By Topic

IEEE Security & Privacy

Issue 4 • July-Aug. 2007

Filter Results

Displaying Results 1 - 25 of 27
  • [Front cover]

    Publication Year: 2007, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (779 KB)
    Freely Available from IEEE
  • Wiley and IEEE Computer Society [advertisement]

    Publication Year: 2007, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (215 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2007, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (341 KB)
    Freely Available from IEEE
  • Infosecurity New York Conference Information [advertisement]

    Publication Year: 2007, Page(s): 3
    Request permission for commercial reuse | PDF file iconPDF (264 KB)
    Freely Available from IEEE
  • Cyberassault on Estonia

    Publication Year: 2007, Page(s): 4
    Request permission for commercial reuse | PDF file iconPDF (65 KB) | HTML iconHTML
    Freely Available from IEEE
  • [Masthead]

    Publication Year: 2007, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (38 KB)
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2007, Page(s):6 - 9
    Request permission for commercial reuse | PDF file iconPDF (122 KB) | HTML iconHTML
    Freely Available from IEEE
  • Silver Bullet Talks with Ross Anderson

    Publication Year: 2007, Page(s):10 - 13
    Cited by:  Papers (1)
    Request permission for commercial reuse | PDF file iconPDF (438 KB) | HTML iconHTML
    Freely Available from IEEE
  • MEMS-Assisted Cryptography for CPI Protection

    Publication Year: 2007, Page(s):14 - 21
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (357 KB) | HTML iconHTML

    The authors present a concept for an anti-tamper system that dynamically generates a cryptographic key derived from microelectromechanical systems (MEMS) arrays encapsulated within a protected system in a single package. The system provides protection in active and passive states with no battery backup. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Encryption: Security Considerations for Portable Media Devices

    Publication Year: 2007, Page(s):22 - 27
    Cited by:  Papers (5)  |  Patents (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (202 KB) | HTML iconHTML

    With the proliferation of removable media devices, such as iPods and USB drives, large amounts of an organization's sensitive data can easily be removed. The author explores the complexities of protecting networks against removable media, including guidelines for purchasing encryption software. This article examines how to develop portable and removable media security policies, as well as how encr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Estimating Software Vulnerabilities

    Publication Year: 2007, Page(s):28 - 32
    Cited by:  Papers (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1464 KB) | HTML iconHTML

    Any given piece of software has some number of publicly disclosed vulnerabilities at any moment, leaving the system exposed to potential attack. A method for identifying and analyzing these vulnerabilities uses public data from easily accessible sources. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Spam Filtering With Dynamically Updated URL Statistics

    Publication Year: 2007, Page(s):33 - 39
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (467 KB) | HTML iconHTML

    Many URL-based spam filters rely on "white" and "black" lists to classify email. The authors' proposed URL-based spam filter instead analyzes URL statistics to dynamically calculate the probabilities of whether email with specific URLs are spam or legitimate, and then classifies them accordingly. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Improving Mobile Core Network Security with Honeynets

    Publication Year: 2007, Page(s):40 - 47
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (412 KB) | HTML iconHTML

    Despite improved security, core network vulnerabilities continue to threaten third-generation (3G) mobile systems. This article offers a security assessment conducted in the packet-switched domain of a mobile operator's infrastructure. A honeynet architecture could help address 3G security. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • I Am a Scientist, Not a Philosopher!

    Publication Year: 2007, Page(s):48 - 51
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (102 KB) | HTML iconHTML

    We longer live in the era of Aristotelian philosophers or alchemists attempting to turn lead into gold. Yet, you might be forgiven for thinking we were, after observing many computer security researchers' claims - even in papers published in peer-reviewed journals and conference proceeding. Computer security is both an art and a science, but researchers frequently fail to follow the scientific met... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Containing the Ultimate Trojan Horse

    Publication Year: 2007, Page(s):52 - 56
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (757 KB) | HTML iconHTML

    Security vulnerabilities in software systems are a rapidly growing threat in an increasingly networked world. Unfortunately many systems are now so complex that high-assurance auditing for errors would be prohibitively expensive. In this article, author explains about how some of the potential risks could be contained through security management at the base of the software stack, rather than insid... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IT Security World Conference and Expo 2007

    Publication Year: 2007, Page(s): 57
    Request permission for commercial reuse | PDF file iconPDF (472 KB)
    Freely Available from IEEE
  • Data Sharing across the Atlantic

    Publication Year: 2007, Page(s):58 - 61
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (821 KB) | HTML iconHTML

    Government tend to be reluctant to submit their policies to democratic oversight, but in the US the Congress and the judiciary ultimately can and will hold the administration to account. Due to its constitutional peculiarities, however, Europe lacks adequate mechanisms for scrutinizing EU law enforcement and security policies: there's neither a European federal executive to hold accountable nor an... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Micro-Architectural Cryptanalysis

    Publication Year: 2007, Page(s):62 - 64
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (71 KB) | HTML iconHTML

    Cryptanalysis is the study of the methods used to obtain the meaning of encrypted information in a cryptosystem (typically, by finding a secret key) in nontechnical terms, its also called "code breaking" or "cracking the code." Micro-architectural analysis of cryptosystem implementations is a promising and interesting new security research direction that will continue to grow. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mixing Wheat with the Chaff: Creating Useful Test Data for IDS Evaluation

    Publication Year: 2007, Page(s):65 - 67
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (67 KB) | HTML iconHTML

    As the use of intrusion detection systems (IDSs) continues to climb and as researchers find more ways to detect attacks amid a vast ocean of data. The problem of testing IDS solutions has reared its ugly bead. Showing that one technique is better than another or training an IDS about normal usage requires test data. As it turns out, collecting or creating such a data set is something of a catch-22... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ghost in the Virtual Machine

    Publication Year: 2007, Page(s):68 - 71
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (574 KB) | HTML iconHTML

    Past and present experiences point to a seemingly invariant conclusion: virtualization continues to be a promising technology to address information security needs, but it will also continue to fall short of delivering on the ideal of a robust, trustworthy, and mythically flawless computing environment. As the trend toward virtualization accelerates and the technology becomes available to larger u... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • What Hackers Learn that the Rest of Us Don't: Notes on Hacker Curriculum

    Publication Year: 2007, Page(s):72 - 75
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (71 KB) | HTML iconHTML

    To learn security skills, students and developers must be able to switch from their traditional conditioning to the attacker's way of thinking. Exposure to the hacker culture through hacker conferences such as Defcon and others, Phrack and similar publications, and to comprehensive collections such as Packet Storm helps provide the necessary culture slunk or "a-ha" moment and should be integral to... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The New Front Line: Estonia under Cyberassault

    Publication Year: 2007, Page(s):76 - 79
    Cited by:  Papers (29)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (215 KB) | HTML iconHTML

    Estonia, although small is a remarkably Web-dependent country, with widespread Internet access, digital identity cards, an 80-percent usage rate for online banking, electronic tax collection, and remote medical monitoring. The DDoS attacks began on the foreign minister's Web site, but spread to all government institutions and key businesses, such as banks. On balance, the Estonian cyberwar ought t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Attack Graphs to Design Systems

    Publication Year: 2007, Page(s):80 - 83
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (130 KB) | HTML iconHTML

    An attack graph is a visual aid used to document the known security risks of a particular architecture; in short, it captures the paths attackers could use to reach their goals. The graph's purpose is to document the risks known at the time the system is designed, which helps architects and analysts understand the system and find good trade-offs that mitigate these risks. Once the risks are identi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • User-Centric Identity Management: New Trends in Standardization and Regulation

    Publication Year: 2007, Page(s):84 - 87
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (243 KB) | HTML iconHTML

    In offering services to individuals, enterprises often deal with a lot of personal information, the improper handling of which creates security risks for both the enterprises and individuals concerned. Authentication procedures usually assume specific behavior on the part of individuals, and this perception becomes a critical part of an enterprise's security mechanism. Identity management systems ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The End of Black and White

    Publication Year: 2007, Page(s): 88
    Request permission for commercial reuse | PDF file iconPDF (69 KB) | HTML iconHTML
    Freely Available from IEEE

Aims & Scope

IEEE Security & Privacy’s primary objective is to stimulate and track advances in security, privacy, and dependability and present these advances in a form that can be useful to a broad cross-section of the professional community—ranging from academic researchers to industry practitioners. It provides articles with both a practical and research bent by the top thinkers in the field of security and privacy, along with case studies, surveys, tutorials, columns, and in-depth interviews and podcasts for the information security industry.
 

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Ahmad-Reza Sadeghi
Technische Universität Darmstadt
ahmad.sadeghi@trust.tu-darmstadt.de