By Topic

IEEE Security & Privacy

Issue 4 • Date July-Aug. 2004

Filter Results

Displaying Results 1 - 20 of 20
  • [Front cover]

    Publication Year: 2004, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (834 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2004, Page(s): 2
    Request permission for commercial reuse | PDF file iconPDF (287 KB)
    Freely Available from IEEE
  • From the Editors: A Witty Lesson

    Publication Year: 2004, Page(s): 5
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (54 KB) | HTML iconHTML

    Associate Editor in Chief Marc Donner examines the Witty Worm and what its existence might mean for the future of the software development infrastructure. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Masthead

    Publication Year: 2004, Page(s): 6
    Request permission for commercial reuse | PDF file iconPDF (32 KB)
    Freely Available from IEEE
  • Letters to the Editor

    Publication Year: 2004, Page(s):7 - 8
    Request permission for commercial reuse | PDF file iconPDF (239 KB) | HTML iconHTML
    Freely Available from IEEE
  • Book Reviews

    Publication Year: 2004, Page(s): 10
    Request permission for commercial reuse | PDF file iconPDF (51 KB) | HTML iconHTML
    Freely Available from IEEE
  • The delicate balance: security and privacy

    Publication Year: 2004, Page(s):12 - 13
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (84 KB) | HTML iconHTML

    The article examines the USA Patriot Act; a new push by law enforcement to wiretap voice-over-IP (VoIP) communications; and the need to prevent abuses of technology at the international level. Although the Patriot Act might be good for overall security, it raises serious privacy concerns. It is very one-sided in favoring law enforcement's ability to get information about people, without giving the... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Guest Editors' Introduction: Why Attacking Systems Is a Good Idea

    Publication Year: 2004, Page(s):17 - 19
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (256 KB) | HTML iconHTML

    The articles in this issue represent the broad range of ideas that come to mind when scientists and engineers think about attacking systems. Some approach the problem by describing technically sophisticated attacks, attack patterns, and toolkits. Others fret about the politics of security and attacks, worrying that outlawing certain kinds of software will backfire. Some describe methodologies for ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Beyond stack smashing: recent advances in exploiting buffer overruns

    Publication Year: 2004, Page(s):20 - 27
    Cited by:  Papers (38)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (384 KB) | HTML iconHTML

    Security vulnerabilities related to buffer overruns account for the largest share of CERT advisories, as well as high-profile worms - from the original Internet Worm in 1987 through Blaster's appearance in 2003. When malicious crackers discover a vulnerability, they devise exploits that take advantage of the vulnerability to attack a system. The article describes three powerful general-purpose fam... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cybercrime Treaty could chill research

    Publication Year: 2004, Page(s):28 - 32
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (160 KB) | HTML iconHTML

    Supporters of the international Cybercrime Treaty claim it will help prevent viruses and worms such as Code Red and the SQL Slammer worm. Detractors worry that it will not only suppress freedom of speech, but will also discourage research into the control of such malicious computer programs. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The appropriate use of force-on-force cyberexercises

    Publication Year: 2004, Page(s):33 - 37
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (176 KB) | HTML iconHTML

    Over time, network threats change, so a computer network defense system must be periodically tested to assess its true ability. Within the computer network arena, organizations are using cyberexercises to test reactions to security attacks and penetrations. Cyberexercises take a variety of forms; one of the most popular pits an attacking red team against network, system, and security administrator... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Taking a lesson from stealthy rootkits

    Publication Year: 2004, Page(s):38 - 45
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (232 KB) | HTML iconHTML

    Attackers use rootkits and obfuscation techniques to hide while covertly extracting information from commercial applications. The authors describe how developers can use similar obfuscation approaches to build more agile, less vulnerable software. Obfuscation deliberately transforms software into an identically functioning, but purposefully unreadable form, implemented in a high-level programming ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The spread of the Witty worm

    Publication Year: 2004, Page(s):46 - 50
    Cited by:  Papers (87)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (216 KB) | HTML iconHTML

    On Friday, 19 March 2004, at approximately 8:45 p.m. Pacific Standard Time (PST), an Internet worm began to spread, targeting a buffer overflow vulnerability in several Internet Security Systems (ISS) products, including its RealSecure Network, RealSecure Server Sensor, RealSecure Desktop, and BlackICE. The worm took advantage of a security flaw in these firewall applications that eEye Digital Sec... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Back to school [security education]

    Publication Year: 2004, Page(s):54 - 56
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (64 KB) | HTML iconHTML

    As summer draws to an end, faculty and students turn their attention to academic planning. This used to be a very tough task - faculty developed most of their materials from scratch. Now, rather than a handful of items to draw on when planning a security and privacy course, there is a plethora of sample syllabi, textbooks, and other supportive materials. The question is: where are they? For all th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Quantum cryptography

    Publication Year: 2004, Page(s):57 - 61
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (400 KB) | HTML iconHTML

    Though most people think they are science fiction, quantum cryptography systems are now operational, with prototypes protecting Internet traffic across metropolitan areas. These systems are so novel that we can consider quantum cryptography, or more properly, quantum key distribution (QKD), as the third and final insight to transform cryptography in the 20th century. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Deploying and using public key technology: lessons learned in real life

    Publication Year: 2004, Page(s):67 - 71
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (80 KB) | HTML iconHTML

    When you think of Johnson & Johnson, images of baby powder and other elements of parenting probably come to mind. The company produces all of these things, along with a wide variety of healthcare products, including pharmaceuticals and medical devices, but it actually consists of more than 200 separately operating companies. Tying together this diverse business environment is a security foundation... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Honeypot forensics part 1: analyzing the network

    Publication Year: 2004, Page(s):72 - 78
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (168 KB) | HTML iconHTML

    A major goal of honeypot research is to improve our knowledge of blackhats from two perspectives: technical and ethnological. For the former we want new ways to discover rootkits, Trojans, and potential zero-day exploits. For the latter, we want a better understanding of the areas of interest and hidden links between blackhat teams. One way to achieve these goals is to increase the verbosity of ou... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Risk analysis in software design

    Publication Year: 2004, Page(s):79 - 84
    Cited by:  Papers (13)  |  Patents (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (136 KB) | HTML iconHTML

    Risk analysis is, at best, a good general-purpose yardstick by which we can judge our security design's effectiveness. Because roughly 50 percent of security problems are the result of design flaws, performing a risk analysis at the design level is an important part of a solid software security program. Taking the trouble to apply risk-analysis methods at the design level for any application often... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Is privacy really constraining security or is this a red herring?

    Publication Year: 2004, Page(s):86 - 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (79 KB) | HTML iconHTML

    On the surface, the argument at the heart of the "security vs. privacy" debate is seductively simple: "to prevent terrorism we must empower police to monitor all online activities." However, this claim suffers two fatal logical flaws: it presumes that the proposed fix will solve the problem, and it ignores the proposal's potential for creating even more serious problems than the one it professes t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Customers, passwords, and Web sites

    Publication Year: 2004
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (68 KB) | HTML iconHTML

    Criminals follow money. Today, more and more money is on the Internet: millions of people manage their bank, PayPal, or other accounts - and even their stock portfolios - on line. It's a tempting target - if criminals can access one of these accounts, they can steal a lot of money. And almost all these accounts are protected only by passwords.The solutions are not easy. The never-ending stream of ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu