By Topic

IEEE Security & Privacy

Issue 2 • Date March-April 2008

Filter Results

Displaying Results 1 - 25 of 27
  • [Front cover]

    Publication Year: 2008, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (1001 KB)
    Freely Available from IEEE
  • S&P Panel ad at RSA Conference [advertisement]

    Publication Year: 2008, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (988 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2008, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (497 KB)
    Freely Available from IEEE
  • Lessons from Electrification for Identification

    Publication Year: 2008, Page(s): 3
    Request permission for commercial reuse | PDF file iconPDF (92 KB) | HTML iconHTML
    Freely Available from IEEE
  • IEEE Security & Privacy masthead

    Publication Year: 2008, Page(s): 4
    Request permission for commercial reuse | PDF file iconPDF (78 KB)
    Freely Available from IEEE
  • Sharp Figures, Fuzzy Purpose

    Publication Year: 2008, Page(s): 5
    Cited by:  Papers (1)
    Request permission for commercial reuse | PDF file iconPDF (65 KB) | HTML iconHTML
    Freely Available from IEEE
  • Silver Bullet Talks with Ed Amoroso

    Publication Year: 2008, Page(s):6 - 9
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (142 KB) | HTML iconHTML

    Gary McGraw interviews Ed Amoroso, AT&T's chief information security officer. Their conversation ranged widely, from system design to privacy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • News Briefs

    Publication Year: 2008, Page(s):10 - 12
    Request permission for commercial reuse | PDF file iconPDF (298 KB) | HTML iconHTML
    Freely Available from IEEE
  • I'm Pc01002/SpringPeeper/ED288l.6; Who are You?

    Publication Year: 2008, Page(s):13 - 15
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (826 KB) | HTML iconHTML

    In considering identity management, the first issue is—What is identity? This is, of course, an issue that has plagued poets, philosophers, and playwrights for centuries. We're concerned with a more prosaic version of the question: How does an entity recognize another entity? This important question occurs when access to resources, such as health or financial records, services, or benefits... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Venn of Identity: Options and Issues in Federated Identity Management

    Publication Year: 2008, Page(s):16 - 23
    Cited by:  Papers (49)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (633 KB) | HTML iconHTML

    Federated identity management lets users dynamically distribute identity information across security domains, increasing the portability of their digital identities. It also raises new architectural challenges and significant security and privacy issues. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Seven Flaws of Identity Management: Usability and Security Challenges

    Publication Year: 2008, Page(s):24 - 29
    Cited by:  Papers (28)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2031 KB) | HTML iconHTML

    Web identity management systems are complex systems with powerful features - and many potential vulnerabilities. They aim to facilitate the management of identifiers, credentials, personal information, and the presentation of this information to other parties. In many schemes, an identity provider (IdP) issues identities or credentials to users, while a relying party (RP) depends on the IdP to che... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Biometrics in Identity Management Systems

    Publication Year: 2008, Page(s):30 - 37
    Cited by:  Papers (19)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (541 KB) | HTML iconHTML

    Biometric technology - the automated recognition of individuals using biological and behavioral traits - has been presented as a natural identity management tool that offers "greater security and convenience than traditional methods of personal recognition." Indeed, many existing government identity management systems employ biometrics to assure that each person has only one identity in the system... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy and Identity Management

    Publication Year: 2008, Page(s):38 - 45
    Cited by:  Papers (34)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (748 KB) | HTML iconHTML

    Creating and managing individual identities is a central challenge of the digital age. As identity management systems defined here as programs or frameworks that administer the collection, authentication, or use of identity and information linked to identity are implemented in both the public and private sectors, individuals are required to identify themselves with increasing frequency. Traditiona... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Identity Management, Privacy, and Price Discrimination

    Publication Year: 2008, Page(s):46 - 50
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (301 KB) | HTML iconHTML

    In economics, privacy is usually discussed in the context of consumer preferences and price discrimination. But what forms of personal data privacy are compatible with merchants' interests in knowing more about their consumers, and how can identity management systems protect information privacy while enabling personalization and price discrimination? View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Use Cases for Identity Management in E-Government

    Publication Year: 2008, Page(s):51 - 57
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (594 KB) | HTML iconHTML

    E-government identity management systems aren't usually straightforward to implement. Culture and history strongly affect what might be acceptable to citizens in particular circumstances, with levels of trust being a key factor. The authors discuss these issues and present a use case from New Zealand. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hindering Reverse Engineering: Thinking Outside the Box

    Publication Year: 2008, Page(s):58 - 65
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (988 KB) | HTML iconHTML

    In this article, we present the state of the art in today's nonmalicious software defense protections. We also present an overview of the tools and techniques that attackers use to defeat current defenses. Finally, we expound on some unorthodox approaches to defending software, including tactics that advanced malware currently uses to protect itself. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Why and How to Perform Fraud Experiments

    Publication Year: 2008, Page(s):66 - 68
    Cited by:  Papers (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (290 KB) | HTML iconHTML

    Fraud isn't new, but in the eyes of many experts, phishing and crimeware threaten to topple society's overall stability because they erode trust in its underlying computational infrastructure. Most people agree that phishing and crimeware must be fought, but to do so effectively, we must fully understand both types of threat; that starts by quantifying how and when people fall for deceit. In this ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cryptographic Test Correction

    Publication Year: 2008, Page(s):69 - 71
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (138 KB) | HTML iconHTML

    Multiple choice questionnaires (MCQs) are an assessment procedure invented in 1914. Today, they're widely used in education, opinion polls, and elections. When we first encountered MCQs in the university environment, we faced the daunting challenge of having to grade 600 of them. This article explores the possibility of safely transferring part of an MCQ's correction burden to the examinee - in th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security in Mobile Ad Hoc Networks

    Publication Year: 2008, Page(s):72 - 75
    Cited by:  Papers (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (163 KB) | HTML iconHTML

    One of the most critical roles security researchers have is keeping up with new technologies and considering the security implications that go along with them-essentially, ensuring that security is "baked in" to new ideas from the earliest possible moment. Because of this, researchers have had significant interest in the field of mobile ad hoc networks (Manets). Such networks are frequently viewed... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • New Hurdles for Vulnerability Disclosure

    Publication Year: 2008, Page(s):76 - 78
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (810 KB) | HTML iconHTML

    In the information security world, vulnerabilities and exploit tools and techniques are effectively open source - they're just accessible to malicious attackers as they are to security vendors, administrators, and the public at large. In this article vulnerability disclosure is the phenomenon of openness and transparency among security researchers, security vendors, product vendors, and other stak... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Hidden Difficulties of Watching and Rebuilding Networks

    Publication Year: 2008, Page(s):79 - 82
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (116 KB) | HTML iconHTML

    The subtleties of network protection can bedevil even experienced IT staff and security researchers. In this installment of secure systems, we focus on two areas of network defense that are particularly troublesome to manage: network intrusion recovery and ubiquitous network monitoring. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dynamic Security Assertion Markup Language: Simplifying Single Sign-On

    Publication Year: 2008, Page(s):83 - 85
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (253 KB) | HTML iconHTML

    Growth in the use of business process outsourcing and collaborative platforms is driving the demand for organizations to selectively share the identity information they maintain about their users with other partners. Widely accepted protocol such as the Security Assertion Markup Language (SAML) are designed to deliver single sign-on (SSO) and other security attributes, but although organizations c... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Build Your Career [advertisement]

    Publication Year: 2008, Page(s): 86
    Request permission for commercial reuse | PDF file iconPDF (287 KB)
    Freely Available from IEEE
  • Beware the IDs of March

    Publication Year: 2008, Page(s): 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (141 KB) | HTML iconHTML

    In the latest numbers column, Dan Geer and Dan Conway examine the metrics of identity theft. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security by Checklist

    Publication Year: 2008, Page(s): 88
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (112 KB) | HTML iconHTML

    We've all seen the checklists with suggestions for how to secure your system. Many of us have even written them. (I have.) The problem is that security is more complicated than that, and checklists—especially if followed slavishly or enforced without thought—can make matters worse. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu