By Topic

IEEE Security & Privacy

Issue 5 • Date Sept.-Oct. 2009

Filter Results

Displaying Results 1 - 25 of 28
  • [Front cover]

    Publication Year: 2009, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (5646 KB)
    Freely Available from IEEE
  • Usenix

    Publication Year: 2009, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (1336 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2009, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (2091 KB)
    Freely Available from IEEE
  • In Clouds Shall We Trust?

    Publication Year: 2009, Page(s): 3
    Cited by:  Papers (5)
    Request permission for commercial reuse | PDF file iconPDF (78 KB) | HTML iconHTML
    Freely Available from IEEE
  • IEEE Security & Privacy [masthead]

    Publication Year: 2009, Page(s): 4
    Request permission for commercial reuse | PDF file iconPDF (135 KB)
    Freely Available from IEEE
  • Silver Bullet Talks with Bob Blakley

    Publication Year: 2009, Page(s):5 - 8
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (536 KB) | HTML iconHTML

    Gary McGraw interviews, Bob Blakley, the VP and research director of Burton Group's Identity and Privacy Strategies. Before joining Burton Group, he was chief scientist for security and privacy at IBM. Blakley is active in the security research community, having served as general chair at Oakland and also for the New Security Paradigms Conferences. He's also participated in the US National Academy... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • News Briefs

    Publication Year: 2009, Page(s):9 - 10
    Request permission for commercial reuse | PDF file iconPDF (2575 KB) | HTML iconHTML
    Freely Available from IEEE
  • Guest Editors' Introduction: Securing the Domain Name System

    Publication Year: 2009, Page(s):11 - 13
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1233 KB) | HTML iconHTML

    Virtually every Internet application relies on the Domain Name System, but security wasn't a major goal of its original design. The result is several critical vulnerabilities, reviewed in this introduction to a special issue on DNS security. To address the security challenges, the community developed the DNS Security Extensions (DNSSEC), which are undergoing deployment. The articles in this specia... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protecting the DNS from Routing Attacks: Two Alternative Anycast Implementations

    Publication Year: 2009, Page(s):14 - 20
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1186 KB) | HTML iconHTML

    The domain name system is a critical piece of the Internet and supports most Internet applications. Because it's organized in a hierarchy, its correct operation depends on the availability of just a few servers at the hierarchy's upper levels. These backbone servers are vulnerable to routing attacks in which adversaries controlling part of the routing system try to hijack the server address space.... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Phishing Infrastructure Fluxes All the Way

    Publication Year: 2009, Page(s):21 - 28
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1319 KB) | HTML iconHTML

    Fast flux aims to keep phishing and scam campaigns afloat by provisioning a fraudulent Web site's domain name system records to make the site resolve to numerous, short-lived IP addresses. Although fast flux hurts takedown efforts, it's possible to detect and defend against it. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Open Issues in Secure DNS Deployment

    Publication Year: 2009, Page(s):29 - 35
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1198 KB) | HTML iconHTML

    The domain name system's growth has been unprecedented, but protocol vulnerabilities threaten its stability and trustworthiness. The Internet Engineering Task Force's DNS security extentions specification aims to protect the system from these attacks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Securing DNS: Extending DNS Servers with a DNSSEC Validator

    Publication Year: 2009, Page(s):36 - 43
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1320 KB) | HTML iconHTML

    DNS security extensions (DNSSEC) is a proposed set of standards for securely authenticating information in the Domain Name System. DNSSEC validators check the digital signatures on DNS data. However, designing a validator worth the operational costs is a challenge. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Interadministrative Challenges in Managing DNSKEYs

    Publication Year: 2009, Page(s):44 - 51
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3227 KB) | HTML iconHTML

    Although the visible deployment of domain name system security extensions is growing at a tremendous rate, evidence suggests that managing cryptographic keys is deceptively complex. Here, the authors outline the problem of managing DNSKEYs and present a survey comparison of existing proposed solutions. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Call for Papers: Cloud Computing Security

    Publication Year: 2009, Page(s): 52
    Request permission for commercial reuse | PDF file iconPDF (445 KB)
    Freely Available from IEEE
  • Teach Them When They Aren't Looking: Introducing Security in CS1

    Publication Year: 2009, Page(s):53 - 55
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (336 KB) | HTML iconHTML

    This article discusses computer security exercises that have been used to introduce concepts in foundational computer-programming courses. It presents two examples and discusses the associated reactions of the students as they learn about computer security at the beginning of their computer-programming careers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Evolution of Online Identity

    Publication Year: 2009, Page(s):56 - 59
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (150 KB) | HTML iconHTML

    The author proposes that we must significantly improve how we authenticate ourselves on various computer systems to address growing security and privacy threats. As part of that process, we must adopt an identity metasystem that relies on in-person proofing and the passing of identity claims (such as claims about name, age, residency, or any other identity attribute). When people and organizations... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security, Privacy, and the Role of Law

    Publication Year: 2009, Page(s):60 - 63
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1650 KB) | HTML iconHTML

    US President Barack Obama promised a "new comprehensive approach" to cybersecurity and guaranteed to preserve "personal privacy and civil liberties," but the administration has stopped short of committing to the legal changes necessary to protect either information infrastructure or privacy. This tendency to undervalue law as a tool for enhancing both security and individual privacy is shared with... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Green Cryptography: Cleaner Engineering through Recycling, Part 2

    Publication Year: 2009, Page(s):64 - 65
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (138 KB) | HTML iconHTML

    In this paper we further defend our selection of the AES as a prime candidate for recycling, by looking at its underlying design strategy - the wide-trail strategy - in the context of security margins, an often misunderstood metric for comparing block ciphers. We show that it's not always as easy as who has the most rounds; it's what's happening inside the round. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Managing the Security Wall of Data

    Publication Year: 2009, Page(s):66 - 68
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (144 KB) | HTML iconHTML

    This article is quite different from other articles published in basic training; rather than focus on a specific security-related technology, I want to focus on another important topic: how to be more effective as a security person. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Call for Papers: Security and Reliability of Embedded Systems

    Publication Year: 2009, Page(s): 69
    Request permission for commercial reuse | PDF file iconPDF (551 KB)
    Freely Available from IEEE
  • Wireless Malware Propagation: A Reality Check

    Publication Year: 2009, Page(s):70 - 74
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2006 KB) | HTML iconHTML

    The paper discusses the data security on wireless communications. In recent years, several authors began to work on the concept of security attacks against wireless communication protocols- in particular, the propagation of malware through them. It was fun to design covert attack devices and evaluate the Bluetooth user population's exposure to them. However, the latest "developments" on these thre... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Taking Surveillance Out of the Shadows

    Publication Year: 2009, Page(s):75 - 77
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1351 KB) | HTML iconHTML

    Wiretapping and surveillance are often covered by veils of secrecy that intelligence and law enforcement agencies reflexively apply to what they consider their most sensitive operations. Unfortunately, when the veils are lifted, we frequently discover that the technologies at the root of surveillance systems are often deeply flawed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Incentives to Innovate: Improve the Past or Break with It?

    Publication Year: 2009, Page(s):78 - 81
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1123 KB) | HTML iconHTML

    Does more expansive copyright law increase creativity by discouraging adaptations of existing work? The author discusses examples from cooking, boatbuilding, and the theater. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Are Patched Machines Really Fixed?

    Publication Year: 2009, Page(s):82 - 85
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1035 KB) | HTML iconHTML

    Updating and patching has become a ubiquitous part of software maintenance, with particular importance to security. It's especially crucial when the systems in question perform vital functions and security compromises might yield drastic consequences. Unfortunately, updates intended to remediate security problems are sometimes incomplete, are flawed, or introduce new vulnerability themselves. The ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Risk Concentration

    Publication Year: 2009, Page(s):86 - 87
    Request permission for commercial reuse | PDF file iconPDF (325 KB) | HTML iconHTML
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu