By Topic

IEEE Security & Privacy

Issue 2 • Date March-April 2007

Filter Results

Displaying Results 1 - 25 of 25
  • [Front cover]

    Publication Year: 2007, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (1768 KB)
    Freely Available from IEEE
  • [Inside front cover]

    Publication Year: 2007, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (874 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2007, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (1122 KB)
    Freely Available from IEEE
  • Call for Papers

    Publication Year: 2007, Page(s): 3
    Request permission for commercial reuse | PDF file iconPDF (37 KB)
    Freely Available from IEEE
  • Trusted Computing in Context

    Publication Year: 2007, Page(s):4 - 5
    Cited by:  Papers (1)
    Request permission for commercial reuse | PDF file iconPDF (270 KB) | HTML iconHTML
    Freely Available from IEEE
  • Masthead

    Publication Year: 2007, Page(s): 6
    Request permission for commercial reuse | PDF file iconPDF (32 KB)
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2007, Page(s):7 - 10
    Request permission for commercial reuse | PDF file iconPDF (77 KB) | HTML iconHTML
    Freely Available from IEEE
  • Silver Bullet Speaks with Dorothy Denning

    Publication Year: 2007, Page(s):11 - 14
    Request permission for commercial reuse | PDF file iconPDF (812 KB) | HTML iconHTML
    Freely Available from IEEE
  • A Surprise Party (on Your Computer)?

    Publication Year: 2007, Page(s):15 - 16
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (360 KB) | HTML iconHTML

    Iv¿n Arce of Core Security Technologies looks at the current state of malware and introduces the articles he selected for this special issue. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Studying Bluetooth Malware Propagation: The BlueBag Project

    Publication Year: 2007, Page(s):17 - 25
    Cited by:  Papers (17)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1209 KB) | HTML iconHTML

    Bluetooth worms currently pose relatively little danger compared to Internet scanning worms. The BlueBag project shows targeted attacks through Bluetooth malware using proof-of-concept codes and mobile devices View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Alien vs. Quine

    Publication Year: 2007, Page(s):26 - 31
    Cited by:  Papers (4)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (410 KB) | HTML iconHTML

    Is it possible to prove that a computer is malware-free without pulling out its hard disk? This article introduces a novel hardware inspection technique based on the injection of carefully crafted code and the analysis of its output and execution time. In theory, the easiest way to exterminate malware is to reformat the disk and then reinstall the operating system (OS) from a trusted distribution ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward Automated Dynamic Malware Analysis Using CWSandbox

    Publication Year: 2007, Page(s):32 - 39
    Cited by:  Papers (146)  |  Patents (18)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (337 KB) | HTML iconHTML

    Malware is notoriously difficult to combat because it appears and spreads so quickly. In this article, we describe the design and implementation of CWSandbox, a malware analysis tool that fulfills our three design criteria of automation, effectiveness, and correctness for the Win32 family of operating systems View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Entropy Analysis to Find Encrypted and Packed Malware

    Publication Year: 2007, Page(s):40 - 45
    Cited by:  Papers (50)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (466 KB) | HTML iconHTML

    In statically analyzing large sample collections, packed and encrypted malware pose a significant challenge to automating the identification of malware attributes and functionality. Entropy analysis examines the statistical variation in malware executables, enabling analysts to quickly and efficiently identify packed and encrypted samples View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Code Normalization for Self-Mutating Malware

    Publication Year: 2007, Page(s):46 - 54
    Cited by:  Papers (25)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (474 KB) | HTML iconHTML

    Next-generation malware adopt self-mutation to circumvent current malware detection techniques. The authors propose a strategy based on code normalization that reduces different instances of the same malware into a common form that can enable accurate detection View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trust Negotiation in Identity Management

    Publication Year: 2007, Page(s):55 - 63
    Cited by:  Papers (28)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (347 KB) | HTML iconHTML

    Most organizations require the verification of personal information before providing services, and the privacy of such information is of growing concern. The authors show how federated identity management systems can better protect users' information when integrated with trust negotiation. In today's increasingly competitive business environment, more and more leading organizations are building We... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Common Body of Knowledge for Information Security

    Publication Year: 2007, Page(s):64 - 67
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (208 KB) | HTML iconHTML

    The need for skilled information security professionals has led various academic, governmental, and industrial organizations to work to develop a common body of knowledge (CBK) for the security domain. A CBK is a framework and collection of information that provides a basis for understanding terms and concepts in a particular knowledge area. It defines the basic information that people who work in... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure Communication without Encryption?

    Publication Year: 2007, Page(s):68 - 71
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (89 KB) | HTML iconHTML

    The potential computational speedup that quantum algorithms offer in certain problems threatens the security of current cryptographic techniques that rely on the infeasibility of factoring large numbers. But the same technology that currently threatens public-key infrastructure also provides a seeming alternative: a protocol for quantum key distribution (QKD), which provides a secure method for es... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Setting Boundaries at Borders: Reconciling Laptop Searches and Privacy

    Publication Year: 2007, Page(s):72 - 75
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (693 KB) | HTML iconHTML

    If you've traveled internationally on business, the odds are that you've taken your laptop with you. Like most business travelers, you need these ubiquitous devices to do work, make presentations, and communicate with coworkers, family, and friends via the Internet. In a previous department, we explored the notion that laptops deserve special consideration because of the increasingly blurred line ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • When Cryptographers Turn Lead into Gold

    Publication Year: 2007, Page(s):76 - 79
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (814 KB) | HTML iconHTML

    At its core, a cryptographer's job is to "transmutate" trust: just as alchemists turn lead into gold, cryptographers transmutate trust in one or more assumptions into trust in some other simpler and better-defined assumptions, the ones on which the security of complex monolithic systems rely. Because we can enforce and verify the resulting assumptions' validity more easily, such transmutation make... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Case (Study) For Usability in Secure Email Communication

    Publication Year: 2007, Page(s):80 - 84
    Cited by:  Papers (9)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (611 KB) | HTML iconHTML

    As a network security researcher, the author finds it very disappointing that most users can't, or simply don't, secure their everyday Internet communications. For good reason, usability in security has received a fair deal of attention in the past few years. To push the issue further, the author decided to initiate his own informal case study on the usability and practical relevance of standard s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • South Korea's Way to the Future

    Publication Year: 2007, Page(s):85 - 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (152 KB) | HTML iconHTML

    South Korea leads the world in access to broadband services; as of early 2006, 83 percent of households had broadband, compared to roughly 45 percent in the US. Not coincidentally, the country also leads in the transition to digital music sales via digital rights management (DRM) software. In fact; the past decade has seen South Korea's music scene change dramatically. It once had 8,000 music stor... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Metrics Framework to Drive Application Security Improvement

    Publication Year: 2007, Page(s):88 - 91
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (927 KB) | HTML iconHTML

    Web applications' functionality and user base have evolved along with the threat landscape. Although controls such as network firewalls are essential, they're wholly insufficient for providing overall Web application security. They provide security for underlying hosts and a means of communication, but do little to aid the application resist attack against its software implementation or design. En... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Infrastructure Standards for Smart ID Card Deployment

    Publication Year: 2007, Page(s):92 - 96
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (115 KB) | HTML iconHTML

    Smart card deployment is increasing thanks to the addition of security features and improvements in computing power to support cryptographic algorithms with bigger footprints (for digitally signing and encrypting) in the smart card chips in the past five or six years. Typical applications include subscriber identification module (SIM) cards (in telecommunications), micropayments (in financial tran... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • [Back inside cover]

    Publication Year: 2007, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (1071 KB)
    Freely Available from IEEE
  • [Advertisement - Back cover]

    Publication Year: 2007, Page(s): c4
    Request permission for commercial reuse | PDF file iconPDF (934 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu