By Topic

IEEE Security & Privacy

Issue 2 • Date March-April 2005

Filter Results

Displaying Results 1 - 21 of 21
  • [Front cover]

    Publication Year: 2005, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (11010 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2005, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (430 KB)
    Freely Available from IEEE
  • What's in a Name?

    Publication Year: 2005, Page(s):4 - 5
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (896 KB) | HTML iconHTML

    The author examines the debate about Microsoft's Passport technology--it will be difficult to design a workable Internet identity framework. We’re currently trapped between Scylla and Charybdis. On one side, civil libertarians warn that a centralized authentication service comprising a concentration of power and operational and systemic risk represents an unacceptable threat to a free society... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Masthead

    Publication Year: 2005, Page(s): 6
    Request permission for commercial reuse | PDF file iconPDF (32 KB)
    Freely Available from IEEE
  • FBI's virtual case file living in limbo

    Publication Year: 2005
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (42 KB) | HTML iconHTML

    When the US Federal Bureau of Investigation (FBI) gave the green light to in information technology (IT) overhaul more than four years ago, it was bound to trigger security and privacy concerns. Yet, after recently coming under intense scrutiny from the US National Research Council, not to mention Congress, and having to shelve most, if not all, of its technological initiatives, nary a whimper is ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • News Briefs

    Publication Year: 2005, Page(s):8 - 10
    Request permission for commercial reuse | PDF file iconPDF (120 KB) | HTML iconHTML
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Crypto 2004

    Publication Year: 2005, Page(s):11 - 13
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (256 KB) | HTML iconHTML

    The International Association for Cryptologic Research (IACR; www.iacr.org) held its 24th annual International Cryptography Conference 15--19 August 2004 in Santa Barbara, California. The conference consisted of short sessions, invited talks, and presentations of conferences papers for interested attendees. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Framework to Consider

    Publication Year: 2005, Page(s): 14
    Request permission for commercial reuse | PDF file iconPDF (46 KB) | HTML iconHTML
    Freely Available from IEEE
  • Does trusted computing remedy computer security problems?

    Publication Year: 2005, Page(s):16 - 19
    Cited by:  Papers (5)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (176 KB) | HTML iconHTML

    The authors examine whether trusted computing is likely to remedy the relevant security problems in PCs. They argue that although trusted computing has some merits, it neither provides a complete remedy nor is it likely to prevail in the PC mass market. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protecting client privacy with trusted computing at the server

    Publication Year: 2005, Page(s):20 - 28
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (256 KB) | HTML iconHTML

    Current trusted-computing initiatives usually involve large organizations putting physically secure hardware on user machines, potentially violating user privacy. Yet, it's possible to exploit robust server-side secure hardware to enhance user privacy Two case studies demonstrate using secure coprocessors at the server. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Sociotechnical architecture for online privacy

    Publication Year: 2005, Page(s):29 - 39
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (304 KB) | HTML iconHTML

    Users' concerns regarding privacy issues are lowering their trust in e-services and, thus, affecting the widespread adoption of online services. To increase users' perceived control over their privacy, the authors propose a novel e-privacy architecture. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Canning SPAM: Proposed solutions to unwanted email

    Publication Year: 2005, Page(s):40 - 47
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (368 KB) | HTML iconHTML

    Unsolicited email is a major problem for anyone who transmits or receives email on a computer, telephone, or personal digital assistant. This article describes the magnitude of the problem, the reasons for proliferation, some interventions available today, and the degree to which each has been effective. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Technology education at the US Military Academy

    Publication Year: 2005, Page(s):49 - 53
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (320 KB) | HTML iconHTML

    While advances in, and diverse applications of, technology are revolutionizing our way of life, they also expose us to numerous new threats. We must understand how these highly complicated and interconnected systems work, as well as how to employ and protect them. With these concerns in mind, USMA recently added a specific academic goal of ensuring that graduates can understand and apply informati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Methodological foundations: enabling the next generation of security

    Publication Year: 2005, Page(s):54 - 57
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (288 KB) | HTML iconHTML

    The promise of breakthroughs in computer security - experimental test beds, insider-detection advancements, biometrics, and user interfaces that are robust to human error-will remain empty as long as methodological details trail the hype. A few selected issues - operational definitions, reliability, internal validity, and external validity - serve to illustrate common sources of experimental error... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Violating assumptions with fuzzing

    Publication Year: 2005, Page(s):58 - 62
    Cited by:  Papers (46)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (376 KB) | HTML iconHTML

    Fuzzing is a highly automated testing technique that covers numerous boundary cases using invalid data (from files, network protocols, API calls, and other targets) as application input to better ensure the absence of exploitable vulnerabilities. Fuzzing lets developers or quality assurance (QA) teams test large numbers of boundary cases when doing so with techniques such as functional testing wou... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Worm propagation and generic attacks

    Publication Year: 2005, Page(s):63 - 65
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (560 KB) | HTML iconHTML

    The defining task of propagating malicious code is to locate new targets to attack. Viruses search for files in a computer system to which to attach, whereas worms search for new targets to which to transmit themselves. Depending on their method of transmission, malicious code writers have developed different strategies for finding new victims. Worms transmitted via email have had great success pr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Turing is from Mars, Shannon is from Venus: computer science and computer engineering

    Publication Year: 2005, Page(s):66 - 69
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (760 KB) | HTML iconHTML

    When thinking about systems, it's tempting to only envision computational elements such as machines, operating systems, and programming languages, or human elements such as user interfaces, business practices, and public policy. However, to mangle an analogy from physics, the observer is also part of the system. When reasoning about or designing (or breaking into) secure systems, it's important to... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Averting security missteps in outsourcing

    Publication Year: 2005, Page(s):70 - 73
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (74 KB) | HTML iconHTML

    As company-collected data increases in value, it attracts interest from unauthorized persons to access, misappropriate, and misuse it. Despite such risks, companies and financial institutions increasingly contract business processing of data (and other activities normally handled inhouse) to third parties - affiliates or independent service providers located in another country that will perform su... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Knowledge for software security

    Publication Year: 2005, Page(s):74 - 78
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (328 KB) | HTML iconHTML

    A critical challenge facing software security today is the dearth of experienced practitioners. Approaches that rely solely on apprenticeship as a method of propagation won't scale quickly enough to address this burgeoning problem, so as the field evolves and establishes best practices, knowledge management can play a central role in encapsulating and spreading the emerging discipline more efficie... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ad Product Index

    Publication Year: 2005, Page(s): 79
    Request permission for commercial reuse | PDF file iconPDF (78 KB)
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Problem Statement is the Problem

    Publication Year: 2005, Page(s): 80
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (76 KB) | HTML iconHTML

    A problem statement encouraging elegance is spare, unadorned, clean, and leaves the designer as much room as can be left. This is the hardest part of any design process. A good problem statement is a mentor and a supervisor. It asks the right question. A good problem statement extends its writer's skill and wisdom so that, if those are in short supply, the problem statement can make up for some of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu