By Topic

IEEE Security & Privacy

Issue 6 • Date Nov.-Dec. 2008

Filter Results

Displaying Results 1 - 24 of 24
  • [Front cover]

    Publication Year: 2008, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (852 KB)
    Freely Available from IEEE
  • Digital Editions [advertisement]

    Publication Year: 2008, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (479 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2008, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (564 KB)
    Freely Available from IEEE
  • IEEE Security & Privacy masthead

    Publication Year: 2008, Page(s): 3
    Request permission for commercial reuse | PDF file iconPDF (74 KB)
    Freely Available from IEEE
  • Are Governments Up to the Task?

    Publication Year: 2008, Page(s):4 - 5
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (730 KB) | HTML iconHTML

    According to this paper Chinese government plans to institute a mandatory security accreditation program for consumer and business digital electronics products developed by foreign firms for export to or manufacture in China. The Chinese government claims that it needs access to source code-an admittedly sensitive form of intellectual property-to assess the vulnerability of products to malware, su... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Silver Bullet Talks with Matt Bishop

    Publication Year: 2008, Page(s):6 - 10
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (721 KB) | HTML iconHTML

    Gary McGraw interviews Matt Bishop, who has made significant inroads in the commercial side of security, lecturing for the SANS Institute, and focusing much of his writing on security education. He is the author of Computer Security: Art and Science (Addison-Wesley, 2002), an important textbook in the space. You can find additional podcasts in the series at www.computer.org/security/podcasts/ or w... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Launching into the Cyberspace Race: An Interview with Melissa E. Hathaway

    Publication Year: 2008, Page(s):11 - 17
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (130 KB) | HTML iconHTML

    Born in secrecy, the Comprehensive National Cyber­security Initiative (CNCI) is possibly one of the most significant technology policy events of the decade and could affect the cyber landscape for the next half century. Championed by the Director of National Intelligence, Mike McConnell, this initiative was made possible by the hard work of Melissa E. Hathaway, who forged consensus among nea... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Shaking Up the Cybersecurity Landscape

    Publication Year: 2008, Page(s):18 - 21
    Request permission for commercial reuse | PDF file iconPDF (226 KB) | HTML iconHTML
    Freely Available from IEEE
  • Process Control System Security: Bootstrapping a Legacy

    Publication Year: 2008, Page(s):22 - 23
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (622 KB) | HTML iconHTML

    Internet connectivity is just one of the concerns that has led to an increased focus on improving cyber security protection in process or industrial control systems. In this special issue, a vendor reviews the concerns and researchers provide recommendations that can lead to improved security. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security for Process Control Systems: An Overview

    Publication Year: 2008, Page(s):24 - 29
    Cited by:  Papers (22)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (572 KB) | HTML iconHTML

    Over the past few years, IT security has become a dominant topic in the process control domain. The authors outline what they see as the core challenges, how industry is responding to them, and what problems remain. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Usable Global Network Access Policy for Process Control Systems

    Publication Year: 2008, Page(s):30 - 36
    Cited by:  Papers (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1933 KB) | HTML iconHTML

    The Access Policy Tool (APT) verifies access policy implementation (expressed as rules) against specification of global policy—for example, policy that encodes best practice recommendations. PCS operators can use the APT to analyze their network configurations for compliance to best practice recommendations. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Vulnerability Assessment for Critical Infrastructure Control Systems

    Publication Year: 2008, Page(s):37 - 43
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (721 KB) | HTML iconHTML

    Assessing security in critical control systems is a particular task that can have dangerous real-world consequences if done poorly or according to more traditional security assessments. In 2006, the North American Electric Reliability Corporation adopted the Critical Infrastructure Protection standards for cyber vulnerability assessment of critical infrastructure control systems. Such CIP assessme... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Crutial Way of Critical Infrastructure Protection

    Publication Year: 2008, Page(s):44 - 51
    Cited by:  Papers (28)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1404 KB) | HTML iconHTML

    Critical infrastructures such as the power grid are essentially physical processes controlled by computers connected by networks. They're usually as vulnerable as any other interconnected computer system, but their failure has a high socioeconomic impact. The Critical Utility Infrastructural Resilience (Crutial) project designed an information switch (CIS) to protect these infrastructures. These d... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SDRS: A Voice-over-IP Spam Detection and Reaction System

    Publication Year: 2008, Page(s):52 - 59
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1560 KB) | HTML iconHTML

    As with email, SIP-based services such as voice over IP or instant messaging can distribute information to numerous recipients at low cost. With SIP's increased popularity, it's reasonable to expect that, also similar to email, the level of spam over Internet telephony (SPIT) will increase in the coming years. To enable VoIP service providers to detect and react to SPIT calls, the authors present ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Challenges for Trusted Computing

    Publication Year: 2008, Page(s):60 - 66
    Cited by:  Papers (11)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (890 KB) | HTML iconHTML

    Trusted computing is proving to be one of the most controversial technologies in recent years. Rather than become embroiled in the debate over possible (mis)appropriations of its technologies, the authors highlight some of the technical obstacles that might hinder trusted computing's widespread adoption. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Teaching for Conceptual Change in Security Awareness

    Publication Year: 2008, Page(s):67 - 69
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (612 KB) | HTML iconHTML

    Most participants in security awareness training programs are daily computer users with backgrounds other than technology. Special attention to pedagogy is necessary to effectively deliver course contents to those who are unfamiliar with the technical details of computers, networks, and information systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • HIPAA Security Enforcement Is Here

    Publication Year: 2008, Page(s):70 - 72
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (97 KB) | HTML iconHTML

    Enforcement has been slow in coming for the administrative simplification rules under the US's Health Insurance Portability and Accountability Act (HIPAA). For more than five years, the Office of Civil Rights in the Department of Health and Human Services (HHS) has been responding to criticism that it has not been enforcing HIPAA's privacy rule as evidenced by its lack of formal enforcement penalt... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Introduction to Microsoft .NET Security

    Publication Year: 2008, Page(s):73 - 78
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (162 KB) | HTML iconHTML

    To build secure applications using the Microsoft .NET Framework, two things are important: understanding the framework and its security features, such as Code Access Security (CAS), and applying .NET secure coding best practices in the development process. This article addresses both these topics. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Five User-Customizable Web Site Security Features

    Publication Year: 2008, Page(s):79 - 81
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (693 KB) | HTML iconHTML

    Few organizations take full advantage of the value their users can provide toward the security of their Web site. Users who care about the data they've entrusted to a Web site are naturally inclined to assist if properly engaged. They can be extremely responsive in raising red flags if and when an incident occurs, probably faster in many cases than an intrusion detection system (IDS). Here, the au... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • State of Application Assessment

    Publication Year: 2008, Page(s):82 - 85
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (320 KB) | HTML iconHTML

    We've finished the missionary work: people know software's the problem. The question has become how do we find which of our systems are most vulnerable and why? This article looks at the state of assessment practice and offers some suggestions. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Is a Subset of Reliability

    Publication Year: 2008, Page(s):86 - 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (149 KB) | HTML iconHTML

    Reliability measures the deviation between the system and the specification. Security involves a subspace of reliability-only particular deviations-thus, security must be easier than reliability. Hastening over the delicate premise that the specification is always accurate and up-to-date, we can roughly align security with the subset of reliability where the cost of deviation per unit time is very... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Complexity Is the Enemy

    Publication Year: 2008, Page(s): 88
    Cited by:  Papers (1)
    Request permission for commercial reuse | PDF file iconPDF (103 KB) | HTML iconHTML
    Freely Available from IEEE
  • IEEE Computer Society Membership [advertisement]

    Publication Year: 2008, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (949 KB)
    Freely Available from IEEE
  • Southern California Linux Expo

    Publication Year: 2008, Page(s): c4
    Request permission for commercial reuse | PDF file iconPDF (201 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu