By Topic

IEEE Security & Privacy

Issue 6 • Date Nov.-Dec. 2004

Filter Results

Displaying Results 1 - 20 of 20
  • [Front cover]

    Publication Year: 2004, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (935 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2004, Page(s): 2
    Request permission for commercial reuse | PDF file iconPDF (579 KB)
    Freely Available from IEEE
  • Security Alchemy

    Publication Year: 2004, Page(s): 5
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (71 KB) | HTML iconHTML

    For several centuries, alchemists searched for the Philosopher's Stone-the elusive substance that could transmute common lead into gold. Over the past 50 years, a new kind of alchemy has emerged. Its Philosopher's Stone is the computing technology that can transmute ordinary individuals into singular experts in a specific domain. Editor in chief George Cybenko looks at this phenomena in the securi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Masthead

    Publication Year: 2004, Page(s): 6
    Request permission for commercial reuse | PDF file iconPDF (32 KB)
    Freely Available from IEEE
  • Privacy Law Resource for Students and Professionals

    Publication Year: 2004, Page(s): 7
    Request permission for commercial reuse | PDF file iconPDF (45 KB) | HTML iconHTML
    Freely Available from IEEE
  • Timetable set for better intelligence network

    Publication Year: 2004, Page(s):8 - 9
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (272 KB) | HTML iconHTML

    The USA government's executive and legislative branches have quickly heeded recommendations from the National Commission on Terrorist Attacks Upon the United States (the "9/11 Commission") to improve information-sharing capabilities between federal agencies and among federal, state, and local officials. Both the legislative and executive branches have for the first time established firm deadlines ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Inside JetBlue's privacy policy violations

    Publication Year: 2004, Page(s):12 - 18
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (288 KB) | HTML iconHTML

    JetBlue Airways (JetBlue) gave five million customers' travel records to a USA Department of Defense contractor. The authors' analysis reveals that JetBlue's privacy policy might pose additional significant threats to customer privacy and that the USA Department of Homeland Security anti-terrorism exercise has adversely affected personal privacy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy-preserving data mining: why, how, and when

    Publication Year: 2004, Page(s):19 - 27
    Cited by:  Papers (29)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (376 KB) | HTML iconHTML

    Data mining is under attack from privacy advocates because of a misunderstanding about what it actually is and a valid concern about how it is generally done. This article shows how technology from the security community can change data mining for the better, providing all its benefits while still maintaining privacy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Certifying open source - the Linux experience

    Publication Year: 2004, Page(s):28 - 33
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (192 KB) | HTML iconHTML

    The Common Criteria is an international standard for evaluating the security functions of IT products. The authors describe how they obtained this security certification for Linux, the first open-source product to receive such certification. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Data obfuscation: anonymity and desensitization of usable data sets

    Publication Year: 2004, Page(s):34 - 41
    Cited by:  Papers (11)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (240 KB) | HTML iconHTML

    In some domains, the need for data privacy and data sharing conflict. Data obfuscation addresses this dilemma by extending several existing technologies and defining obfuscation properties that quantify the technologies' usefulness and privacy preservation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Kerf toolkit for intrusion analysis

    Publication Year: 2004, Page(s):42 - 52
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (856 KB) | HTML iconHTML

    Network-based intrusions have become a significant security concern. To aid system administrators with post-attack intrusion analysis, the Kerf toolkit provides an integrated front end and powerful correlation and data-representation tools, all in one package. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Academic degrees and professional certification

    Publication Year: 2004, Page(s):56 - 58
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (56 KB) | HTML iconHTML

    We ask how one should invest one's time and money in a lifelong learning program, and if hiring personnel, what training and expertise should be looked for. In this article, we discuss general professional certifications and compare and contrast them with a bachelor's degree to help decide which is most appropriate. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Risk-based systems security engineering: stopping attacks with intention

    Publication Year: 2004, Page(s):59 - 62
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (192 KB) | HTML iconHTML

    In most modern information systems (IS), functionality and security are competing design goals. Therefore, system designers are constantly forced to make security-related trade-off decisions. Systems security engineers must build systems that are secure against real-world attacks without overengineering against any particular one. By understanding which attacks are most likely and which risks are ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Building more secure software with improved development processes

    Publication Year: 2004, Page(s):63 - 65
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (67 KB) | HTML iconHTML

    The author draws on experiences gained as a member of Microsoft's central security team to outline some basic best practices for the software development process. These practices benefitted Microsoft products released since the inception of its Trustworthy Computing initiative in 2002. The points are a subset of the security development lifecycle process implemented at Microsoft. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Interface illusions

    Publication Year: 2004, Page(s):66 - 69
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (368 KB) | HTML iconHTML

    Phishing (the act of conning a person into divulging sensitive information) commonly uses legitimate-looking Web sites that mimic the online interface of the institution the attacker is misrepresenting (usually a bank, merchant, or ISP). One way users can tell they are viewing a false Web site is to check the Web browser's address bar: the URL should match that of the actual institution, barring a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How to win an evolutionary arms race

    Publication Year: 2004, Page(s):70 - 72
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (62 KB) | HTML iconHTML

    To keep up with malware writers, software producers in both the commercial and open-source software worlds have adopted various automatic software update mechanisms. Some of these mechanisms distribute updates after requesting a user's permission; others install updates automatically. Although such systems provide some short-term relief, they will likely soon become ineffective, and further, they ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using honeynets to protect large enterprise networks

    Publication Year: 2004, Page(s):73 - 75
    Cited by:  Papers (8)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (272 KB) | HTML iconHTML

    Network administrators use several methods to protect their network. Installing a honeynet within large enterprise networks provides an additional security tool. Honeynets complement the use of firewalls and IDS and help overcome some of the shortcomings inherent in those systems. In addition, honeynets can also serve as platforms for conducting computer security research and education. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Static analysis for security

    Publication Year: 2004, Page(s):76 - 79
    Cited by:  Papers (45)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (144 KB) | HTML iconHTML

    All software projects are guaranteed to have one artifact in common $source code. Together with architectural risk analysis, code review for security ranks very high on the list of software security best practices. We look at how to automate source-code security analysis with static analysis tools. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • 2004 Annual Index

    Publication Year: 2004, Page(s):80 - 85
    Request permission for commercial reuse | PDF file iconPDF (936 KB)
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enhancing Security: Not for the Conformist

    Publication Year: 2004, Page(s):88 - 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (584 KB) | HTML iconHTML

    Because of the power and sophistication of vulnerability-exploitation efforts, security requires a thorough schooling in technology, but that is far from enough. Security, or more accurately, relative trust, is not a "thing" but an end result that comes only from critical thinking. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu