By Topic

IEEE Security & Privacy

Issue 2 • Date March-April 2010

Filter Results

Displaying Results 1 - 25 of 27
  • [Front cover]

    Publication Year: 2010, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (4274 KB)
    Freely Available from IEEE
  • Digital Editions [advertisement]

    Publication Year: 2010, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (2924 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2010, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (1783 KB)
    Freely Available from IEEE
  • International Blues

    Publication Year: 2010, Page(s): 3
    Request permission for commercial reuse | PDF file iconPDF (148 KB) | HTML iconHTML
    Freely Available from IEEE
  • [Masthead]

    Publication Year: 2010, Page(s): 4
    Request permission for commercial reuse | PDF file iconPDF (146 KB)
    Freely Available from IEEE
  • Silver Bullet Talks with Gillian Hayes

    Publication Year: 2010, Page(s):5 - 7
    Request permission for commercial reuse | PDF file iconPDF (261 KB) | HTML iconHTML Multimedia Media
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2010, Page(s):8 - 10
    Request permission for commercial reuse | PDF file iconPDF (400 KB) | HTML iconHTML
    Freely Available from IEEE
  • Guest Editors' Introduction: Mobile Device Security

    Publication Year: 2010, Page(s):11 - 12
    Request permission for commercial reuse | PDF file iconPDF (1164 KB) | HTML iconHTML
    Freely Available from IEEE
  • A mobile biometric system-on-token system for signing digital transactions

    Publication Year: 2010, Page(s):13 - 19
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3519 KB) | HTML iconHTML

    The System-on-Token architecture for biometric systems gives users full control over their biometric data and lets them sign digital transactions using biometrics. The authors implemented and tested the architecture on a commercial mobile device, the Nokia N800. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Taming the Blue Beast: A Survey of Bluetooth Based Threats

    Publication Year: 2010, Page(s):20 - 27
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2966 KB) | HTML iconHTML

    As Bluetooth finds its way into millions of devices worldwide, it also becomes a prime target for hackers. The author presents a taxonomy for threats against Bluetooth-enabled devices, describes several of these threats, and identifies steps for threat mitigation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Making Smart Cards Truly Portable

    Publication Year: 2010, Page(s):28 - 34
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1575 KB) | HTML iconHTML

    A new communication framework makes USB smart cards portable by using the preinstalled device drivers included in modern computer operating systems. This framework could provide the missing link that lets general consumers secure their online access via smart cards.From phishing schemes to pharming scams, online identity theft is a risk that Internet users face as attackers continue to trick peopl... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Google Android: A Comprehensive Security Assessment

    Publication Year: 2010, Page(s):35 - 44
    Cited by:  Papers (113)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2236 KB) | HTML iconHTML

    This research provides a security assessment of the Android framework-Google's software stack for mobile devices. The authors identify high-risk threats to the framework and suggest several security solutions for mitigating them. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Legal Ramifications of Call-Filtering Solutions

    Publication Year: 2010, Page(s):45 - 50
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (16118 KB) | HTML iconHTML

    Spam-over-IP telephony (SPIT) will likely have a significant impact on the usefulness of VoIP telephony solutions, but some solutions to the problem, such as filtering, could raise unanticipated legal issues.This paper contains both an overview and an assessment of the emerging legal issues in this domain and compares the legislation of two countries with very different legal systems: the US and G... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • My Information, Your Code

    Publication Year: 2010, Page(s):51 - 53
    Cited by:  Papers (1)
    Request permission for commercial reuse | PDF file iconPDF (2131 KB) | HTML iconHTML
    Freely Available from IEEE
  • A Clinic for "Secure" Programming

    Publication Year: 2010, Page(s):54 - 56
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (206 KB) | HTML iconHTML

    In this paper, the author mentions that despite the reliance on software in everything from televisions and cars to medical equipment, it often doesn't work correctly. Everyone has had problems with software like text editors that freeze, answering machines that won't answer. Others are far more serious, such as the program on a satellite that contains an error, causing the loss of expensive equip... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hide and Seek in the Cloud

    Publication Year: 2010, Page(s):57 - 58
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (117 KB) | HTML iconHTML

    Google's January 2010 news of apparent attacks from China on its Gmail service is one of many hints that we should think harder about cloud computing's merits. Touted by its advocates as the answer for many needs, the cloud triggered security concerns early. However, these concerns have been overwhelmed by the assurances offered with the hype. So let's pause to consider the alter ego of the cloud ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Limits of Notice and Choice

    Publication Year: 2010, Page(s):59 - 62
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (188 KB) | HTML iconHTML

    The US Federal Trade Commission (FTC) has embarked on a series of three workshops on exploring privacy. The first, in December 2009 in Washington, DC, focused on market and regulatory issues; the second, in January in Berkeley, California, examined technological issues; and the third, scheduled for March in Washington again, will focus on possible solutions. But after hearing from more than 70 spe... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Crypto: Not Just for the Defensive Team

    Publication Year: 2010, Page(s):63 - 66
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2236 KB) | HTML iconHTML

    Cryptography has long been a useful, important tool for defensive computer security. Increasingly, however, attackers are using cryptographic techniques for the same reason as the defenders: to protect code's confidentiality and integrity. But in this case, the code is malicious. This paper reviews uses of encryption by writers of malicious code, through some recent examples. Malicious-code writer... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ethics in security vulnerability research

    Publication Year: 2010, Page(s):67 - 72
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (493 KB) | HTML iconHTML

    Debate has arisen in the scholarly community, as well as among policymakers and business entities, regarding the role of vulnerability researchers and security practitioners as sentinels of information security adequacy. The exact definition of vulnerability research and who counts as a "vulnerability researcher" is a subject of debate in the academic and business communities. For purposes of this... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Always the Same, Never the Same

    Publication Year: 2010, Page(s):73 - 75
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1029 KB) | HTML iconHTML

    In this paper, existing sophisticated techniques can provide a deep and effective analysis to discover whether files hide a computer virus or other malware. Examples of the most effective approaches are heuristic or exhaustive static code analysis and behavior alanalysis in a sandbox environment. However, given the huge number of circulating malware and the high-performance impact associated with ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Voice-over-IP Security: Research and Practice

    Publication Year: 2010, Page(s):76 - 78
    Cited by:  Papers (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1341 KB) | HTML iconHTML

    Consumers and enterprises alike are rapidly adopting voice-over-IP (VoIP) technologies, which offer higher flexibility and more features than traditional telephony infrastructures. They can also potentially lower costs through equipment consolidation and, for the consumer market, new business models. However, VoIP systems also represent high complexity in terms of architecture, protocols, and impl... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • To Strengthen Security, Change Developers' Incentives

    Publication Year: 2010, Page(s):79 - 82
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1106 KB) | HTML iconHTML

    Many of the most common software vulnerabilities, such as buffer overflows, cross-site scripting, and misapplications of cryptography, are wholly avoidable if software makers apply an appropriate level of training, testing, and care.Yet developers today have the "wrong" incentives, often leading them to underinvest in security or even to directly harm it. If we can understand these incentives and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • 10 Quick, Dirty, and Cheap Things to Improve Enterprise Security

    Publication Year: 2010, Page(s):83 - 85
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (149 KB) | HTML iconHTML

    As software security has increasingly become an important part of information security programs, there have been some notable trends and successes of various tools, processes, and models. Because "building security in" is so different from how enterprise software has historically been developed, the changes might seem revolutionary. In the enterprise, revolutionary changes involve cost and complex... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Nothing ventured, nothing gained [Cybersecurity]

    Publication Year: 2010, Page(s):86 - 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (778 KB) | HTML iconHTML

    Investors at all levels are pulling back from cybersecurity, which has serious consequences if and only if investment in cybersecurity matters. If it does, then trouble is brewing. If it does not, then radically different tactics are called for. Definitive numbers are scarce, but indicative numbers are self-evident. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Identity and Security

    Publication Year: 2010, Page(s): 88
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (177 KB) | HTML iconHTML

    A strong identification system presupposes a strong notion of identity. The Internet, though, is multilayered; identity is different at each layer. My computer has three different MAC addresses and several IP addresses, including many IP addresses and logins for different instant message systems. If I switch computers, locations, or employers, several of these would change. Am I no longer myself? ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu