By Topic

IEEE Security & Privacy

Issue 1 • Date Jan.-Feb. 2009

Filter Results

Displaying Results 1 - 25 of 26
  • [Front cover]

    Publication Year: 2009, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (2303 KB)
    Freely Available from IEEE
  • Infosec World

    Publication Year: 2009, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (1837 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2009, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (1003 KB)
    Freely Available from IEEE
  • Reading (with) the Enemy

    Publication Year: 2009, Page(s): 3
    Request permission for commercial reuse | PDF file iconPDF (78 KB) | HTML iconHTML
    Freely Available from IEEE
  • IEEE Security & Privacy [masthead]

    Publication Year: 2009, Page(s): 4
    Request permission for commercial reuse | PDF file iconPDF (73 KB)
    Freely Available from IEEE
  • Shaking Up the Cybersecurity Landscape

    Publication Year: 2009, Page(s):5 - 6
    Request permission for commercial reuse | PDF file iconPDF (77 KB) | HTML iconHTML
    Freely Available from IEEE
  • Silver Bullet Talks with Gunnar Peterson

    Publication Year: 2009, Page(s):7 - 11
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (300 KB) | HTML iconHTML

    Gary McGraw interviews Gunnar Peterson, a software security expert and a managing principal at Arctec Group, a Minneapolis-based consulting firm. His work centers around service-oriented architecture (SOA), Web 2.0, and other distributed systems. Peterson's blog, http://1raindrop.typepad.com, is devoted to topics in software security. He also edits IEEE Security & Privacy magazine's Buildi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IT Monoculture Security Risks and Defenses

    Publication Year: 2009, Page(s):12 - 13
    Request permission for commercial reuse | PDF file iconPDF (714 KB) | HTML iconHTML
    Freely Available from IEEE
  • The Monoculture Risk Put into Context

    Publication Year: 2009, Page(s):14 - 17
    Cited by:  Papers (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (447 KB) | HTML iconHTML

    Conventional wisdom holds that software monocultures are exceptionally vulnerable to malware outbreaks. The authors argue that this oversimplifies and misleads. An analysis based on attacker reactions suggests that deploying a monoculture in conjunction with automated diversity is indeed a very sensible defense. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Randomized Instruction Sets and Runtime Environments Past Research and Future Directions

    Publication Year: 2009, Page(s):18 - 25
    Cited by:  Papers (4)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2059 KB) | HTML iconHTML

    Instruction set randomization offers a way to combat code-injection attacks by separating code from data (specifically, by randomizing legitimate code's execution environment). The author describes the motivation behind this approach and two application environments. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security through Diversity: Leveraging Virtual Machine Technology

    Publication Year: 2009, Page(s):26 - 33
    Cited by:  Papers (22)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (686 KB) | HTML iconHTML

    Biologists have long recognized the dangers of the lack of diversity or monocultures in biological systems. Recently, it has been noted that much of the fragility of our networked computing systems can be attributed to the lack of diversity or monoculture of our software systems. The problem is severe. Because it is virtually inevitable that software will ship with flaws, our software monoculture ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Risk Assessment of a National Security Infrastructure

    Publication Year: 2009, Page(s):34 - 41
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (551 KB) | HTML iconHTML

    In Norway, BankID is the banking industry's public-key infrastructure (PKI) of choice for authenticating Internet customers. But do BanklD's differences from standard PKIs make it a riskier choice? This assessment, based on both publicly available information and usage experiences, addresses that question. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Prioritizing Vulnerability Remediation by Determining Attacker-Targeted Vulnerabilities

    Publication Year: 2009, Page(s):42 - 48
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (444 KB) | HTML iconHTML

    This article attempts to empirically analyze which vulnerabilities attackers tend to target in order to prioritize vulnerability remediation. This analysis focuses on the link between malicious connections and vulnerabilities, where each connection is considered malicious. Attacks requiring multiple connections are counted as multiple attacks. As the number of connections increases, so does the co... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Computer Society Career Center [advertisement]

    Publication Year: 2009, Page(s): 49
    Request permission for commercial reuse | PDF file iconPDF (501 KB)
    Freely Available from IEEE
  • Understanding Android Security

    Publication Year: 2009, Page(s):50 - 57
    Cited by:  Papers (145)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (315 KB) | HTML iconHTML

    Google's Android platform is a widely anticipated open source operating system for mobile phones. This article describes Android's security model and attempts to unmask the complexity of secure application development. The authors conclude by identifying lessons and opportunities for future enhancements. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The NRC Takes on Data Mining, Behavioral Surveillance, and Privacy

    Publication Year: 2009, Page(s):58 - 62
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (208 KB) | HTML iconHTML

    In mid 2000, The Wall Street Journal reported that the US Federal Bureau of Investigation (FBI) was developing a tool for wiretapping at an Internet service provider (ISP). Carnivore, later renamed DCS 1000, was built to capture communications content - email,pages, and so forth - or the transactional information in the communications of targeted suspects. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cyberpandemics: History, Inevitability, Response

    Publication Year: 2009, Page(s):63 - 67
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (928 KB) | HTML iconHTML

    As cyberspace has evolved into a large, dynamic, and tangled web of computing devices, engineers often fail to design in dependability properties-such as stability, robustness, and security-at the system level. Consequently, unintentional and malevolent actions taken in cyberspace have affected critical infrastructures in the physical world. These disturbances and systems' resultant undependable b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Teaching for Conceptual Change in Security Awareness: A Case Study in Higher Education

    Publication Year: 2009, Page(s):68 - 71
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1327 KB) | HTML iconHTML

    In educational psychology, conceptual change is a process that revises a student's understanding of a topic in response to new information. Conceptual change pedagogy is particularly effective for security awareness education because instructors must deliver concepts to people who primarily just use computer networks and information systems rather than display expertise in the underlying technolog... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy Interests in Prescription Data, Part I: Prescriber Privacy

    Publication Year: 2009, Page(s):72 - 76
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (123 KB) | HTML iconHTML

    For several years, concern has been growing about privacy implications that arise from using and disclosing prescription data. Some patterns or practices provide pharmaceutical companies with the historical trends they need to better target their marketing efforts aimed at individual physicians through more intense, precise, and unique detailing strategies. In the first of a two part-article, the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • CSDP [advertisement]

    Publication Year: 2009, Page(s): 77
    Request permission for commercial reuse | PDF file iconPDF (823 KB)
    Freely Available from IEEE
  • Man-in-the-Middle Attack to the HTTPS Protocol

    Publication Year: 2009, Page(s):78 - 81
    Cited by:  Papers (34)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (140 KB) | HTML iconHTML

    Web-based applications rely on the HTTPS protocol to guarantee privacy and security in transactions ranging from home banking, e-commerce, and e-procurement to those that deal with sensitive data such as career and identity information. Users trust this protocol to prevent unauthorized viewing of their personal, financial, and confidential information over the Web. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Directions in Network-Based Security Monitoring

    Publication Year: 2009, Page(s):82 - 85
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (128 KB) | HTML iconHTML

    This article outlines some recently emerging research in network-based malicious software detection. The author discusses differences between traditional network intrusion detection and these new techniques, and highlights a new freely available tool called BotHunter. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The 0wned Price Index

    Publication Year: 2009, Page(s):86 - 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (235 KB) | HTML iconHTML

    'Tis the season when we musically celebrate the 12 days of Christmas while quietly rejoicing that there are fewer days of Christmas than there are bottles of beer on the wall. 'Tis also the season for us to visit the Owned Price Index (OPI), our index of underground economy prices. The OPI mimics the PNI Christmas index - the price index of the 12 days of Christmas items. The PNI Christmas index, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Architecture of Privacy

    Publication Year: 2009, Page(s): 88
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (88 KB) | HTML iconHTML

    The natural tendencies of the Internet make privacy harder. Technology is the friend of intrusive tools. Digital sensors become smaller and more plentiful. More data is collected and stored every year. Privacy isn't something that occurs naturally online, it must be deliberately architected. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Computer Society Membership [advertisement]

    Publication Year: 2009, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (1028 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu