By Topic

IEEE Security & Privacy

Issue 4 • Date July-Aug. 2006

Filter Results

Displaying Results 1 - 25 of 27
  • [Front cover]

    Publication Year: 2006, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (1563 KB)
    Freely Available from IEEE
  • [Inside front cover]

    Publication Year: 2006, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (682 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2006, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (601 KB)
    Freely Available from IEEE
  • [Masthead]

    Publication Year: 2006, Page(s): 3
    Request permission for commercial reuse | PDF file iconPDF (32 KB)
    Freely Available from IEEE
  • Speaking of Privacy

    Publication Year: 2006, Page(s):4 - 5
    Request permission for commercial reuse | PDF file iconPDF (472 KB) | HTML iconHTML
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2006, Page(s):6 - 8
    Request permission for commercial reuse | PDF file iconPDF (77 KB) | HTML iconHTML
    Freely Available from IEEE
  • Why We Won't Review Books by Hackers

    Publication Year: 2006, Page(s): 9
    Request permission for commercial reuse | PDF file iconPDF (44 KB) | HTML iconHTML
    Freely Available from IEEE
  • Silver Bullet Speaks with Dan Geer

    Publication Year: 2006, Page(s):10 - 13
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1048 KB) | HTML iconHTML

    Dan Geer discusses his work in Project Athena and his thoughts on data security. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Guest Editor's Introduction: The State of Web Security

    Publication Year: 2006, Page(s):14 - 15
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (248 KB) | HTML iconHTML

    Today's Internet is a rapidly evolving place. What were once the hot technologies (gopher, FTP, telnet) are quickly being replaced by others (RSS, AJAX, SOAP). Such is the same with security; whereas in the '90s most attacks targeted networks, today most target the applications that run on top of them. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Web application security engineering

    Publication Year: 2006, Page(s):16 - 24
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (226 KB) | HTML iconHTML

    Integrating security throughout the life cycle can improve overall Web application security. With a detailed review of the steps involved in applying security-specific activities throughout the software development life cycle, the author walks practitioners through effective, efficient application design, development, and testing. With this article, the author shares a way to improve Web applicati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Why applying standards to Web services is not enough

    Publication Year: 2006, Page(s):25 - 31
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (437 KB) | HTML iconHTML

    Properly designing and securing your Web services application is important, and it's not just a matter of using security standards. Developers must understand both the limitations and drawbacks to security standards in order to fully secure their Web services. In this article, we outline the role of security standards in Web services development. We then look at each of these three pitfalls in det... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Web application security assessment tools

    Publication Year: 2006, Page(s):32 - 41
    Cited by:  Papers (7)  |  Patents (18)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (656 KB) | HTML iconHTML

    Security testing a Web application or Web site requires careful thought and planning due to both tool and industry immaturity. Finding the right tools involves several steps, including analyzing the development environment and process, business needs, and the Web application's complexity. Here, we describe the different technology types for analyzing Web applications and Web services for security ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security policies and the software developer

    Publication Year: 2006, Page(s):42 - 49
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (224 KB) | HTML iconHTML

    A wide range of legal and regulatory issues surround Web software development, including the need to protect consumer information. A good set of security policies limit company exposure. Understanding and implementing good policies is therefore as essential as implementing SSL. In this article, we consider two simple questions: why should software architects and developers work with corporate info... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Kafka in the academy: a note on ethics in IA education

    Publication Year: 2006, Page(s):50 - 53
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (656 KB) | HTML iconHTML

    In studying how to protect the United States' critical infrastructure, a presidential commission divided it into several sectors: information and communications, banking and finance, energy, physical distribution, and vital human services. Given that all sectors are strongly interconnected, the vulnerability of one represents dangers for the others. For example, a failure in the communications inf... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Intrusion-tolerant middleware: the road to automatic security

    Publication Year: 2006, Page(s):54 - 62
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (258 KB) | HTML iconHTML

    The pervasive interconnection of systems throughout the world has given computer services a significant socioeconomic value that both accidental faults and malicious activity can affect. The classical approach to security has mostly consisted of trying to prevent bad things from happening-by developing systems without vulnerabilities, for example, or by detecting attacks and intrusions and deployi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Computer Society Membership Information

    Publication Year: 2006, Page(s): 63
    Request permission for commercial reuse | PDF file iconPDF (184 KB)
    Freely Available from IEEE
  • Lessons for laptops from the 18th century

    Publication Year: 2006, Page(s):64 - 68
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (247 KB) | HTML iconHTML

    As governments attempt to prevent, investigate, or prosecute crimes by persons who use the Internet to plan and carry out terrorist acts, the protection of private, personal information stored on computers becomes the subject of controversy. It is inevitable that the home computer becomes a target for surveillance, search, and seizure by government agents. As a result, courts will be asked to dete... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Computer Society Digital Library Packages for Institutions

    Publication Year: 2006, Page(s): 69
    Request permission for commercial reuse | PDF file iconPDF (375 KB)
    Freely Available from IEEE
  • RFID malware: truth vs. myth

    Publication Year: 2006, Page(s):70 - 72
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (405 KB) | HTML iconHTML

    On 15 March 2006, our research team at Vrije Universiteit published a paper about RFID malware entitled "Is Your Cat Infected with a Computer Virus?" as well as a companion Web site (www.rfidvirus.org). Our paper introduced the concept of RFID malware and presented an accompanying proof-of-concept RFID virus. The paper ultimately resulted in a huge amount of media attention; within 24 hours of pre... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Computer Society Celebrates Two 60-Year Anniversaries

    Publication Year: 2006, Page(s): 73
    Request permission for commercial reuse | PDF file iconPDF (287 KB)
    Freely Available from IEEE
  • A process for performing security code reviews

    Publication Year: 2006, Page(s):74 - 79
    Cited by:  Papers (9)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (246 KB) | HTML iconHTML

    No one really likes reviewing source code for security vulnerabilities; its slow, tedious, and mind-numbingly boring. Yet, code review is a critical component of shipping secure software to customers. Neglecting it isn't an option View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Voices, I hear voices [VoIP security]

    Publication Year: 2006, Page(s):80 - 83
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (469 KB) | HTML iconHTML

    The realm of computer networks already plagued with security and privacy concerns is a fertile ground for both offensive and defensive information security practitioners. In this paper, the author delves into the new security and privacy challenges the ongoing widespread adoption of IP telephony and voice over IP (VoIP) pose View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Applying protocol analysis to security device interfaces

    Publication Year: 2006, Page(s):84 - 87
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (212 KB) | HTML iconHTML

    Despite best efforts, general-purpose computing platforms and servers continue to be insecure. Due to their complexity, furthermore, it seems unlikely that a completely secure system can be built in the foreseeable future. Fortunately, a promising alternative exists: the use of trusted cryptographic devices and subsystems. Like smart cards, such devices hold and use secret cryptographic keys on be... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Introduction to identity management risk metrics

    Publication Year: 2006, Page(s):88 - 91
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (73 KB) | HTML iconHTML

    Good metrics aggregate both objective and quantitative measures, and should be consistent, cheap to gather, and expressed as numbers. Objective measurement helps you report on past progress, forecast future scenarios, and respond to real-time events. In this paper, the author presents some identity management risk metrics that highlight the distribution, quality, affiliation, and governance of ide... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Managing information privacy: developing a context for security and privacy standards convergence

    Publication Year: 2006, Page(s):92 - 95
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (74 KB) | HTML iconHTML

    Information privacy is much broader than data security. It's about the collection, processing, use, and protection of personal information. Essentially, business processes, IT systems, and compliance controls must support the full set of requirements embodied in these principles and expressed in relevant laws and policies. Implementation choices, including automation level and security control sel... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu