By Topic

IEEE Security & Privacy

Issue 5 • Date Sept.-Oct. 2007

Filter Results

Displaying Results 1 - 25 of 26
  • [Front cover]

    Publication Year: 2007, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (996 KB)
    Freely Available from IEEE
  • LISA 2007 Conference

    Publication Year: 2007, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (417 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2007, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (623 KB)
    Freely Available from IEEE
  • Technology Scapegoats and Policy Saviors

    Publication Year: 2007, Page(s):3 - 4
    Request permission for commercial reuse | PDF file iconPDF (579 KB) | HTML iconHTML
    Freely Available from IEEE
  • Interface

    Publication Year: 2007, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (41 KB) | HTML iconHTML
    Freely Available from IEEE
  • IEEE Security & Privacy [masthead]

    Publication Year: 2007, Page(s): 6
    Request permission for commercial reuse | PDF file iconPDF (48 KB)
    Freely Available from IEEE
  • Spooky Lessons

    Publication Year: 2007, Page(s): 7
    Request permission for commercial reuse | PDF file iconPDF (43 KB) | HTML iconHTML
    Freely Available from IEEE
  • Silver Bullet Talks with Annie Antón

    Publication Year: 2007, Page(s):8 - 11
    Request permission for commercial reuse | PDF file iconPDF (275 KB) | HTML iconHTML
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2007, Page(s):12 - 14
    Request permission for commercial reuse | PDF file iconPDF (368 KB) | HTML iconHTML
    Freely Available from IEEE
  • The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information

    Publication Year: 2007, Page(s):15 - 23
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (266 KB) | HTML iconHTML

    Before 2005, data broker ChoicePoint suffered fraudulent access to its databases that exposed thousands of customers' personal information. We examine Choice-Point's data breach, explore what went wrong from the perspective of consumers, executives, policy, and IT systems, and offer recommendations for the future. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Personal Brokerage of Web Service Access

    Publication Year: 2007, Page(s):24 - 31
    Cited by:  Papers (1)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (475 KB) | HTML iconHTML

    Network smart-card technology can meet the growing need for secure, flexible Web services. This technology allows building personal identity brokerage solutions that bridge independent Web services into new simple sign-on systems. The network smart card can help bring about a new generation of personal authentication services. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Unicode Steganographic Exploits: Maintaining Enterprise Border Security

    Publication Year: 2007, Page(s):32 - 39
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (265 KB) | HTML iconHTML

    Unicode is rapidly becoming the preferred means for representing symbols used in creating multimedia content, especially for information that's presented in multiple languages. This article discusses a unicode vulnerability that makes such content susceptible to being used for creation of covert channel communications. We also developed a solution architecture, the unified secure message augmentat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How the Cyber Defense Exercise Shaped an Information-Assurance Curriculum

    Publication Year: 2007, Page(s):40 - 49
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (525 KB) | HTML iconHTML

    In this article, we provide a brief history of the Cyber Defense Exercise (CDX), describe Air Force Institute of Technology (AFIT's) participation in it, and explain how the experience shaped the information-assurance curriculum and course format at AFIT. The CDX is an annual competition designed to give students the opportunity to learn and demonstrate best practices in defensive information assu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Information Security Strategy for Networkable Devices

    Publication Year: 2007, Page(s):50 - 56
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1030 KB) | HTML iconHTML

    Networkable Windows-based operating system devices present information security challenges to both vendors and users of such devices. This article highlights some of those threats and offers measures to improve the link between a firm's business strategy, its operational activities, and its information security strategy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets

    Publication Year: 2007, Page(s):57 - 60
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (469 KB) | HTML iconHTML

    As a software engineer or client, how much of your budget should you spend on software security mitigation for the applications and networks on which you depend? The authors introduce a novel way to optimize a combination of security countermeasures under fixed resources. Software engineers and their customers continuously face a complex and frustrating decision: given a fixed budget, which combin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • 2008 IEEE Computer Society membership ad

    Publication Year: 2007, Page(s): 61
    Request permission for commercial reuse | PDF file iconPDF (855 KB)
    Freely Available from IEEE
  • Plagiarism, Graduate Education, and Information Security

    Publication Year: 2007, Page(s):62 - 65
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (413 KB) | HTML iconHTML

    Plagiarism in the classroom has changed since the period of 1997 to 2002, during which the author saw predominately word-for-word plagiarism in papers in his classes. Some came from single sources, but more often they came from two or more. With that kind of plagiarism, it was fairly easy, although time-consuming, to detect copying. Most students engaging in such behaviors believed their professor... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Canadian Response to the USA Patriot Act

    Publication Year: 2007, Page(s):66 - 68
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (497 KB) | HTML iconHTML

    The border between Canada and the US is often hailed as the longest undefended border in the world. This is true for the physical border, dotted with sporadic land crossings, and even more so for the digital border, where thousands of strands of fiber span the frontier without any regulation or formality. Since the attacks of September 11, 2001, US authorities have spent untold millions of dollars... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trust on a Nationwide Scale

    Publication Year: 2007, Page(s):69 - 71
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (536 KB) | HTML iconHTML

    Singapore is a small island nation with roughly 4.5 million inhabitants, but it has a highly developed international economy based on trade, services, and knowledge management. Singapore launched its lofty goals by defining the nationpsilas e-security. Current research in the Singaporean telecommunications and IT security community attempts to model such peer-to-peer ad hoc transactions and levera... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Balancing Privacy and Risk in the E-Messaging World

    Publication Year: 2007, Page(s):72 - 75
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (94 KB) | HTML iconHTML

    Messaging within an enterprise used to be like the local water department; as long as the email flowed, no one paid any attention to it and all was good. Things are different now - messaging has become the center of a legal and regulatory maelstrom. It's the confluence of security, privacy, and opportunity within an organization. Email and instant messaging reduce the cost of delivering products, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Online Games and Security

    Publication Year: 2007, Page(s):76 - 79
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (223 KB) | HTML iconHTML

    Online games have taken the computer world by storm. Gaming has always been (and remains) a prime driver of PC technology, with deep penetration into the consumer market. Online games especially massively multi-player online role-playing games (MMORPGs) suffer from such security problems. In this short introduction to MMORPG security, we focus on bugs involving time and state. MMORPGs are made of ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Handling Multiple Credentials in a Heterogeneous SOA Environment

    Publication Year: 2007, Page(s):80 - 82
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (716 KB) | HTML iconHTML

    With all the diverse technology in a typical corporate IT environment, it's no surprise that multiple types and formats of security credentials exist, each one designed to protect its respective software system. We can address the problem of handling multiple credential types and formats in a heterogeneous SOA environment by using a data structure designed not only to store and propagate user cred... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Deploying Low-Latency Anonymity: Design Challenges and Social Factors

    Publication Year: 2007, Page(s):83 - 87
    Cited by:  Papers (17)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (479 KB) | HTML iconHTML

    Anonymous communication systems hide conversations against unwanted observations. Deploying an anonymous communications infrastructure presents surprises unlike those found in other types of systems. To address these and related issues, we designed Tor (the onion routing), a widely used low-latency, general-purpose anonymous communication infrastructure a overlay network for anonymizing TCP stream... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Seers and Craftspeople

    Publication Year: 2007, Page(s): 88
    Request permission for commercial reuse | PDF file iconPDF (84 KB) | HTML iconHTML
    Freely Available from IEEE
  • Call for Papers

    Publication Year: 2007, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (69 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu