By Topic

IEEE Security & Privacy

Issue 5 • Date Sept.-Oct. 2008

Filter Results

Displaying Results 1 - 25 of 29
  • [Front cover]

    Publication Year: 2008, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (1260 KB)
    Freely Available from IEEE
  • LISA 2008 Conference

    Publication Year: 2008, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (465 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2008, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (661 KB)
    Freely Available from IEEE
  • Cybersecurity and Artificial Intelligence: From Fixing the Plumbing to Smart Water

    Publication Year: 2008, Page(s):3 - 4
    Cited by:  Papers (2)
    Request permission for commercial reuse | PDF file iconPDF (108 KB) | HTML iconHTML
    Freely Available from IEEE
  • The Shape of Crimeware to Come (review of Crimeware: Understanding New Attacks and Defenses by M. Jacobsson and Z. Ramzan) [Book reviews]

    Publication Year: 2008, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (69 KB) | HTML iconHTML
    Freely Available from IEEE
  • IEEE Security & Privacy masthead

    Publication Year: 2008, Page(s): 6
    Request permission for commercial reuse | PDF file iconPDF (82 KB)
    Freely Available from IEEE
  • Silver Bullet Talks with Bill Cheswick [Interview]

    Publication Year: 2008, Page(s):7 - 11
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (255 KB) | HTML iconHTML

    Silver Bullet speaks with Bill Cheswick. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • News Briefs

    Publication Year: 2008, Page(s):12 - 13
    Request permission for commercial reuse | PDF file iconPDF (147 KB) | HTML iconHTML
    Freely Available from IEEE
  • Call for Papers

    Publication Year: 2008, Page(s): 14
    Request permission for commercial reuse | PDF file iconPDF (317 KB)
    Freely Available from IEEE
  • Virtualization and Security: Back to the Future

    Publication Year: 2008, Page(s): 15
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (349 KB) | HTML iconHTML

    The guest editors of the special issue on virtualization introduce the topic. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • I/O for Virtual Machine Monitors: Security and Performance Issues

    Publication Year: 2008, Page(s):16 - 23
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (726 KB) | HTML iconHTML

    Modern I/O architectures are quite complex, so keeping a virtual machine monitor (VMM), or hypervisor, small is difficult. Many current hypervisors move the large, complex, and sometimes proprietary device drivers out of the VMM into one or more partitions, leading to inherent problems in complexity, security, and performance. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Virtualization and Hardware-Based Security

    Publication Year: 2008, Page(s):24 - 31
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (600 KB) | HTML iconHTML

    Hypervisors allow virtualization at the hardware level. These technologies have security-related strengths as well as weaknesses. The authors examine emerging hardware and software virtualization technologies in the context of modern computing environments and requirements. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Virtual Machine Introspection: Observation or Interference?

    Publication Year: 2008, Page(s):32 - 37
    Cited by:  Papers (16)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (493 KB) | HTML iconHTML

    As virtualization becomes increasingly mainstream, virtual machine introspection techniques and tools are evolving to monitor VM behavior. A survey of existing approaches highlights key requirements, which are addressed by a new tool suite for the Xen VM monitoring system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Performance Metrics for Information Security Risk Management

    Publication Year: 2008, Page(s):38 - 44
    Cited by:  Papers (6)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (423 KB) | HTML iconHTML

    Qualitative methods are available for risk management, but better practice would use quantitative risk management based on expected losses and related metrics. Measuring the success of information security investments is best accomplished by measuring reductions in expected loss. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • CSDP [advertisement]

    Publication Year: 2008, Page(s): 45
    Request permission for commercial reuse | PDF file iconPDF (1464 KB)
    Freely Available from IEEE
  • Data Retention and Privacy in Electronic Communications

    Publication Year: 2008, Page(s):46 - 52
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1995 KB) | HTML iconHTML

    The retention of communication data by network providers, often mandated by legislation, raises social and technical security concerns. A generic model combining technical, procedural, and legal controls can help secure retained data and minimize privacy threats against users. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Computer Society Career Center [advertisement]

    Publication Year: 2008, Page(s): 53
    Request permission for commercial reuse | PDF file iconPDF (788 KB)
    Freely Available from IEEE
  • Information Assurance Education: A Work In Progress

    Publication Year: 2008, Page(s):54 - 57
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (144 KB) | HTML iconHTML

    The recognition that we need improved computer security education has increased over the past several years. Recent cyberattacks in Georgia and Estonia exemplify the new threats faced by economies that rely on the Internet. Thus, more people see the need to protect cyberspace-which translates into improving computer security in all aspects of computer use-as crucial for everyone, not merely for th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cross-Border Data Flows and Increased Enforcement

    Publication Year: 2008, Page(s):58 - 61
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (116 KB) | HTML iconHTML

    The term "privacy" is subject to many definitions and descriptions. Privacy is the subjective condition people experience when they have the power to control information about themselves and when they exercise that power consistent with their interests and values. The EU Data Protection Directive takes a somewhat different tack and defines personal data as data relating to an identified or identif... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Identity-Based Encryption and Beyond

    Publication Year: 2008, Page(s):62 - 64
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (103 KB) | HTML iconHTML

    In June 2008, the US National Institute for Standards and Technology (NIST) held a workshop entitled, "Applications of Pairing Based Cryptography: Identity-Based Encryption and Beyond," in Gaithersburg, Maryland. In a series of 14 talks and two panel discussions, the presenters at this workshop discussed several aspects of identity-based encryption (IBE) and related pairing-based public-key scheme... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Revealing Packed Malware

    Publication Year: 2008, Page(s):65 - 69
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (303 KB) | HTML iconHTML

    To evade malicious content detection, malware authors use packers, binary tools that instigate code obfuscation. By using executable packers, modern malware can completely bypass personal firewalls and antivirus (AV) scanners.Reverse engineering (RE) has become an important approach to analyzing a program's logic flow and internal data structures, such as system call functions. Security researcher... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Two Years of Broken Crypto: Debian's Dress Rehearsal for a Global PKI Compromise

    Publication Year: 2008, Page(s):70 - 73
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3786 KB) | HTML iconHTML

    A patch to the OpenSSL package maintained by Debian GNU/Linux (an operating system composed of free and open source software that can be used as a desktop or server OS) submitted in 2006 weakened its pseudo-random number generator (PRNG), a critical component for secure key generation. Putting both servers and users at risk, this vulnerability affected OpenSSH, Apache (mod_ssl), the onion router (... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Life or Death InfoSec Subversion

    Publication Year: 2008, Page(s):74 - 76
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (795 KB) | HTML iconHTML

    Details about failures of complex and well-implemented information-based attacks on systems are extremely difficult to obtain. However, here the authors examine a real-life analogue - an information attack on a highly complex security system, that of the Colombian guerrilla group FARC. This operation included a man-in-the-middle attack, targeted denial of service (DoS), and authentication subversi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hardening the Target

    Publication Year: 2008, Page(s):77 - 81
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (131 KB) | HTML iconHTML

    As enterprises increasingly depend on digitized data and seek commercial opportunities from accelerated digital access and transmission, senior management and boards of directors haven't sufficiently updated their enterprises' security protections on digitally stored information. Consequently, new and increasingly frequent attacks have occurred against their digital information assets. Enterprises... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Developing and Retaining a Security Testing Mindset

    Publication Year: 2008, Page(s):82 - 85
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (109 KB) | HTML iconHTML

    Developing a security testing mindset is a hard task. Moreover, as hard as it is to develop it, it's just as hard to retain it and effectively apply it during testing. The authors discuss what it takes to conduct successful software security testing, primarily by describing how to develop a security testing mindset, retain it, and effectively apply it. In particular, they explore the different rol... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu