Scheduled System Maintenance
On Saturday, December 10, single article sales and account management will be unavailable from 5:00 AM-7:30 PM ET.
We apologize for the inconvenience.
By Topic

IEEE Security & Privacy

Issue 4 • July-Aug. 2008

Filter Results

Displaying Results 1 - 23 of 23
  • [Front cover]

    Publication Year: 2008, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (1314 KB)
    Freely Available from IEEE
  • IT Security World

    Publication Year: 2008, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (2217 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2008, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (703 KB)
    Freely Available from IEEE
  • Network Neutrality versus Internet Trustworthiness?

    Publication Year: 2008, Page(s):3 - 4
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (148 KB) | HTML iconHTML

    Network Neutrality requirements are being proposed to promote investment and innovation for the Internet. However, these requirements will likely affect the Internet's trustworthiness too, and there is little discussion about this. Trustworthiness experts must start contributing to the debate their expertise about how to build systems that resist attack and failure. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Security & Privacy masthead

    Publication Year: 2008, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (77 KB)
    Freely Available from IEEE
  • Silver Bullet Talks with Adam Shostack

    Publication Year: 2008, Page(s):6 - 10
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (159 KB) | HTML iconHTML

    Gary McGraw interviews Adam Shostack. Shostack is a member of Microsoft's Secure Development Lifecycle Team. He's worked for Zero Knowledge as Most Evil Genius and Reflective where, as CTO, he focused on static analysis for software security. Shostack recently coauthored The New School of Information Security with Andrew Stewart. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • News Briefs

    Publication Year: 2008, Page(s):11 - 13
    Request permission for commercial reuse | PDF file iconPDF (102 KB) | HTML iconHTML
    Freely Available from IEEE
  • Open Wireless Networks on University Campuses

    Publication Year: 2008, Page(s):14 - 20
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (523 KB) | HTML iconHTML

    Open wireless networks raise privacy issues and entail increased risk of malicious attacks and illegal downloading activities. Such networks are nonetheless attractive-particularly to universities-because they enhance usability and thus expand access to nonsensitive system resources. At universities, such access brings numerous benefits to students, faculty, and the surrounding community alike. He... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Second-Generation RFID

    Publication Year: 2008, Page(s):21 - 27
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1196 KB) | HTML iconHTML

    Current ultra-high frequency air interface protocols help users get the true benefits of second-generation RFID standards. However, these technologies also have some security drawbacks and limitations. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Transactional Confidentiality in Sensor Networks

    Publication Year: 2008, Page(s):28 - 35
    Cited by:  Papers (17)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1638 KB) | HTML iconHTML

    In a sensor network environment, elements such as message rate, message size, mote frequency, and message routing can reveal transactional data - that is, information about the sensors deployed, frequency of events monitored, network topology, parties deploying the network, and location of subjects and objects moving through the networked space. Whereas the confidentiality of network communication... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Remote Client Authentication

    Publication Year: 2008, Page(s):36 - 43
    Cited by:  Papers (8)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (746 KB) | HTML iconHTML

    The effectiveness of remote client-authentication schemes varies significantly in relation to today's security challenges, which include phishing, man-in-the-middle attacks, and malicious software. A survey of remote authentication methods shows how each measures up and includes recommendations for solution developers and consumers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Usage Control Enforcement: Present and Future

    Publication Year: 2008, Page(s):44 - 53
    Cited by:  Papers (16)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (740 KB) | HTML iconHTML

    Both personal data and intellectual property must be protected for various reasons. The authors explore the state of the art in usage control, which is about controlling the use of such data after it has been given away, and identify room for improvement. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Learning by Failing (and Fixing)

    Publication Year: 2008, Page(s):54 - 56
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (145 KB) | HTML iconHTML

    Unfortunately, students can graduate with a software engineering degree without learning anything about building secure systems. However, for the past two years at the Norwegian University of Science and Technology, a software security course has been giving students the theoretical foundation and practical experience necessary to start comprehending software security issues. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Call for Papers: Online Gaming Security

    Publication Year: 2008, Page(s): 57
    Request permission for commercial reuse | PDF file iconPDF (1002 KB)
    Freely Available from IEEE
  • Heuristics for De-identifying Health Data

    Publication Year: 2008, Page(s):58 - 61
    Cited by:  Papers (9)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1116 KB) | HTML iconHTML

    Before releasing personal health information for secondary uses, such as research or public health monitoring, organizations must de-identify the data they've collected. Several common heuristics are useful for this purpose, but they also have limitations. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Virtues of Mature and Minimalist Cryptography

    Publication Year: 2008, Page(s):62 - 65
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (127 KB) | HTML iconHTML

    This installment of Crypto Corner takes a concise look at some of the issues responsible for why cryptography usually ends up looking bad, in practice, and fails to establish the right threat model, let alone realize it. Ultimately, this failure is largely due to a lack of cryptographic competence and the dreaded habit of crammed-in-and-cobbled-together design. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Insiders Behaving Badly

    Publication Year: 2008, Page(s):66 - 70
    Cited by:  Papers (21)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (150 KB) | HTML iconHTML

    Often, we worry about outsiders attacking our systems and networks, breaking through the perimeter defenses we've established to keep bad actors out. However, we must also worry about "insider threats": people with legitimate access who behave in ways that put our data, systems, organizations, and even our businesses' viability at risk. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • 2008 Membership advertisement

    Publication Year: 2008, Page(s):71 - 73
    Request permission for commercial reuse | PDF file iconPDF (1750 KB)
    Freely Available from IEEE
  • Security and Privacy Landscape in Emerging Technologies

    Publication Year: 2008, Page(s):74 - 77
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (109 KB) | HTML iconHTML

    Recent events spawned a need for better communications of security systems, including industrial control systems and emergency management systems. This work is in initial phases and the author reports it here. In this final column for emerging standards and technologies, she also discusses the privacy and security challenges of Web 2.0 and globalization. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Strong Attractors

    Publication Year: 2008, Page(s):78 - 79
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (436 KB) | HTML iconHTML

    In this article the authors examine the metrics of where attackers are, and where they seek out victims. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How the Human Brain Buys Security

    Publication Year: 2008, Page(s): 80
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (100 KB) | HTML iconHTML

    This paper examines prospect theory and how it applies to computer security. The solution is not to sell security directly, but to include it as part of a more general product or service. Vendors need to build security into the products and services that customers actually want. Security is inherently about avoiding a negative, so you can never ignore the cognitive bias embedded so deeply in the h... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Corporate Network Security [advertisement]

    Publication Year: 2008, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (303 KB)
    Freely Available from IEEE
  • Usenix Security Symposium [advertisement]

    Publication Year: 2008, Page(s): c4
    Request permission for commercial reuse | PDF file iconPDF (1169 KB)
    Freely Available from IEEE

Aims & Scope

IEEE Security & Privacy’s primary objective is to stimulate and track advances in security, privacy, and dependability and present these advances in a form that can be useful to a broad cross-section of the professional community—ranging from academic researchers to industry practitioners. It provides articles with both a practical and research bent by the top thinkers in the field of security and privacy, along with case studies, surveys, tutorials, columns, and in-depth interviews and podcasts for the information security industry.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Ahmad-Reza Sadeghi
Technische Universität Darmstadt
ahmad.sadeghi@trust.tu-darmstadt.de