By Topic

IEEE Security & Privacy

Issue 6 • Date Nov.-Dec. 2006

 This issue contains several parts.Go to:  Part  

Filter Results

Displaying Results 1 - 25 of 29
  • Front Cover

    Publication Year: 2006, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (2160 KB)
    Freely Available from IEEE
  • RSA¿ Conference 2007 Panel

    Publication Year: 2006, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (223 KB)
    Freely Available from IEEE
  • Table of Contents

    Publication Year: 2006, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (954 KB)
    Freely Available from IEEE
  • Weak Links, Strong Ties

    Publication Year: 2006, Page(s): 3
    Request permission for commercial reuse | PDF file iconPDF (213 KB)
    Freely Available from IEEE
  • Masthead

    Publication Year: 2006, Page(s): 4
    Request permission for commercial reuse | PDF file iconPDF (45 KB)
    Freely Available from IEEE
  • Desert Island Books

    Publication Year: 2006, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (42 KB)
    Freely Available from IEEE
  • News

    Publication Year: 2006, Page(s):6 - 9
    Request permission for commercial reuse | PDF file iconPDF (51 KB)
    Freely Available from IEEE
  • Silver Bullet Speaks with Ed Felten

    Publication Year: 2006, Page(s):10 - 13
    Request permission for commercial reuse | PDF file iconPDF (1021 KB)
    Freely Available from IEEE
  • RSA¿ Conference 2007

    Publication Year: 2006, Page(s): 14
    Request permission for commercial reuse | PDF file iconPDF (1956 KB)
    Freely Available from IEEE
  • Guest Editors' Introduction: Data Surveillance

    Publication Year: 2006, Page(s):15 - 17
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3249 KB)

    The guest editors discuss data surveillance. Proponents hope that data surveillance technology will be able to anticipate and prevent terrorist attacks, detect disease outbreaks, and allow for detailed social science research--all without the corresponding risks to personal privacy because machines, not people, perform the surveillance. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Countering Terrorism through Information and Privacy Protection Technologies

    Publication Year: 2006, Page(s):18 - 27
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (973 KB)

    Security and privacy aren't dichotomous or conflicting concerns--the solution lies in developing and integrating advanced information technologies for counterterrorism along with privacy-protection technologies to safeguard civil liberties. Coordinated policies can help bind the two to their intended use. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Threat and Fraud Intelligence, Las Vegas Style

    Publication Year: 2006, Page(s):28 - 34
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (426 KB)

    Matching and relating identities is of the utmost importance for Las Vegas casinos. The author describes a specific matching technique known as identity resolution. This approach provides superior results over traditional identity matching systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Computer Society Distance Learning Campus

    Publication Year: 2006, Page(s): 35
    Request permission for commercial reuse | PDF file iconPDF (3570 KB)
    Freely Available from IEEE
  • Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

    Publication Year: 2006, Page(s):36 - 43
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (448 KB)

    In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server responses, and propose a methodology for confirming response validity. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Estimating Potential IT Security Losses: An Alternative Quantitative Approach

    Publication Year: 2006, Page(s):44 - 52
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1734 KB)

    In a highly network-centric open economy, network-based information plays a pivotal role in all business firms and institutional organizations. The authors have developed a novel model for implementing quantitative measurement of possible IT security losses by mining records of port scan data. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Soups 2006

    Publication Year: 2006, Page(s):53 - 55
    Request permission for commercial reuse | PDF file iconPDF (101 KB)
    Freely Available from IEEE
  • Computer Security Education and Research: Handle with Care

    Publication Year: 2006, Page(s):56 - 59
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (171 KB)

    In seeking ways to actively detect attackers and their malicious code and tools, researchers, educators, and their students must tread somewhat cautiously, to ensure that their own computing activities remain legal and ethical. Although the intent behind protecting and securing systems serves the overall societal good, the methods used to achieve these ends must remain both legal and ethical. Thes... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy-Enabled Global Threat Monitoring

    Publication Year: 2006, Page(s):60 - 63
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (786 KB)

    Could the future of Internet-scale collaborative security frameworks ultimately open a new era of fast-reaction Internet defenses, or are these systems destined to provide limited deployment and detection power for unclear liability risks? We think the former is unlikely without significant progress in rich-content extraction that addresses the fundamental vulnerabilities inherent in collaborative... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Are You Sure You Had a Privacy Incident?

    Publication Year: 2006, Page(s):64 - 66
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (727 KB)

    Whether it's lost laptops, misplaced backup tapes, or data posted to Web sites, data spills have become a fact of life. In the US, state governments and federal agencies have responded with a series of notification rules, which require companies to inform the affected individuals after security incidents. Yet, to determine whether an incident affects individuals' privacy and thus requires notice, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cryptography, Law Enforcement, and Mobile Communications

    Publication Year: 2006, Page(s):67 - 70
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1076 KB)

    In this issue's installment of Crypto Corner, we review the handset-related methods law enforcement agencies can use to gather evidence during criminal investigations. This article's goal is twofold: explain how law enforcement agencies gather handset-based evidence and increase the community's awareness of the digital footprints handsets leave behind. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Software Procurement and Security Primer

    Publication Year: 2006, Page(s):71 - 73
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (56 KB)

    This article explores some useful concepts that help integrate security more firmly into the software-procurement process. For those involved with software or software procurement in an organization, it helps to start by asking potential vendors some simple questions about their software-development processes, education and training, and accountability. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Systemic Security Management

    Publication Year: 2006, Page(s):74 - 77
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1205 KB)

    In 2005, the University of Southern California's Institute for Critical Information Infrastructure Protection (ICIIP) developed a conceptual framework for enterprise security. ICIIP seeks to close the gap between the current corporate cybersecurity risk profile and what's needed to protect the US's critical infrastructure information. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Strengthening the Weakest Link in Digital Protection

    Publication Year: 2006, Page(s):78 - 80
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (256 KB)

    In our one-semester course at the US Military Academy in New York, we educate roughly 800 undergraduates from nontechnical fields each year on intermediate-level IT skills. We place our students in an isolated virtual-computing environment, give them hands-on experience with a variety of attack vectors that hackers use to exploit vulnerabilities, and provide them with a multidimensional framework ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Defining Misuse within the Development Process

    Publication Year: 2006, Page(s):81 - 84
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (132 KB)

    The software development industry often brings in security at the eleventh hour, right before developers throw the code over the wall--that is, deploy it into production--and ask, "Well, is it secure?" At this point, hilarity--for the objective observers, anyhow--ensues as security personnel work feverishly to shove crypto, firewalls, and all the other mechanisms at their disposal into the most eg... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Common Vulnerability Scoring System

    Publication Year: 2006, Page(s):85 - 89
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (545 KB)

    Vendors have historically used proprietary methods for scoring software vulnerabilities, usually without detailing their criteria or processes. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by presenting a framework for consistently and accurately assessing and quantifying software vulnerabilities' impact on organizations. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu