By Topic

IEEE Security & Privacy

Issue 4 • Date July-Aug. 2009

Filter Results

Displaying Results 1 - 25 of 25
  • [Front cover]

    Publication Year: 2009, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (1603 KB)
    Freely Available from IEEE
  • CSDP "Raise Your Standards" [advertisement]

    Publication Year: 2009, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (6828 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2009, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (415 KB)
    Freely Available from IEEE
  • New Models for Old

    Publication Year: 2009, Page(s):3 - 4
    Request permission for commercial reuse | PDF file iconPDF (261 KB) | HTML iconHTML
    Freely Available from IEEE
  • IEEE Security & Privacy [masthead]

    Publication Year: 2009, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (102 KB)
    Freely Available from IEEE
  • Letters to the Editor

    Publication Year: 2009, Page(s):6 - 7
    Request permission for commercial reuse | PDF file iconPDF (125 KB) | HTML iconHTML
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2009, Page(s):8 - 10
    Request permission for commercial reuse | PDF file iconPDF (1121 KB) | HTML iconHTML
    Freely Available from IEEE
  • Silver Bullet Talks with Virgil Gligor

    Publication Year: 2009, Page(s):11 - 14
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (133 KB) | HTML iconHTML Multimedia Media

    Gary McGraw interviews Virgil Gligor, a professor in Carnegie Mellon University's (CMU) Department of Electrical and Computer Engineering. He's also codirector of CyLab (www.cylab.cmu.edu). Gligor serves on Microsoft's Trusted Computing Academic Advisory Board and has consulted with Burroughs and IBM. Gligor has served on many government information security study groups and served on the National... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Lifting the Veil on Cyber Offense

    Publication Year: 2009, Page(s):15 - 21
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (171 KB) | HTML iconHTML

    Cyber attacks are deliberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or networks or the information and/or programs resident in or transiting these systems or networks. The use of cyber attack as an instrument of US policy is rarely discussed but is an important topic to the nation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • CAPTCHA Security: A Case Study

    Publication Year: 2009, Page(s):22 - 28
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (855 KB) | HTML iconHTML

    A simple but novel attack can break some CAPTCHAs with a success rate higher than 90 percent. In contrast to early work that relied on sophisticated computer vision or machine learning techniques, the authors used simple pattern recognition algorithms to exploit fatal design errors. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Disposal of Disk and Tape Data by Secure Sanitization

    Publication Year: 2009, Page(s):29 - 34
    Cited by:  Papers (6)  |  Patents (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (331 KB) | HTML iconHTML

    User data is often unprotected on disk and tape drives or not erased when no longer needed, creating data security vulnerabilities that many computer users are unaware of. Federal and state laws require data sanitization, which comprises a variety of data eradication methods. Secure sanitization refers to methods meeting those federal and state laws. Companies that fail to meet these laws can be s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy-Aware Role-Based Access Control

    Publication Year: 2009, Page(s):35 - 43
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (536 KB) | HTML iconHTML

    A privacy-aware role-based access control model extends RBAC to express highly complex privacy-related policies, including consideration of such features as conditions and obligations. Because it's based on the RBAC model, the full-fledged P-RBAC solution is easy to deploy in systems already adopting RBAC, thus allowing seamless integration of access control and privacy policies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security in Open Source Web Content Management Systems

    Publication Year: 2009, Page(s):44 - 51
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1257 KB) | HTML iconHTML

    Typically, users of Web content management systems lack expert knowledge of the technology itself, let alone the security issues therein. Complicating the matter, WCMS vulnerabilities are attractive targets for potential attackers. A security analysis of two popular, open-source WCMSs exposed significant security holes, despite the obvious efforts of their developer communities. These vulnerabilit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Making the Best Use of Cybersecurity Economic Models

    Publication Year: 2009, Page(s):52 - 60
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (362 KB) | HTML iconHTML

    This article describes an analysis of several representative cybersecurity economic models, where the authors seek to determine whether each model's underlying assumptions are realistic and useful. They find that many of the assumptions are the same across disparate models, and most assumptions are far from realistic. They recommend several changes so that the predictions from economic models can ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Data Security in the World of Cloud Computing

    Publication Year: 2009, Page(s):61 - 64
    Cited by:  Papers (166)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (625 KB) | HTML iconHTML

    Today, we have the ability to utilize scalable, distributed computing environments within the confines of the Internet, a practice known as cloud computing. In this new world of computing, users are universally required to accept the underlying premise of trust. Within the cloud computing world, the virtual environment lets users access computing power that exceeds that contained within their own ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Human Relationships: A Never-Ending Security Education Challenge?

    Publication Year: 2009, Page(s):65 - 67
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (147 KB) | HTML iconHTML

    Even with high usability of security measures, well-trained and loyal employees don't always behave according to security guidance and may thus represent a security risk. This unexpected behavior is explained by a chain of barriers that employees must overcome to achieve a compliant behavior with security policy requirements. The findings the author reports here open up a discussion on how current... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Deconstructing the Privacy Experience

    Publication Year: 2009, Page(s):68 - 70
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (89 KB) | HTML iconHTML

    The public dialogue around digital privacy lacks critical focus on elements of user interface design. With the rise of the social Web, attention to user interface design has become even more important in setting expectations of privacy online. This essay suggests designing proactively for the privacy experience. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Green Cryptography: Cleaner Engineering through Recycling

    Publication Year: 2009, Page(s):71 - 73
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (179 KB) | HTML iconHTML

    "Green cryptography" is an implementation-centric design paradigm that advocates mature (that is, secure) and minimalist (that is, simple) implementations by recycling cryptographic primitives, components, and design strategies. To exemplify the merits of this recycling-based approach, the authors turn to the Advanced Encryption Standard and examine the pedigree of its predecessors, successors, an... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Predictable Surprises

    Publication Year: 2009, Page(s):74 - 76
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (183 KB) | HTML iconHTML

    Justifying security expenditures in difficult economic times is problematic at best, career ending at worst. This article provides a methodology to improve the probability of budget success based on risk assessment techniques, proven project management skills, and economics. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Securing Cellular Infrastructure: Challenges and Opportunities

    Publication Year: 2009, Page(s):77 - 79
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1667 KB) | HTML iconHTML

    Cellular networks are the only means of digital communication for the vast majority of the world's population. Although such systems have traditionally been viewed as secure due to their relatively closed nature, their transition toward an all-IP infrastructure and convergence with the larger Internet creates the potential for new threats to users' security and privacy. This article considers a nu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Incentive-Centered Design for Security

    Publication Year: 2009, Page(s):80 - 83
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (192 KB) | HTML iconHTML

    Security problems are incentives problems: we build defenses because people want to do things that (intentionally or inadvertently) cause harm. Yet, much research disregards systematic study of the motivations of smart, responsive, autonomous humans in the loop. Meanwhile, the maturing sciences of motivated behavior offer a growing body of theoretical, statistical, and laboratory evidence on syste... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Software Assumptions Lead to Preventable Errors

    Publication Year: 2009, Page(s):84 - 87
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (367 KB) | HTML iconHTML

    Undocumented assumptions are often the cause of serious software system failure. Thus, to reduce such failures, developers must become better at discovering and documenting their assumptions. In this article, we focus on common categories of assumptions in software, discuss methods for recognizing when developers are making them, and recommend techniques for documenting them. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security, Group Size, and the Human Brain

    Publication Year: 2009, Page(s): 88
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (89 KB) | HTML iconHTML

    If the size of your company grows past 150 people, it's time to get name badges. It's not that larger groups are somehow less secure, it's just that 150 is the cognitive limit to the number of people a human brain can maintain a coherent social relationship with. The whole brain-size comparison might be bunk, and a lot of evolutionary psychologists disagree with it. But certainly security systems ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computing Now [advertisement]

    Publication Year: 2009, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (9097 KB)
    Freely Available from IEEE
  • LISA 2009 [advertisement]

    Publication Year: 2009, Page(s): c4
    Request permission for commercial reuse | PDF file iconPDF (10127 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu