By Topic

IEEE Security & Privacy

Issue 1 • Jan.-Feb. 2008

Filter Results

Displaying Results 1 - 25 of 26
  • [Front cover]

    Publication Year: 2008, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (1862 KB)
    Freely Available from IEEE
  • Infosec World

    Publication Year: 2008, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (4228 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2008, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (843 KB)
    Freely Available from IEEE
  • Advertisement - S&P ad for RSA panel

    Publication Year: 2008, Page(s): 3
    Request permission for commercial reuse | PDF file iconPDF (986 KB)
    Freely Available from IEEE
  • Security & Privacy masthead

    Publication Year: 2008, Page(s): 4
    Request permission for commercial reuse | PDF file iconPDF (73 KB)
    Freely Available from IEEE
  • Charge of the Light Brigade

    Publication Year: 2008, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (85 KB) | HTML iconHTML
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2008, Page(s):6 - 8
    Request permission for commercial reuse | PDF file iconPDF (210 KB) | HTML iconHTML
    Freely Available from IEEE
  • James P. Anderson: An Information Security Pioneer

    Publication Year: 2008, Page(s): 9
    Cited by:  Papers (1)
    Request permission for commercial reuse | PDF file iconPDF (118 KB) | HTML iconHTML
    Freely Available from IEEE
  • Silver Bullet Talks with Eugene Spafford

    Publication Year: 2008, Page(s):10 - 15
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (316 KB) | HTML iconHTML

    An interview with Eugene Spafford. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information Assurance Technology Forecast 2008

    Publication Year: 2008, Page(s):16 - 23
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (373 KB) | HTML iconHTML

    A virtual roundtable (featuring panelists Steven Bellovin, Terry Benzel, Bob Blakely, Dorothy Denning, Whitfield Diffie, Jeremy Epstein, and Paulo Verissimo) discussing the next 15 years in computer security. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Risking Communications Security: Potential Hazards of the Protect America Act

    Publication Year: 2008, Page(s):24 - 33
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (726 KB) | HTML iconHTML

    A new US law allows warrantless wiretapping whenever one end of the communication is believed to be outside national borders. This creates serious security risks: danger of exploitation of the system by unauthorized users, danger of criminal misuse by trusted insiders, and danger of misuse by government agents. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Securing Information Transfer in Distributed Computing Environments

    Publication Year: 2008, Page(s):34 - 42
    Cited by:  Papers (3)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (799 KB) | HTML iconHTML

    The problem of migrating sensitive information between systems in dynamic environments is increasingly important as distributed computing expands. A proposed policy-based approach provides controlled and secure transfer of user credentials and data across platforms. We propose a policy-driven data-protection system to address the inadequacies of current technological solutions in preserving the co... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Build Your Career [advertisement]

    Publication Year: 2008, Page(s): 43
    Request permission for commercial reuse | PDF file iconPDF (287 KB)
    Freely Available from IEEE
  • Grid Computing Security: A Taxonomy

    Publication Year: 2008, Page(s):44 - 51
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (417 KB) | HTML iconHTML

    Grid computing helps us overcome heterogeneity in terms of computing elements, operating systems, policy decisions, and environments. However, security issues impede us from adopting the grid as a widespread IT virtualization solution, so we must develop solutions to address these issues. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Estimating a System's Mean Time-to-Compromise

    Publication Year: 2008, Page(s):52 - 60
    Cited by:  Papers (39)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (493 KB) | HTML iconHTML

    Mean time-to-compromise is a comparative security metric that applies lessons learned from physical security. To address this need in the SCADA world specifically and the corporate IT security world more generally, we propose a mean time-to-compromise (MTTC) interval as an estimate of the time it will take for an attacker with a specific skill level to successfully impact a target system. We also ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Combating the Insider Cyber Threat

    Publication Year: 2008, Page(s):61 - 64
    Cited by:  Papers (15)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (642 KB) | HTML iconHTML

    The penetration of US national security by foreign agents as well as American citizens is a historical and current reality that's a persistent and increasing phenomenon. Surveys, such as the e-crime watch survey, reveal that current or former employees and contractors are the second greatest cybersecurity threat, exceeded only by hackers, and that the number of security incidents has increased geo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Taming Virtualization

    Publication Year: 2008, Page(s):65 - 67
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (119 KB) | HTML iconHTML

    Although the term virtualization has been around for decades, only recently has it become a buzzword in the computer systems community with the revival of virtual machines (VMs), driven by efforts in industry and academia. VMs are software entities that emulate a real machine's functionality; they execute under the control of a hypervisor that virtualizes and multiplexes low-level hardware resourc... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • CAPTCHAs: Humans vs. Bots

    Publication Year: 2008, Page(s):68 - 70
    Cited by:  Papers (4)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (308 KB) | HTML iconHTML

    A completely automated public turing test to tell computers and humans apart (CAPT-CHA) offers a way for Web service providers to make some conclusions about whether a "user" is human or robot. Process of CAPTCHA recognition is a combination of efforts, approaches, and software that attempts to increase accuracy to an acceptable level. Of course, it's hard to define this level, but we've found tha... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Becoming a Security Expert

    Publication Year: 2008, Page(s):71 - 73
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (792 KB) | HTML iconHTML

    Anyone involved in the software industry should learn a few facts and skills that relate to software security. A small number of skills exist that anyone in the software development business can learn to improve software security. Whether you're a developer, architect, or tester, it's important that you understand the nature of the constantly evolving security landscape and build defenses into app... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Confused Deputy and the Domain Hijacker

    Publication Year: 2008, Page(s):74 - 77
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1708 KB) | HTML iconHTML

    The Gmail vulnerability allowed unauthorized parties to add custom mail filters to target Gmail accounts. The only requirement was that the target users visit a Web site with malicious content while signed into Gmail View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Forum Shopping on the Internet

    Publication Year: 2008, Page(s):78 - 80
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (566 KB) | HTML iconHTML

    Elementary school children are familiar with the phrase, "If I bring the ball, I make the rules." But who decides what rules apply on the Internet? Laws aren't the same in each country, and the Internet goes everywhere. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Testing of Internal Tools

    Publication Year: 2008, Page(s):81 - 83
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (138 KB) | HTML iconHTML

    As the software industry continues to mature, software companies are realizing that they must dedicate more resources to quality assurance (QA) processes. But even though security testing as part of an overall QA process for products shipped to customers is starting to gain acceptance in the software industry as a necessity, the majority of software vendors pay little to no attention to the securi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An RBAC Implementation and Interoperability Standard: The INCITS Cyber Security 1.1 Model

    Publication Year: 2008, Page(s):84 - 87
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (706 KB) | HTML iconHTML

    An operational definition for role-based access control (RBAC) is that permission assignment is based on the role a principal is assuming during a work session. The central underlying concept is thus that IT permissions are assigned to roles rather than directly to users. This level of indirection can provide simpler security administration and finer-grained access control policies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • What We Got for Christmas

    Publication Year: 2008, Page(s): 88
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (166 KB) | HTML iconHTML

    Columnists Dan Geer and Dan Conway present the numbers side of the security field. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • 2008 IEEE Computer Society membership [advertisement]

    Publication Year: 2008, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (403 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Ahmad-Reza Sadeghi
Technische Universität Darmstadt
ahmad.sadeghi@trust.tu-darmstadt.de