By Topic

IEEE Security & Privacy

Issue 3 • May-June 2009

Filter Results

Displaying Results 1 - 25 of 27
  • [Front cover]

    Publication Year: 2009, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (1756 KB)
    Freely Available from IEEE
  • CSDA e-Learning System [advertisement]

    Publication Year: 2009, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (7360 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2009, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (539 KB)
    Freely Available from IEEE
  • IEEE Security & Privacy [masthead]

    Publication Year: 2009, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (102 KB)
    Freely Available from IEEE
  • A National Goal for Cyberspace: Create an Open, Accountable Internet

    Publication Year: 2009, Page(s):3 - 4
    Cited by:  Papers (8)
    Request permission for commercial reuse | PDF file iconPDF (450 KB) | HTML iconHTML
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2009, Page(s):6 - 7
    Request permission for commercial reuse | PDF file iconPDF (1170 KB) | HTML iconHTML
    Freely Available from IEEE
  • Silver Bullet Talks with Gary McGraw

    Publication Year: 2009, Page(s):8 - 10
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (149 KB) | HTML iconHTML Multimedia Media

    On the third-anniversary special of The Silver Bullet Security Podcast, James McGovern interviews host Gary McGraw. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Guest Editors' Introduction: Securing Online Games: Safeguarding the Future of Software Security

    Publication Year: 2009, Page(s):11 - 12
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (386 KB) | HTML iconHTML Multimedia Media

    Massively distributed online role-playing games are a bellwether for problems to come in software security. As cloud computing, service-oriented architecture, and Web 2.0 take off, we can expect to grapple with very similar technical issues to those currently facing online games. The guest editors of this special issue on securing online games tackle this problem from three angles, describing the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reducing the Attack Surface in Massively Multiplayer Online Role-Playing Games

    Publication Year: 2009, Page(s):13 - 19
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (505 KB) | HTML iconHTML

    As online games become increasingly complex and popular, malware authors could start targeting these virtual worlds to launch attacks. Two case studies show how an attacker can leverage various features of online games to take over players' computers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Walking on Water: A Cheating Case Study

    Publication Year: 2009, Page(s):20 - 22
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1393 KB) | HTML iconHTML

    Online games offer opportunities for malicious users with the necessary skills to turn a profit. Many game developers acknowledge and address these risks, but new games still use technologies whose security implications have yet to be publicly disclosed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Virtual Judgment: Legal Implications of Online Gaming

    Publication Year: 2009, Page(s):23 - 28
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (409 KB) | HTML iconHTML

    The legal issues inherent in virtual worlds and massively multiplayer online role-playing games (MMORPGs) are extremely complex yet still in their infancy. The author gives an overview of this dangerous combination and describes the current legal landscape. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Server-Side Bot Detection in Massively Multiplayer Online Games

    Publication Year: 2009, Page(s):29 - 36
    Cited by:  Papers (19)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (16117 KB) | HTML iconHTML

    One of the greatest threats that massively multiplayer online games face today is a form of cheating called botting. The authors propose an automated approach that detects bots on the server side based on character activity and is completely transparent to end users. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Investigation of Cheating in Online Games

    Publication Year: 2009, Page(s):37 - 44
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (518 KB) | HTML iconHTML

    Cheating is rampant in current gameplay on the Internet but not well understood. In this article, the authors summarize various known cheating methods and define a taxonomy for online game cheating to help security experts and game developers alike. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security through Information Risk Management

    Publication Year: 2009, Page(s):45 - 52
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (397 KB) | HTML iconHTML

    Managing information risk means building risk analysis into every business decision. Chief information security officers widely agree that action plans must include risk categorization, communication, and measurement. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Helping Students 0wn Their Own Code

    Publication Year: 2009, Page(s):53 - 56
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (297 KB) | HTML iconHTML

    It's a difficult mental exercise to simultaneously envision how a system could be forced to fail while you're busy designing how it's meant to work. At George Mason University, instructors give their students practice at this skill by requiring them to write attack scripts for all their assignments. Creating an attack script is a mental exercise for the student in which they align themselves with ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Note on Trust-Enhanced Security

    Publication Year: 2009, Page(s):57 - 59
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (91 KB) | HTML iconHTML

    In these uncertain economic times, two key ingredients in short supply are trust and confidence. The concept of trust has been around for many decades (if not centuries) in different disciplines such as business, psychology, and philosophy as well as in technology. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • War Stories

    Publication Year: 2009, Page(s):60 - 63
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (520 KB) | HTML iconHTML

    For humans, war remains an inexhaustible subject of storytelling and analysis—such a compelling topic that experts trace the origins of written history, historiography, to the Athenian general Thucydides, who wrote The Peloponnesian War nearly 2,500 years ago. The appeal of war stories, whether we read them for elevation or escape, is eternal. Science fiction, like every other genre whose ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Malicious Interfaces and Personalization's Uninviting Future

    Publication Year: 2009, Page(s):64 - 67
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (582 KB) | HTML iconHTML

    Being online isn't as fun as it used to be. Online advertising increasingly intrudes, distracts, and interferes with accomplishing even simple tasks; purposely misleading menus make navigation confusing and unintuitive; and, far too often, the cost of getting to desired content involves divulging personal information that isn't relevant to the task at hand. In short, malicious interface designs ar... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities

    Publication Year: 2009, Page(s):68 - 71
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (620 KB) | HTML iconHTML

    CWE, which stands for Common Weakness Enumeration, is a project sponsored by the National Cyber Security Division of the US Department of Homeland Security to classify security bugs. It assigns a unique number to weakness types such as buffer overruns or cross-site scripting bugs (for example, CWE- 327 is "Use of a Broken or Risky Cryptographic Algorithm"). Shortly after the Top 25 list's release,... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Malicious JavaScript Insertion through ARP Poisoning Attacks

    Publication Year: 2009, Page(s):72 - 74
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (237 KB) | HTML iconHTML

    The Address Resolution Protocol (ARP) is a core communication protocol used for LANs. RFC 826 defined it in 19821 but paid little attention to security. Although we've been aware of potential attacks against ARP for more than 10 years, we've only recently started observing them in the real world, especially from various Chinese hacking groups. Here, I explain ARP attack fundamentals and analyze re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security and Privacy Challenges in the Smart Grid

    Publication Year: 2009, Page(s):75 - 77
    Cited by:  Papers (221)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (208 KB) | HTML iconHTML

    Global electrical grids are verging on the largest technological transformation since the introduction of electricity into the home. The antiquated infrastructure that delivers power to our homes and businesses is being replaced with a collection of digital systems called the smart grid. This grid is the modernization of the existing electrical system that enhances customers' and utilities' abilit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reading Over Your Shoulder

    Publication Year: 2009, Page(s):78 - 81
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (242 KB) | HTML iconHTML

    Today, Amazon recommends books to you based on the books you've previously bought or searched for-soon, it could know exactly what paragraphs you've read. But will this help it make better recommendations? Is this customer service or an invasion of privacy? The author takes a look at recommender systems and if they truly deliver on what they promise or portend a much more error-prone method of tra... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Logging in the Age of Web Services

    Publication Year: 2009, Page(s):82 - 85
    Cited by:  Papers (16)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (110 KB) | HTML iconHTML

    In today's age of Web applications connected via Web services, accountability has become both crucial and harder to achieve. The management of authentication, authorization, and accountability in these applications is therefore a very important and difficult problem to solve. In this article, we describe how audit logging can be built into the Web services infrastructure. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Doubt of the Benefit

    Publication Year: 2009, Page(s):86 - 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (249 KB) | HTML iconHTML

    Cost-benefit analysis in security is appealing as a standard approach, admirable for its simplicity, appreciated for its generality, but otherwise worthless. Every cost-benefit calculation requires a consistent scale, and the more people this affects, the less they're likely to agree on whatever rescaling this forces. Thus, questions such as "What is a human life worth?" or, in our case, "What is ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Digital Endosymbiosis

    Publication Year: 2009, Page(s): 88
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (81 KB) | HTML iconHTML

    The science behind evolution suggests that the transition from cells without a nucleus to cells with a nucleus is perhaps the single greatest leap between there and here, and that it came about by the inclusion of some cells in some other cells. The term of art here, endosymbiosis, credits the ability to respire, move, and photosynthesize as results of the inclusion of more primitive forms within ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

IEEE Security & Privacy’s primary objective is to stimulate and track advances in security, privacy, and dependability and present these advances in a form that can be useful to a broad cross-section of the professional community—ranging from academic researchers to industry practitioners. It provides articles with both a practical and research bent by the top thinkers in the field of security and privacy, along with case studies, surveys, tutorials, columns, and in-depth interviews and podcasts for the information security industry.
 

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Ahmad-Reza Sadeghi
Technische Universität Darmstadt
ahmad.sadeghi@trust.tu-darmstadt.de