By Topic

IEEE Security & Privacy

Issue 6 • Date Nov.-Dec. 2005

Filter Results

Displaying Results 1 - 23 of 23
  • [Front cover]

    Publication Year: 2005, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (2005 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2005, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (757 KB)
    Freely Available from IEEE
  • Green Computing

    Publication Year: 2005, Page(s): 3
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (80 KB) | HTML iconHTML

    We need computing and networking environments that support many forms of accountability, but we also need to understand how to construct systems with interfaces simple enough to be usable, yet capable of supporting the kinds of security policies we employ intuitively every day. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Masthead

    Publication Year: 2005, Page(s): 4
    Request permission for commercial reuse | PDF file iconPDF (29 KB)
    Freely Available from IEEE
  • Letters to the Editor

    Publication Year: 2005, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (455 KB) | HTML iconHTML
    Freely Available from IEEE
  • Are RFIDs Coming to Get You?

    Publication Year: 2005, Page(s): 6
    Request permission for commercial reuse | PDF file iconPDF (50 KB) | HTML iconHTML
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2005, Page(s):7 - 8
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (46 KB) | HTML iconHTML

    News items related to security, privacy, and policy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Winning the Game of Risk: Neumann's Take on Sound Design

    Publication Year: 2005, Page(s):9 - 12
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (416 KB) | HTML iconHTML

    In an interview with Peter Neumann, he discusses the state of the information assurance discipline, as well as current market forces impacting software security, risks to the US computing infrastructure, and promising future security technologies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Signaling vulnerabilities in wiretapping systems

    Publication Year: 2005, Page(s):13 - 25
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (608 KB) | HTML iconHTML

    Many law enforcement wiretap systems are vulnerable to simple, unilateral countermeasures that exploit the unprotected in-band signals passed between the telephone network and the collection system. This article describes the problem as well as some remedies and workarounds. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security, wiretapping, and the Internet

    Publication Year: 2005, Page(s):26 - 33
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (384 KB) | HTML iconHTML

    In a move that is dangerous to network security, the US Federal Bureau of Investigation is seeking to extend the Communications for Law Enforcement Act to voice over IP. Such an extension poses national security risks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The denial-of-service dance

    Publication Year: 2005, Page(s):34 - 40
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (560 KB) | HTML iconHTML

    By understanding the types of attacks available to an adversary, we can develop more effective defenses against them. A taxonomy of denial-of-service attacks based on a dance-hall metaphor is a step toward gaining such an understanding. This article presents a metaphor for DoS-the dance hall-that helps us toward a comprehensive view of DoS attacks. In this article, "DoS" refers to the set of remot... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Countering network worms through automatic patch generation

    Publication Year: 2005, Page(s):41 - 49
    Cited by:  Papers (28)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (544 KB) | HTML iconHTML

    To counter zero-day worms that exploit software flaws such as buffer overflows, this end-point architecture uses source code transformations to automatically create and test software patches for vulnerable segments of targeted applications. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A framework for countering denial-of-information attacks

    Publication Year: 2005, Page(s):50 - 56
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (504 KB) | HTML iconHTML

    Denial-of-information (DoI) attacks degrade a given user's ability to seek, assimilate, and process information, and are becoming more prevalent due to the Internet's rapid growth. To counter such attacks, the authors' taxonomy provides structure to this area and proposes a model for describing the information space. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SecureWorld Expo 2005

    Publication Year: 2005, Page(s):57 - 60
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (384 KB) | HTML iconHTML

    A report on SecureWorld Expo 2005, held 21 to 22 September 2005 in Dearborn, Michigan. The SecureWorld Expo targets business and IT professionals with security concerns and provides them with an industry-wide agenda to help solve those concerns through a partnership with government agencies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Developing and sustaining information assurance. The role of community colleges. Part 1

    Publication Year: 2005, Page(s):61 - 63
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (63 KB) | HTML iconHTML

    In 2001, articles in several technology journals underscored the shortage of qualified security professionals who understood information assurance (IA) concepts. At the time, only a handful of universities offered academic programs in IA, and those were at the masters and doctoral levels. Although a few colleges had classes that covered IA topics, no undergraduate-level programs existed. Continual... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Economically complex cyberattacks

    Publication Year: 2005, Page(s):64 - 67
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (328 KB) | HTML iconHTML

    Most people working in cyber security recognize that the interconnections and complexities of our economy can have a huge effect on the destructiveness of cyber attacks. They refer casually to "network effects," "spillover effects" or "knock-on effects." Yet there is little understanding of how such effects actually work, what conditions are necessary to create them, or how to quantify their conse... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Network security basics

    Publication Year: 2005, Page(s):68 - 72
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3216 KB) | HTML iconHTML

    Writing a basic article on network security is something like writing a brief introduction to flying a commercial airliner. Much must be omitted, and an optimistic goal is to enable the reader to appreciate the skills required. The first question to address is what we mean by "network security." Several possible fields of endeavor come to mind within this broad topic, and each is worthy of a lengt... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Pretending that systems are secure

    Publication Year: 2005, Page(s):73 - 76
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (768 KB) | HTML iconHTML

    To a large extent, computing systems are useful only to the degree in which they're embedded in the processes that constitute human society. This embedding makes effective system security extremely important, but achieving it requires a strong look at the human side of the picture - the computers themselves are only part of the system. IEEE Security & Privacy has covered these topics in-the past, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Acting responsibly with geospatial data

    Publication Year: 2005, Page(s):77 - 80
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (76 KB) | HTML iconHTML

    Geospatial data is simply a "language of the landscape;" it can, for the occurrence of every event, "provide position-based knowledge". It consists of "information that identifies the geographic location, and characteristics of natural or constructed features and boundaries on the earth. This information may be derived from, among other things, remote sensing, mapping, and surveying technologies: ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Seven pernicious kingdoms: a taxonomy of software security errors

    Publication Year: 2005, Page(s):81 - 84
    Cited by:  Papers (43)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1744 KB) | HTML iconHTML

    Taxonomies can help software developers and security practitioners understand the common coding mistakes that affect security. The goal is to help developers avoid making these mistakes and more readily identify security problems whenever possible. Because developers today are by and large unaware of the security problems they can (unknowingly) introduce into code, a taxonomy of coding errors shou... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security standards for the RFID market

    Publication Year: 2005, Page(s):85 - 89
    Cited by:  Papers (48)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (304 KB) | HTML iconHTML

    As the RFID market expands, we'll see the continued proliferation of RFID tags built for highly specialized vertical markets, which means greater variety and the consequent need to ensure interoperability. A great deal of research and development is currently under way in the RFID security field to mitigate both known and postulated risks. Manufacturers; business managers, and RFID systems enginee... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • 2005 Annual Index

    Publication Year: 2005, Page(s):90 - 95
    Request permission for commercial reuse | PDF file iconPDF (856 KB)
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Zotob Storm

    Publication Year: 2005, Page(s): 96
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (144 KB) | HTML iconHTML

    Using Zotob worm outbreak as an example, Schneier discusses patches and security processes for preventing more worm outbreaks. Given that it's impossible to know what's coming beforehand, how you respond to an actual worm largely determines your defense’s effectiveness. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu