By Topic

IEEE Security & Privacy

Issue 3 • Date May-June 2007

Filter Results

Displaying Results 1 - 25 of 26
  • [Front cover]

    Publication Year: 2007, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (802 KB)
    Freely Available from IEEE
  • Black Hat: Briefings & Training USA 2007

    Publication Year: 2007, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (314 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2007, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (318 KB)
    Freely Available from IEEE
  • Food for Thought: Improving the Market for Assurance

    Publication Year: 2007, Page(s):3 - 4
    Request permission for commercial reuse | PDF file iconPDF (93 KB) | HTML iconHTML
    Freely Available from IEEE
  • [Masthead]

    Publication Year: 2007, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (38 KB)
    Freely Available from IEEE
  • Silver Bullet Talks with Becky Bace

    Publication Year: 2007, Page(s):6 - 9
    Request permission for commercial reuse | PDF file iconPDF (809 KB) | HTML iconHTML
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2007, Page(s):10 - 12
    Request permission for commercial reuse | PDF file iconPDF (448 KB) | HTML iconHTML
    Freely Available from IEEE
  • Guest Editors' Introduction: Managing Organizational Security

    Publication Year: 2007, Page(s):13 - 15
    Request permission for commercial reuse | PDF file iconPDF (460 KB) | HTML iconHTML
    Freely Available from IEEE
  • Embedding Information Security into the Organization

    Publication Year: 2007, Page(s):16 - 24
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (279 KB) | HTML iconHTML

    Risk and business have always been inseparable, but new information security risks pose unknown challenges. How should firms organize and manage to improve enterprise security? Here, the authors describe how chief information security officer (CISOs) are working to build secure organizations. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • I'll Buy That! Cybersecurity in the Internet Marketplace

    Publication Year: 2007, Page(s):25 - 31
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (220 KB) | HTML iconHTML

    Interviews with chief security officers in the Internet supply chain (those companies that provide Internet services or encourage people to use the Internet) reveal dramatically different attitudes about corporate cybersecurity. The authors' preliminary investigation suggests that a company's market discipline explains these differences. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Coherent Strategy for Data Security through Data Governance

    Publication Year: 2007, Page(s):32 - 39
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (237 KB) | HTML iconHTML

    The role of boards of directors now extends to ensuring that a company's data is actively managed in an increasingly technology-intense environment. In this article, the authors show how this requires greater attention to legislative requirements, greater due diligence in transactions and business alliances, and coherent information management strategies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • What Anyone Can Know: The Privacy Risks of Social Networking Sites

    Publication Year: 2007, Page(s):40 - 49
    Cited by:  Papers (37)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (245 KB) | HTML iconHTML

    For the Net generation, social networking sites have become the preferred forum for social interactions, from posturing and role playing to simply sounding off. However, because such forums are relatively easy to access, posted content can be reviewed by anyone with an interest in the users' personal information. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cyberinsurance in IT Security Management

    Publication Year: 2007, Page(s):50 - 56
    Cited by:  Papers (9)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (242 KB) | HTML iconHTML

    Cyberinsurance to cover losses and liabilities from network or information security breaches can provide incentives for security investments that reduce risk. Although cyberinsurance has evolved, industry has been slow to adopt it as a risk management tool. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • 2007 USENIX Annual Technical Conference Information

    Publication Year: 2007, Page(s): 57
    Request permission for commercial reuse | PDF file iconPDF (659 KB)
    Freely Available from IEEE
  • Educating Students to Create Trustworthy Systems

    Publication Year: 2007, Page(s):58 - 61
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (121 KB) | HTML iconHTML

    Computer science's long-standing tradition of computer security education has focused primarily on designing secure and reliable systems that can ensure information confidentiality, integrity, and availability. This tradition is geared toward preparing students for typical paradigms, such as writing secure code, providing authentication and access control, and developing policies to limit exposure... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hiding Virtualization from Attackers and Malware

    Publication Year: 2007, Page(s):62 - 65
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (90 KB) | HTML iconHTML

    Virtual machine environments (VMEs) let a user or administrator run one or more guest operating systems on top of a host operating system. With security researchers relying on VMEs in their analysis work, attackers and their malicious code have a significant stake in detecting the presence of a virtual machine. This article focuses on detection techniques and mitigation options for the most widely... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Cost of Free Web Tools

    Publication Year: 2007, Page(s):66 - 68
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (67 KB) | HTML iconHTML

    Most users assume that their use of Internet services is implicitly private and anonymous, so it can be quite eye-opening to find out how much about ourselves and our companies we reveal by seemingly innocuous words we use to search, the maps we view, and the other "free" services we use on the Internet. The Internet has become one of the most central aspects of our world, and we react to both the... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Authentication without Identification

    Publication Year: 2007, Page(s):69 - 71
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (454 KB) | HTML iconHTML

    Many authentication transactions performed today require us to disclose more information than is strictly needed, just for verification purposes. Fortunately, modern cryptography provides us with a way to solve the verification problem without leaking unnecessary personal information. These techniques are fast, secure, and preserve privacy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Building Privacy into Software Products and Services

    Publication Year: 2007, Page(s):72 - 74
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (354 KB) | HTML iconHTML

    In the marketplace, customer trust is paramount. As consumers increasingly rely on the Internet for shopping, banking, and other daily activities, privacy is both a major public concern and a barrier to e-commerce growth: fear of data breaches and identity theft threaten to erode trust in the Internet. Once the core privacy team (CPT) is built, it can begin to define the program, deploy its proces... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Contemporary Software Security Landscape

    Publication Year: 2007, Page(s):75 - 77
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (620 KB) | HTML iconHTML

    Microsoft's release of Windows Vista marks the arrival of a new era for software security. Fundamental changes have gradually occurred, bringing us to a point now where the threat landscape no longer resembles what it was just a few years ago. Vista's release is ideal to consider as a culmination point; it's from here that software attack strategies will move into new directions. In this article, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Red-Eye Blink, Bendy Shuffle, and the Yuck Factor: A User Experience of Biometric Airport Systems

    Publication Year: 2007, Page(s):78 - 81
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (550 KB) | HTML iconHTML

    When people find security systems difficult or unacceptable, it can result in bottlenecks, excessive operation costs, and shortcuts or workarounds that undermine security. Since 2001, airports worldwide have deployed an increasing number of security systems with biometric recognition. Some operate behind the scenes, for airport staff or cabin crew use. Airports have been deploying biometrics for t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Software Protection through Anti-Debugging

    Publication Year: 2007, Page(s):82 - 84
    Cited by:  Papers (4)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (74 KB) | HTML iconHTML

    This article focuses on describing state-of-the-art attacks on debuggers to prevent reverse engineering. You can use the information we present as part of your strategy to protect your software or to assist you in overcoming the anti-debugging tricks present in malicious software. Currently, there are enough anti-debugging techniques available to software engineers to sufficiently protect software... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cost-Effective Security

    Publication Year: 2007, Page(s):85 - 87
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (629 KB) | HTML iconHTML

    To be successful, application software needs compelling functionality, availability within the right timeframe, and a reasonable price. But equally critical, teams must get nonfunctional characteristics right - performance, scalability, manageability, maintainability, usability, and, of course, security. The authors introduced misuse or abuse cases as counterparts to use cases and explained that a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Nonsecurity Considerations in Security Decisions

    Publication Year: 2007, Page(s): 88
    Request permission for commercial reuse | PDF file iconPDF (97 KB) | HTML iconHTML
    Freely Available from IEEE
  • LinuxWorld 2007 Information

    Publication Year: 2007, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (481 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu