By Topic

Security & Privacy, IEEE

Issue 2 • Date Mar-Apr 2004

Filter Results

Displaying Results 1 - 25 of 30
  • Financial privacy policies and the need for standardization

    Publication Year: 2004 , Page(s): 36 - 45
    Cited by:  Papers (19)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (523 KB) |  | HTML iconHTML  

    The authors analyze 40 online privacy policy documents from nine financial institutions to examine their clarity and readability. Their findings show that compliance with the existing legislation and standards is, at best, questionable. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The power of candy-coated bits [security]

    Publication Year: 2004 , Page(s): 69 - 72
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (250 KB) |  | HTML iconHTML  

    Database administrators of the world guard the heart and soul of their businesses: information about customers, employees, orders, accounts receivable, and any other bits that keep a business running. They must build systems that serve up this data to the right people while locking out everyone else. Every so often, sometimes as often as several times a day, the programmers of the world salute these administrators with a software update that plugs some holes. Then, they release a new update that patches the holes created by the first old patch. And, occasionally, the programmers ship yet another patch to plug the holes opened by the patch meant to close the holes in the first patch. This scenario is life under the fortress model of system security, and this model is growing increasingly fragile. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Susceptibility matrix: a new aid to software auditing

    Publication Year: 2004 , Page(s): 16 - 21
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (382 KB) |  | HTML iconHTML  

    Testing for security is lengthy, complex, and costly, so focusing test efforts in areas that have the greatest number of security vulnerabilities is essential. This article describes a taxonomy-based approach that gives an insight into the distribution of vulnerabilities in a system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hacking for understanding [Book Review]

    Publication Year: 2004 , Page(s): 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (190 KB) |  | HTML iconHTML  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • RFID privacy workshop

    Publication Year: 2004 , Page(s): 48 - 50
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (286 KB) |  | HTML iconHTML  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ACM computer and communication security conference

    Publication Year: 2004 , Page(s): 46 - 47
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (209 KB) |  | HTML iconHTML  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A warranty of cyberworthiness

    Publication Year: 2004 , Page(s): 73 - 76
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (327 KB) |  | HTML iconHTML  

    It is argued that before customers will purchase and use new, expansive, and ubiquitous computing products, they want reliable assurances that the processing software will protect sensitive and confidential data entrusted to it. Unfortunately, if security warranties were to be added to a software license, they would appear too absolute and unlimited. Currently,software makers resist offering cybersecurity warranties, and will continue to do so if the only one they consider is the unattainable absolute security they can't, in good faith, cover with an unlimited warranty. But what if the warranty were something less ambitious, more immediately attainable, and more beneficial (for both customers and makers)? The article explores the possibilities of a written warranty that vouches for an applications capabilities to protect confidential information from unauthorized access from, or disclosure to, cyberspace, a warranty of cyberworthiness. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The cost of convenience: a faustian deal [computer security]

    Publication Year: 2004 , Page(s): 84 - 87
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (265 KB) |  | HTML iconHTML  

    The greatest threat to security is not privacy but convenience. If I send an email unencrypted, for example, I do so because I don't want to bother with encryption; for this convenience, I compromise both security and privacy. If I elect to double-talk around a sensitive subject over an insecure telephone connection rather than going some place with a secure phone, the cost again is compromised security and privacy. The sloppy use of many technologies of convenience reduces our privacy, which, in turn, leaves us more vulnerable to such serious threats as stalking, identity theft, intellectual property theft, and even espionage (both industrial and conventional). The problem is not with the technologies themselves but with our unwillingness to take the requisite precautions when using them. This generally results from a lack of awareness about the risks involved. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy debate centers on radio frequency identification

    Publication Year: 2004
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (201 KB) |  | HTML iconHTML  

    The emergence of radio frequency identification (RFID) has brought with it a plethora of privacy concerns and experts are questioning whether the hoopla surrounding RFID is justified. Using RFID should trigger the same privacy concerns as other commonly used technology such as credit cards, cell phones, and the Internet. RFID's potential to revolutionize the retail industry by maximizing suppliers' ability to control inventory and reduce theft is widely recognized. In fact, some technology forecasters predict that RFID tags will eventually replace bar codes on almost all product packaging. The privacy debate centers around RFID tags themselves, which function like tiny radios, wirelessly transmitting information to network receivers. If RFID tags were to remain active even after consumers complete their purchases and exit stores, their wireless technology would let the stores track consumers' movement and behavior; or so goes the argument. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Don't bring a knife to a gunfight

    Publication Year: 2004 , Page(s): 5
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (224 KB) |  | HTML iconHTML  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protecting privacy, in continuous location-tracking applications

    Publication Year: 2004 , Page(s): 28 - 34
    Cited by:  Papers (40)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (763 KB) |  | HTML iconHTML  

    Although some users might willingly subscribe to location-tracking services, few would be comfortable having their location known in all situations. The authors investigate disclosure-control algorithms that hide users' positions in sensitive areas and withhold path information that indicates which areas they have visited. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information leakage caused by hidden data in published documents

    Publication Year: 2004 , Page(s): 23 - 27
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (303 KB) |  | HTML iconHTML  

    This article demonstrates mining for hidden text in published data and concludes that user behavior - in combination with default program settings - creates an uncomfortable state of affairs for Microsoft Word users concerned about information security. The article also presents some countermeasures. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Software security

    Publication Year: 2004 , Page(s): 80 - 83
    Cited by:  Papers (53)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (268 KB) |  | HTML iconHTML  

    Software security is the idea of engineering software so that it continues to function correctly under malicious attack. Most technologists acknowledge this undertaking's importance, but they need some help in understanding how to tackle it. The article aims to provide that help by exploring software security best practices. A central and critical aspect of the computer security problem is a software problem. Software defects with security ramifications, including implementation bugs such as buffer overflows and design flaws such as inconsistent error handling, promise to be with us for years. All too often, malicious intruders can hack into systems by exploiting software defects. Internet-enabled software applications present the most common security risk encountered today, with software's ever-expanding complexity and extensibility adding further fuel to the fire. By any measure, security holes in software are common, and the problem is growing. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Regulation and information security: can Y2K lessons help us?

    Publication Year: 2004 , Page(s): 58 - 61
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (236 KB) |  | HTML iconHTML  

    A recent rash of crippling worms and viruses, coupled with the continued threat of a serious cyberattack on the information infrastructure, has once again elevated the notion of USA Federally mandated security regulation to the forefront. Will regulation solve this problem? What has regulation done to help in the past? Why are technologists wary of regulation? These are some of the questions explored in this article. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Security & Privacy Society Staff

    Publication Year: 2004 , Page(s): 4
    Save to Project icon | Request Permissions | PDF file iconPDF (181 KB)  
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Honeywall CD-ROM

    Publication Year: 2004 , Page(s): 77 - 79
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (560 KB) |  | HTML iconHTML  

    The Honeynet Project is a non-profit research organization of security professionals dedicated to information security on the Internet. For more than a year, Honeynet Project members have been quietly developing a tool to make honeynets faster to deploy and easier to maintain. The tool, called the Honeywall CD-ROM, is a bootable CD capable of installing and configuring a honeywall (the honeynet's control center) in a matter of minutes. Although the Honeywall CD-ROM's designers initially created it to facilitate honeynet deployments, the CD-ROM is customizable for use outside the honeynet environment to bolster the defense of production networks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How useful are attack trend resources?

    Publication Year: 2004 , Page(s): 9 - 11
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (635 KB) |  | HTML iconHTML  

    The number of virus and worm reports and security bulletins documenting these trends has multiplied. However, despite all this information, does anyone actually know how many vulnerabilities and attacks truly exist? Analysts who follow these trends say that the rise in reports is simply due to more people monitoring networks for vulnerabilities. Other causes are the recent, rapid expansion in "always on" broadband access on devices used by unsophisticated users at the very edge of the network, and the automated tools that malware creators use to take advantage of these often unguarded connections. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Teaching robust programming

    Publication Year: 2004 , Page(s): 54 - 57
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (534 KB) |  | HTML iconHTML  

    Robust programming aims to prevent abnormal termination or unexpected actions and requires code to handle bad (invalid or absurd) inputs in a way that is consistent with the developer's intent. For example, if an internal error occurs, the program might terminate gracefully rather than simply failing, providing enough information for the programmer to debug the program and avoiding giving the user additional access or information. This article focuses on teaching these principles. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Newsbriefs

    Publication Year: 2004 , Page(s): 14 - 15
    Save to Project icon | Request Permissions | PDF file iconPDF (201 KB) |  | HTML iconHTML  
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Interface

    Publication Year: 2004 , Page(s): 6 - 7
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (205 KB) |  | HTML iconHTML  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Security & Privacy - Front cover

    Publication Year: 2004 , Page(s): 0_1
    Save to Project icon | Request Permissions | PDF file iconPDF (992 KB)  
    Freely Available from IEEE
  • Carnegie Mellon symposium on cybersecurity policy

    Publication Year: 2004 , Page(s): 0_2
    Save to Project icon | Request Permissions | PDF file iconPDF (519 KB)  
    Freely Available from IEEE
  • IEEE Security & Privacy Table of contents

    Publication Year: 2004 , Page(s): 1 - 2
    Save to Project icon | Request Permissions | PDF file iconPDF (594 KB)  
    Freely Available from IEEE
  • Call for Papers

    Publication Year: 2004 , Page(s): 3
    Save to Project icon | Request Permissions | PDF file iconPDF (186 KB)  
    Freely Available from IEEE
  • Carnegie Mellon hosts first cybersecurity journalism awards

    Publication Year: 2004 , Page(s): 12 - 13
    Save to Project icon | Request Permissions | PDF file iconPDF (553 KB)  
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu