Scheduled System Maintenance:
Some services will be unavailable Sunday, March 29th through Monday, March 30th. We apologize for the inconvenience.
By Topic

Security & Privacy, IEEE

Issue 1 • Date Jan.-Feb. 2010

Filter Results

Displaying Results 1 - 25 of 25
  • [Front cover]

    Publication Year: 2010 , Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (2055 KB)  
    Freely Available from IEEE
  • Digital Editions [advertisement]

    Publication Year: 2010 , Page(s): c2
    Save to Project icon | Request Permissions | PDF file iconPDF (3822 KB)  
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2010 , Page(s): 1 - 2
    Save to Project icon | Request Permissions | PDF file iconPDF (817 KB)  
    Freely Available from IEEE
  • Drawing the Line

    Publication Year: 2010 , Page(s): 3 - 4
    Save to Project icon | Request Permissions | PDF file iconPDF (194 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • IEEE Security & Privacy [masthead]

    Publication Year: 2010 , Page(s): 5
    Save to Project icon | Request Permissions | PDF file iconPDF (141 KB)  
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2010 , Page(s): 6 - 7
    Save to Project icon | Request Permissions | PDF file iconPDF (335 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Silver Bullet Talks with Christofer Hoff

    Publication Year: 2010 , Page(s): 8 - 10
    Save to Project icon | Request Permissions | PDF file iconPDF (269 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Inferring Personal Information from Demand-Response Systems

    Publication Year: 2010 , Page(s): 11 - 20
    Cited by:  Papers (26)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2191 KB) |  | HTML iconHTML  

    Current and upcoming demand-response systems provide increasingly detailed power-consumption data to utilities and a growing array of players angling to assist consumers in understanding and managing their energy use. The granularity of this data, as well as new players' entry into the energy market, creates new privacy concerns. The detailed per-household consumption data that advanced metering systems generate reveals information about in-home activities that such players can mine and combine with other readily available information to discover more about occupants' activities. The authors explore the technological aspects of this claim, focusing on the ways in which personally identifying information can be collected and repurposed. Their results show that, even with relatively unsophisticated hardware and data-extraction algorithms, some information about occupant behavior can be estimated with a high degree of accuracy. The authors propose a disclosure metric to aid in quantifying the impact of data collection on in-home privacy and construct an example metric for their experiment. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How internet users' privacy concerns have evolved since 2002

    Publication Year: 2010 , Page(s): 21 - 27
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1742 KB) |  | HTML iconHTML  

    Internet privacy was the topic in this paper. A 2008 survey revealed that US Internet users' top three privacy concerns haven't changed since 2002, but privacy-related events might have influenced their level of concern within certain categories. The authors describe their results as well as the differences in privacy concerns between US and international respondents. They also mentioned that individuals have become more concerned about personalization in customized browsing experiences, monitored purchasing patterns, and targeted marketing and research. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Scenario-Driven Role Engineering

    Publication Year: 2010 , Page(s): 28 - 35
    Cited by:  Papers (5)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (841 KB) |  | HTML iconHTML  

    Access control deals with eliciting, specifying, enforcing, and maintaining access control policies in software-based systems. Recently, role-based access control (RBAC)-together with various extensions-has developed into a de facto standard for access control. Scenario-driven role engineering is a systematic approach for defining customized RBAC models, including roles, permissions, constraints, and role hierarchies. Since its first publication in 2002, the author gained considerable experience with scenario-driven role engineering, and several consulting firms and international projects have adopted the approach. Based on these experiences, the author enhanced the approach and now has a much deeper understanding of the relations between different role-engineering artifacts, the need for process tailoring, and the use of preexisting documents in role-engineering activities. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How Internet Security Breaches Harm Market Value

    Publication Year: 2010 , Page(s): 36 - 42
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (677 KB) |  | HTML iconHTML  

    Internet security in stock market was the topic in this paper. Decision-tree induction is effective for examining the factors influencing abnormal stock market returns after a public security breach announcement. Extending a previous study, the authors identify new relationships between abnormal returns and firm and attack characteristics and subject them to statistical testing. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Architectural Modeling to Verify Security and Nonfunctional Behavior

    Publication Year: 2010 , Page(s): 43 - 49
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (770 KB) |  | HTML iconHTML  

    As computer-based systems have become more complex and we continue to exploit the benefits of code generation for those systems' components or subsystems, we're finding significant integration problems due to unanticipated behavior. It isn't enough to have correct code for software components and subsystems, they must be properly integrated and correctly executed to create a fully functional system that meets its nonfunctional requirements, such as real-time performance, reliability, security, or safety. A single-source system model annotated with analysis-specific information can reflect architectural changes with little additional effort. The Architecture Analysis and Design Language (AADL) provides a platform for multidimensional model analysis and verification. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Can a Trusted Environment Provide Security?

    Publication Year: 2010 , Page(s): 50 - 52
    Cited by:  Papers (6)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (669 KB) |  | HTML iconHTML  

    Internet security is the topic of this paper. Software as a service (SaaS) is a well-established, cost-effective means to deliver traditional software applications without investing in infrastructure and qualified personnel. A natural extension of cloud services is to extend platform independence via virtualization to a security model. This paradigm allows for the distributed provisioning of common security services. This model and its application demonstrate the viability of "security as a service" for cloud computing. Security as a service can enable cloud customers to implement and maintain the protection they need in an efficient, cost-effective manner that can be tailored to meet their risk profile. The paper discusses the aspects of security as a service. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The iterated weakest link

    Publication Year: 2010 , Page(s): 53 - 55
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (269 KB) |  | HTML iconHTML  

    Security breaches are in the news almost daily, each bigger and more costly than the last. We believe an iterated weakest-link model accurately captures the challenges of many information security threats today. Our findings suggest a need to reassess conclusions that condemn seemingly lax security practices found in the media. Our model can assist policy makers in reducing negative externalities as consequences (not causes) of insecurity by better predicting situations that hinder proactive investment. The model also helps identify influential factors-notably, uncertainty about attacks-so that firms and managers can derive incentive based countermeasures. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Call in the Cyber National Guard!

    Publication Year: 2010 , Page(s): 56 - 59
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (882 KB) |  | HTML iconHTML  

    The economic consequences of a cyberattack on major critical infrastructures might well outweigh the cost of fielding the CNG. Furthermore, an ad hoc group of private consultants wouldn't have the time, teamwork, or skills to address a major cyberattack, nor would they be able to respond quickly. Because cyberspace isn't confined to national borders, it would be prudent to develop international partnerships in CNG training, education, and operations. Furthermore, industry participation and cooperation would be needed, perhaps via a nongovernment organization such as the W3C or by providing legal protections such as those provided to US National Guard members. However the CNG would be organized, industry would need to embrace the notion of and advantages derived from a national cyber-emergency-response capability. To ensure that the CNG and industry are partners, regular meetings at the local, regional, and national levels would be needed to plan strategies and build industry-guard teamwork. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Smarter Grid

    Publication Year: 2010 , Page(s): 60 - 63
    Cited by:  Papers (13)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (211 KB) |  | HTML iconHTML  

    In the US, tens of millions of "smart meters," which are vulnerable to remote exploitation, viruses, worms, malicious upgrades, and all manner of other attacks, have been deployed. Attackers can and already have used these meters, on a small scale, to disable the power infrastructure and cause both long-term physical damage to it and harm to the public. These deployments and other related control mechanisms will be expanded in the coming years, as a necessary step toward better energy efficiency and to enable the next generation of electrical systems to integrate into the grid. The question is, how can we make this deployment safe and secure? View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Opportunities in White-Box Cryptography

    Publication Year: 2010 , Page(s): 64 - 67
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (610 KB) |  | HTML iconHTML  

    White-box cryptography is the discipline of implementing a cryptographic algorithm in software such that an adversary will have difficulty extracting the cryptographic key. This approach assumes that the adversary has full access to and full control over the implementation's execution. White-box implementations can provide good protection when combined with other security measures. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Building a Better Boot Camp

    Publication Year: 2010 , Page(s): 68 - 71
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (513 KB) |  | HTML iconHTML  

    The field of security is vast, and the temptation is to keep adding to the collection of topics we consider to be basic. However, such an approach is inefficient. This installment focuses on Basic Training's underlying mission. In particular, it explores the question of what precisely is basic training in information assurance today and proposes a higher level rather than detail focused approach. The column ends with a request for feedback. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • No Grid Left Behind

    Publication Year: 2010 , Page(s): 72 - 76
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (233 KB) |  | HTML iconHTML  

    Infrastructure entities, especially those responsible for energy transmission and distribution, have embarked on substantial programs to update their information architectures and have begun using modern information technology and networking to connect traditionally isolated and disparate systems. Unfortunately, there's almost an unavoidable introduction of cybersecurity vulnerabilities into these once isolated industrial domains. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Outlook: Cloudy with a Chance of Security Challenges and Improvements

    Publication Year: 2010 , Page(s): 77 - 80
    Cited by:  Papers (10)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (802 KB) |  | HTML iconHTML  

    Cloud computing is the topic in this paper. Cloud computing is the latest wave in systems architectures. The cloud realizes computing as a utility-that is, customers submit their computing tasks to the cloud, which provides the resources necessary to execute those tasks. Security is a major concern that could limit the cloud computing paradigm's impact. The factors affecting security in cloud computing, as well as the improvements made were mentioned and discussed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Smart-grid security issues

    Publication Year: 2010 , Page(s): 81 - 85
    Cited by:  Papers (77)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1763 KB) |  | HTML iconHTML  

    This article has given a broadbrush description of issues related to smart-grid security. Designing solutions in at this stage, before widespread deployment, would be beneficial; in some cases solutions exist, whereas in others research investments will be needed. Several open questions about goals still require discussion, especially around such topics as how (and how much) privacy can be supported. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A life is short, a half-life is forever

    Publication Year: 2010 , Page(s): 86 - 87
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (812 KB) |  | HTML iconHTML  

    It is observed that when something undergoes a constant relative rate of change, there's an exponential function behind the observation. This paper explains that for exponential declines, we tend to report the half-life; think radioactive decay. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security and Function Creep

    Publication Year: 2010 , Page(s): 88
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | PDF file iconPDF (217 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Usenix

    Publication Year: 2010 , Page(s): c3
    Save to Project icon | Request Permissions | PDF file iconPDF (1398 KB)  
    Freely Available from IEEE
  • Infosec World 2010

    Publication Year: 2010 , Page(s): c4
    Save to Project icon | Request Permissions | PDF file iconPDF (1133 KB)  
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu