By Topic

IEEE Security & Privacy

Issue 1 • Date Jan.-Feb. 2010

Filter Results

Displaying Results 1 - 25 of 25
  • [Front cover]

    Publication Year: 2010, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (2055 KB)
    Freely Available from IEEE
  • Digital Editions [advertisement]

    Publication Year: 2010, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (3822 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2010, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (817 KB)
    Freely Available from IEEE
  • Drawing the Line

    Publication Year: 2010, Page(s):3 - 4
    Request permission for commercial reuse | PDF file iconPDF (194 KB) | HTML iconHTML
    Freely Available from IEEE
  • IEEE Security & Privacy [masthead]

    Publication Year: 2010, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (141 KB)
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2010, Page(s):6 - 7
    Request permission for commercial reuse | PDF file iconPDF (335 KB) | HTML iconHTML
    Freely Available from IEEE
  • Silver Bullet Talks with Christofer Hoff

    Publication Year: 2010, Page(s):8 - 10
    Request permission for commercial reuse | PDF file iconPDF (269 KB) | HTML iconHTML
    Freely Available from IEEE
  • Inferring Personal Information from Demand-Response Systems

    Publication Year: 2010, Page(s):11 - 20
    Cited by:  Papers (58)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2191 KB) | HTML iconHTML

    Current and upcoming demand-response systems provide increasingly detailed power-consumption data to utilities and a growing array of players angling to assist consumers in understanding and managing their energy use. The granularity of this data, as well as new players' entry into the energy market, creates new privacy concerns. The detailed per-household consumption data that advanced metering s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How internet users' privacy concerns have evolved since 2002

    Publication Year: 2010, Page(s):21 - 27
    Cited by:  Papers (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1742 KB) | HTML iconHTML

    Internet privacy was the topic in this paper. A 2008 survey revealed that US Internet users' top three privacy concerns haven't changed since 2002, but privacy-related events might have influenced their level of concern within certain categories. The authors describe their results as well as the differences in privacy concerns between US and international respondents. They also mentioned that indi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Scenario-Driven Role Engineering

    Publication Year: 2010, Page(s):28 - 35
    Cited by:  Papers (16)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (841 KB) | HTML iconHTML

    Access control deals with eliciting, specifying, enforcing, and maintaining access control policies in software-based systems. Recently, role-based access control (RBAC)-together with various extensions-has developed into a de facto standard for access control. Scenario-driven role engineering is a systematic approach for defining customized RBAC models, including roles, permissions, constraints, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How Internet Security Breaches Harm Market Value

    Publication Year: 2010, Page(s):36 - 42
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (677 KB) | HTML iconHTML

    Internet security in stock market was the topic in this paper. Decision-tree induction is effective for examining the factors influencing abnormal stock market returns after a public security breach announcement. Extending a previous study, the authors identify new relationships between abnormal returns and firm and attack characteristics and subject them to statistical testing. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Architectural Modeling to Verify Security and Nonfunctional Behavior

    Publication Year: 2010, Page(s):43 - 49
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (770 KB) | HTML iconHTML

    As computer-based systems have become more complex and we continue to exploit the benefits of code generation for those systems' components or subsystems, we're finding significant integration problems due to unanticipated behavior. It isn't enough to have correct code for software components and subsystems, they must be properly integrated and correctly executed to create a fully functional syste... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Can a Trusted Environment Provide Security?

    Publication Year: 2010, Page(s):50 - 52
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (669 KB) | HTML iconHTML

    Internet security is the topic of this paper. Software as a service (SaaS) is a well-established, cost-effective means to deliver traditional software applications without investing in infrastructure and qualified personnel. A natural extension of cloud services is to extend platform independence via virtualization to a security model. This paradigm allows for the distributed provisioning of commo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The iterated weakest link

    Publication Year: 2010, Page(s):53 - 55
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (269 KB) | HTML iconHTML

    Security breaches are in the news almost daily, each bigger and more costly than the last. We believe an iterated weakest-link model accurately captures the challenges of many information security threats today. Our findings suggest a need to reassess conclusions that condemn seemingly lax security practices found in the media. Our model can assist policy makers in reducing negative externalities ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Call in the Cyber National Guard!

    Publication Year: 2010, Page(s):56 - 59
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (882 KB) | HTML iconHTML

    The economic consequences of a cyberattack on major critical infrastructures might well outweigh the cost of fielding the CNG. Furthermore, an ad hoc group of private consultants wouldn't have the time, teamwork, or skills to address a major cyberattack, nor would they be able to respond quickly. Because cyberspace isn't confined to national borders, it would be prudent to develop international pa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Smarter Grid

    Publication Year: 2010, Page(s):60 - 63
    Cited by:  Papers (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (211 KB) | HTML iconHTML

    In the US, tens of millions of "smart meters," which are vulnerable to remote exploitation, viruses, worms, malicious upgrades, and all manner of other attacks, have been deployed. Attackers can and already have used these meters, on a small scale, to disable the power infrastructure and cause both long-term physical damage to it and harm to the public. These deployments and other related control ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Opportunities in White-Box Cryptography

    Publication Year: 2010, Page(s):64 - 67
    Cited by:  Papers (4)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (610 KB) | HTML iconHTML

    White-box cryptography is the discipline of implementing a cryptographic algorithm in software such that an adversary will have difficulty extracting the cryptographic key. This approach assumes that the adversary has full access to and full control over the implementation's execution. White-box implementations can provide good protection when combined with other security measures. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Building a Better Boot Camp

    Publication Year: 2010, Page(s):68 - 71
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (513 KB) | HTML iconHTML

    The field of security is vast, and the temptation is to keep adding to the collection of topics we consider to be basic. However, such an approach is inefficient. This installment focuses on Basic Training's underlying mission. In particular, it explores the question of what precisely is basic training in information assurance today and proposes a higher level rather than detail focused approach. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • No Grid Left Behind

    Publication Year: 2010, Page(s):72 - 76
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (233 KB) | HTML iconHTML

    Infrastructure entities, especially those responsible for energy transmission and distribution, have embarked on substantial programs to update their information architectures and have begun using modern information technology and networking to connect traditionally isolated and disparate systems. Unfortunately, there's almost an unavoidable introduction of cybersecurity vulnerabilities into these... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Outlook: Cloudy with a Chance of Security Challenges and Improvements

    Publication Year: 2010, Page(s):77 - 80
    Cited by:  Papers (19)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (802 KB) | HTML iconHTML

    Cloud computing is the topic in this paper. Cloud computing is the latest wave in systems architectures. The cloud realizes computing as a utility-that is, customers submit their computing tasks to the cloud, which provides the resources necessary to execute those tasks. Security is a major concern that could limit the cloud computing paradigm's impact. The factors affecting security in cloud comp... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Smart-grid security issues

    Publication Year: 2010, Page(s):81 - 85
    Cited by:  Papers (195)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1763 KB) | HTML iconHTML

    This article has given a broadbrush description of issues related to smart-grid security. Designing solutions in at this stage, before widespread deployment, would be beneficial; in some cases solutions exist, whereas in others research investments will be needed. Several open questions about goals still require discussion, especially around such topics as how (and how much) privacy can be support... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A life is short, a half-life is forever

    Publication Year: 2010, Page(s):86 - 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (812 KB) | HTML iconHTML

    It is observed that when something undergoes a constant relative rate of change, there's an exponential function behind the observation. This paper explains that for exponential declines, we tend to report the half-life; think radioactive decay. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security and Function Creep

    Publication Year: 2010, Page(s): 88
    Cited by:  Papers (1)
    Request permission for commercial reuse | PDF file iconPDF (217 KB) | HTML iconHTML
    Freely Available from IEEE
  • Usenix

    Publication Year: 2010, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (1398 KB)
    Freely Available from IEEE
  • Infosec World 2010

    Publication Year: 2010, Page(s): c4
    Request permission for commercial reuse | PDF file iconPDF (1133 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu