By Topic

IEEE Security & Privacy

Issue 3 • Date May-June 2005

Filter Results

Displaying Results 1 - 24 of 24
  • [Front cover]

    Publication Year: 2005, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (914 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2005, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (350 KB)
    Freely Available from IEEE
  • It Depends on What You Pay

    Publication Year: 2005, Page(s): 3
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (63 KB) | HTML iconHTML

    What is the cost of better security? Who pays for it, and how can we incentivize it in the industry? View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Masthead

    Publication Year: 2005, Page(s): 4
    Request permission for commercial reuse | PDF file iconPDF (33 KB)
    Freely Available from IEEE
  • Under the Black Hat

    Publication Year: 2005, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (42 KB) | HTML iconHTML
    Freely Available from IEEE
  • Interview: Holistic Security

    Publication Year: 2005, Page(s):6 - 8
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (152 KB) | HTML iconHTML

    An interview with Tom Leighton, founder and chief scientist at Akamai Technologies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Overview of cyber security: a crisis of prioritization

    Publication Year: 2005, Page(s):9 - 11
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (200 KB) | HTML iconHTML

    The Internet, originally a development of the USA government, opened to commercial traffic in the early 1990s. Since then, its growth internationally has been phenomenal. In several nations, the Internet is now fundamental for communication, and it has become basic to society, including supporting several aspects of the USA national critical information infrastructure. Because the Internet was bui... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • NewsBriefs

    Publication Year: 2005, Page(s):12 - 14
    Request permission for commercial reuse | PDF file iconPDF (776 KB) | HTML iconHTML
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Guest Editor's Introduction: Infrastructure Security--Reliability and Dependability of Critical Systems

    Publication Year: 2005, Page(s):15 - 17
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (288 KB) | HTML iconHTML

    This special issue of IEEE Security & Privacy focuses on the security, agility, and robustness of large-scale critical infrastructure. Specifically, it examines the challenges associated with infrastructure protection for enhanced system security, reliability, efficiency, and quality. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security meter: a practical decision-tree model to quantify risk

    Publication Year: 2005, Page(s):18 - 24
    Cited by:  Papers (34)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (512 KB) | HTML iconHTML

    Several security risk templates employ nonquantitative attributes to express a risk's severity, which is subjective and void of actual figures. The author's design provides a quantitative technique with an updated repository on vulnerabilities, threats, and countermeasures to calculate risk. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Collaborative Internet worm containment

    Publication Year: 2005, Page(s):25 - 33
    Cited by:  Papers (28)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (456 KB) | HTML iconHTML

    Large-scale worm outbreaks that lead to distributed denial-of-service attacks pose a major threat to Internet infrastructure security. Fast worm containment is crucial for minimizing damage and preventing flooding attacks against network hosts. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • RFID privacy: an overview of problems and proposed solutions

    Publication Year: 2005, Page(s):34 - 43
    Cited by:  Papers (169)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1520 KB) | HTML iconHTML

    As organizations aggressively deploy radio frequency identification systems, activists are increasingly concerned about RFID's potential to invade user privacy. This overview highlights potential threats and how they might be addressed using both technology and public policy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Challenges in securing voice over IP

    Publication Year: 2005, Page(s):44 - 49
    Cited by:  Papers (24)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (296 KB) | HTML iconHTML

    Although VoIP offers lower cost and greater flexibility, it can also introduce significant risks and vulnerabilities. This article explains the challenges of VoIP security and outlines steps for helping to secure an organization's VoIP network. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enabling video privacy through computer vision

    Publication Year: 2005, Page(s):50 - 57
    Cited by:  Papers (76)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (352 KB) | HTML iconHTML

    Closed-circuit television cameras used today for surveillance sometimes enable privacy intrusion. The authors' privacy console manages operator access to different versions of video-derived data according to access-control lists. Additionally, their PrivacyCam is a smart camera that produces a video stream with privacy-intrusive information already removed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A young geek's fancy turns to...science fiction? [Book recommendations]

    Publication Year: 2005, Page(s):58 - 60
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2096 KB) | HTML iconHTML

    The author recommends a number of science fiction books including a cyberthriller involving cryptography and history. Other topics covered by the books include: a model of the universe, a race of group intelligences, and Galactic civilisations. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • CyberCIEGE: gaming for information assurance

    Publication Year: 2005, Page(s):61 - 64
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (568 KB) | HTML iconHTML

    CyberCIEGE is a high-end, commercial-quality video game developed jointly by Rivermind and the Naval Postgraduate School's Center for Information Systems Security Studies and Research. This dynamic, extensible game adheres to information assurance principles to help teach key concepts and practices. CyberCIEGE is a resource management simulation in which the player assumes the role of a decision m... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Four ways to improve security

    Publication Year: 2005, Page(s):65 - 67
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (568 KB) | HTML iconHTML

    How can you tell if an IT security product (or a product that includes security components) can secure your application? How can you be certain that a product will fully deliver on its claims that it will protect against malice in a deployed environment? Unfortunately, few vendors - and even fewer customers - can make these judgments. The article won't make you a security wizard, but it will give ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • When hashes collide [applied cryptography]

    Publication Year: 2005, Page(s):68 - 71
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (248 KB) | HTML iconHTML

    Cryptography isn't in the public eye very often, but when it is, the news can be disconcerting. The authors discuss the issues that have arisen around the recently announced problems with the SHA-1 hash function and its ancestor, MD5. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Malcode mysteries revealed [computer viruses and worms]

    Publication Year: 2005, Page(s):72 - 75
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (464 KB) | HTML iconHTML

    The author examines self-replicating code and its associated challenges, His aim is to help demystify the topic as well as stimulate new research in a frequently mistreated subject. This is not overly ambitious in a short article: despite their patina of complexity, viruses and worms are fairly straightforward. The SQL.Slammer worm of 2003, for example, spread using packets that were only 376 byte... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A short visit to the bot zoo [malicious bots software]

    Publication Year: 2005, Page(s):76 - 79
    Cited by:  Papers (20)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (752 KB) | HTML iconHTML

    The past year (2004-5) has seen, a new attack trend emerge: bots. After a successful compromise, the attacker installs a bot (also called a zombie or drone) on the system; this small program enables a remote control mechanism to then command the victim. Attackers use this technique repeatedly to form networks of compromised machines (botnets) to further enhance the effectiveness of their attacks. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Programming languages and systems security

    Publication Year: 2005, Page(s):80 - 83
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (144 KB) | HTML iconHTML

    Modern research and development has produced various language-level supports for secure systems design. Safe languages provide a flexible and reliable foundation on which to build. Language-based security abstractions provide systems programmers with an effective means of defining and enforcing security models. Controlled language-execution models can impose fine-grained and powerful restrictions ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Salute the broadcast flag [digital protection for TV recording]

    Publication Year: 2005, Page(s):84 - 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (296 KB) | HTML iconHTML

    For decades, we've grown accustomed to the idea that electronic equipment gets increasingly powerful and economical with time each year, we buy more capability for the same price. Soon, however, there might be an exception. A new US Federal Communications (FCC) rule (FCC report 03-273) states that all US TV recorders made after July 2005 must recognize and obey a signal or marker in programs: the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Adopting a software security improvement program

    Publication Year: 2005, Page(s):88 - 91
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (224 KB) | HTML iconHTML

    Leading software shops (including Microsoft) are working hard to improve the way they build security into their products. Software security initiatives have proven beneficial for those organizations that have implemented them. Such initiatives involve the adoption and rollout of various types of best practices. The article describes an approach that works, with an emphasis on business process engi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security and Privacy: Enemies or Allies?

    Publication Year: 2005, Page(s): 92
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (74 KB) | HTML iconHTML

    We show ID cards at every juncture. Is this necessary? Is it helpful? Or is it actually harmful, not just to our privacy but to security as well? View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu