying Results 1 - 25 of 30
  • Newsbriefs

    Publication Year: 2004, Page(s):14 - 15
    Request permission for commercial reuse | PDF file iconPDF (201 KB) | HTML iconHTML
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Don't bring a knife to a gunfight

    Publication Year: 2004, Page(s): 5
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (224 KB) | HTML iconHTML

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Honeywall CD-ROM

    Publication Year: 2004, Page(s):77 - 79
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (560 KB) | HTML iconHTML

    The Honeynet Project is a non-profit research organization of security professionals dedicated to information security on the Internet. For more than a year, Honeynet Project members have been quietly developing a tool to make honeynets faster to deploy and easier to maintain. The tool, called the Honeywall CD-ROM, is a bootable CD capable of installing and configuring a honeywall (the honeynet's ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Security & Privacy Society Staff

    Publication Year: 2004, Page(s): 4
    Request permission for commercial reuse | PDF file iconPDF (181 KB)
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information leakage caused by hidden data in published documents

    Publication Year: 2004, Page(s):23 - 27
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (303 KB) | HTML iconHTML

    This article demonstrates mining for hidden text in published data and concludes that user behavior - in combination with default program settings - creates an uncomfortable state of affairs for Microsoft Word users concerned about information security. The article also presents some countermeasures. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The cost of convenience: a faustian deal [computer security]

    Publication Year: 2004, Page(s):84 - 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (265 KB) | HTML iconHTML

    The greatest threat to security is not privacy but convenience. If I send an email unencrypted, for example, I do so because I don't want to bother with encryption; for this convenience, I compromise both security and privacy. If I elect to double-talk around a sensitive subject over an insecure telephone connection rather than going some place with a secure phone, the cost again is compromised se... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The power of candy-coated bits [security]

    Publication Year: 2004, Page(s):69 - 72
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (250 KB) | HTML iconHTML

    Database administrators of the world guard the heart and soul of their businesses: information about customers, employees, orders, accounts receivable, and any other bits that keep a business running. They must build systems that serve up this data to the right people while locking out everyone else. Every so often, sometimes as often as several times a day, the programmers of the world salute the... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Teaching robust programming

    Publication Year: 2004, Page(s):54 - 57
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (534 KB) | HTML iconHTML

    Robust programming aims to prevent abnormal termination or unexpected actions and requires code to handle bad (invalid or absurd) inputs in a way that is consistent with the developer's intent. For example, if an internal error occurs, the program might terminate gracefully rather than simply failing, providing enough information for the programmer to debug the program and avoiding giving the user... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A warranty of cyberworthiness

    Publication Year: 2004, Page(s):73 - 76
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (327 KB) | HTML iconHTML

    It is argued that before customers will purchase and use new, expansive, and ubiquitous computing products, they want reliable assurances that the processing software will protect sensitive and confidential data entrusted to it. Unfortunately, if security warranties were to be added to a software license, they would appear too absolute and unlimited. Currently,software makers resist offering cyber... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ACM computer and communication security conference

    Publication Year: 2004, Page(s):46 - 47
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (209 KB) | HTML iconHTML

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy debate centers on radio frequency identification

    Publication Year: 2004
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (201 KB) | HTML iconHTML

    The emergence of radio frequency identification (RFID) has brought with it a plethora of privacy concerns and experts are questioning whether the hoopla surrounding RFID is justified. Using RFID should trigger the same privacy concerns as other commonly used technology such as credit cards, cell phones, and the Internet. RFID's potential to revolutionize the retail industry by maximizing suppliers... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Susceptibility matrix: a new aid to software auditing

    Publication Year: 2004, Page(s):16 - 21
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (382 KB) | HTML iconHTML

    Testing for security is lengthy, complex, and costly, so focusing test efforts in areas that have the greatest number of security vulnerabilities is essential. This article describes a taxonomy-based approach that gives an insight into the distribution of vulnerabilities in a system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Interface

    Publication Year: 2004, Page(s):6 - 7
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (205 KB) | HTML iconHTML

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Software security

    Publication Year: 2004, Page(s):80 - 83
    Cited by:  Papers (90)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (268 KB) | HTML iconHTML

    Software security is the idea of engineering software so that it continues to function correctly under malicious attack. Most technologists acknowledge this undertaking's importance, but they need some help in understanding how to tackle it. The article aims to provide that help by exploring software security best practices. A central and critical aspect of the computer security problem is a softw... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protecting privacy, in continuous location-tracking applications

    Publication Year: 2004, Page(s):28 - 34
    Cited by:  Papers (64)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (763 KB) | HTML iconHTML

    Although some users might willingly subscribe to location-tracking services, few would be comfortable having their location known in all situations. The authors investigate disclosure-control algorithms that hide users' positions in sensitive areas and withhold path information that indicates which areas they have visited. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Regulation and information security: can Y2K lessons help us?

    Publication Year: 2004, Page(s):58 - 61
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (236 KB) | HTML iconHTML

    A recent rash of crippling worms and viruses, coupled with the continued threat of a serious cyberattack on the information infrastructure, has once again elevated the notion of USA Federally mandated security regulation to the forefront. Will regulation solve this problem? What has regulation done to help in the past? Why are technologists wary of regulation? These are some of the questions explo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • RFID privacy workshop

    Publication Year: 2004, Page(s):48 - 50
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (286 KB) | HTML iconHTML

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hacking for understanding [Book Review]

    Publication Year: 2004, Page(s): 8
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (190 KB) | HTML iconHTML

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Financial privacy policies and the need for standardization

    Publication Year: 2004, Page(s):36 - 45
    Cited by:  Papers (43)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (523 KB) | HTML iconHTML

    The authors analyze 40 online privacy policy documents from nine financial institutions to examine their clarity and readability. Their findings show that compliance with the existing legislation and standards is, at best, questionable. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How useful are attack trend resources?

    Publication Year: 2004, Page(s):9 - 11
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (635 KB) | HTML iconHTML

    The number of virus and worm reports and security bulletins documenting these trends has multiplied. However, despite all this information, does anyone actually know how many vulnerabilities and attacks truly exist? Analysts who follow these trends say that the rise in reports is simply due to more people monitoring networks for vulnerabilities. Other causes are the recent, rapid expansion in "alw... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Security & Privacy - Front cover

    Publication Year: 2004, Page(s): 0_1
    Request permission for commercial reuse | PDF file iconPDF (992 KB)
    Freely Available from IEEE
  • Carnegie Mellon symposium on cybersecurity policy

    Publication Year: 2004, Page(s): 0_2
    Request permission for commercial reuse | PDF file iconPDF (519 KB)
    Freely Available from IEEE
  • IEEE Security & Privacy Table of contents

    Publication Year: 2004, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (594 KB)
    Freely Available from IEEE
  • Call for Papers

    Publication Year: 2004, Page(s): 3
    Request permission for commercial reuse | PDF file iconPDF (186 KB)
    Freely Available from IEEE
  • Carnegie Mellon hosts first cybersecurity journalism awards

    Publication Year: 2004, Page(s):12 - 13
    Request permission for commercial reuse | PDF file iconPDF (553 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu