By Topic

IEEE Security & Privacy

Issue 3 • Date May-June 2010

Filter Results

Displaying Results 1 - 25 of 25
  • [Front cover]

    Publication Year: 2010, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (2287 KB)
    Freely Available from IEEE
  • IEEE Security & Privacy call for papers

    Publication Year: 2010, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (95 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2010, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (1761 KB)
    Freely Available from IEEE
  • Balancing Liberty, Stability, and Security

    Publication Year: 2010, Page(s): 3
    Request permission for commercial reuse | PDF file iconPDF (131 KB) | HTML iconHTML
    Freely Available from IEEE
  • IEEE Security & Privacy [masthead]

    Publication Year: 2010, Page(s): 4
    Request permission for commercial reuse | PDF file iconPDF (150 KB)
    Freely Available from IEEE
  • Silver Bullet Talks with Steven Kent

    Publication Year: 2010, Page(s):5 - 9
    Request permission for commercial reuse | PDF file iconPDF (258 KB) | HTML iconHTML Multimedia Media
    Freely Available from IEEE
  • Digital Editions [advertisement]

    Publication Year: 2010, Page(s): 10
    Request permission for commercial reuse | PDF file iconPDF (2926 KB)
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2010, Page(s):11 - 13
    Request permission for commercial reuse | PDF file iconPDF (340 KB) | HTML iconHTML
    Freely Available from IEEE
  • Protection Poker: The New Software Security "Game";

    Publication Year: 2010, Page(s):14 - 20
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1157 KB) | HTML iconHTML

    Without infinite resources, software development teams must prioritize security fortification efforts to prevent the most damaging attacks. The Protection Poker "game" is a collaborative means for guiding this prioritization and has the potential to improve software security practices and team software security knowledge. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward Risk Assessment of Large-Impact and Rare Events

    Publication Year: 2010, Page(s):21 - 27
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (714 KB) | HTML iconHTML

    Traditional risk assessment methods underestimate the risks of large-impact, hard-to-predict, and rare events in information systems. An alternative approach extends these methods to better evaluate risks associated with black and gray swans. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Decision Support Challenges in Data Collection and Use

    Publication Year: 2010, Page(s):28 - 35
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (654 KB) | HTML iconHTML

    In this paper the Bureau of Justice Statistics (BJS) study's structure and findings, reviewing how and where it contributes to our understanding of cybercrime in the US are discussed. Measuring security requires trustworthy, credible data about the type and distribution of attack methods, attack frequency, successful defense methods, and more. Various entities actively collect information about on... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Securing Android-Powered Mobile Devices Using SELinux

    Publication Year: 2010, Page(s):36 - 44
    Cited by:  Papers (37)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1188 KB) | HTML iconHTML

    Google's Android framework incorporates an operating system and software stack for mobile devices. Using a general-purpose operating system such as Linux in mobile devices has advantages but also security risks. Security-Enhanced Linux (SELinux) can help reduce potential damage from a successful attack. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Economics of Click Fraud

    Publication Year: 2010, Page(s):45 - 53
    Cited by:  Papers (9)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1853 KB) | HTML iconHTML

    Click fraud is a substantial threat in the cyberworld. Here, the author examines the contexts, mechanisms, and processes associated with the click-fraud industry from an economics viewpoint. The nature of electronic channels, characterized by asymmetric hypermediation, provides a fertile ground for such fraud. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Thinking operationally [IT security]

    Publication Year: 2010, Page(s):54 - 55
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (158 KB) | HTML iconHTML

    Security is a complex problem. Building secure systems involves many aspects; from development life cycles to code audits, developer training, deployment, and operations, there's a lot to keep track of. However, with the current state of enterprise security, thinking about security from an operational perspective has become increasingly important. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Demythifying Cybersecurity

    Publication Year: 2010, Page(s):56 - 59
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (492 KB) | HTML iconHTML

    A large part of computer security education is tackling myths that support much of the practice in the field. By examining these myths and the underlying truths or heuristics they reflect, we learn three things. First, students and practitioners learn to separate what is empirically and theoretically supported from what is supported solely by untested anecdotes or handeddown "best practices." Seco... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Virtualization Solution

    Publication Year: 2010, Page(s):60 - 63
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (815 KB) | HTML iconHTML

    Is virtualization the solution to computing security? A brief look at the history of computer security salvation might provide some insight. A basic concept underlying OS protection is separation. The OS provides separation of files, directories, processes, users, and devices from each other, even though the hardware lets them interact arbitrarily. In the OS's role as mediator, it prevents user pr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Risk-Based De-Identification of Health Data

    Publication Year: 2010, Page(s):64 - 67
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (267 KB) | HTML iconHTML

    This article describes a method for assessing the overall risk of re-identification for a health data set and how that risk information can be used to decide how much to de-identify the data before it's disclosed. Such an approach ensures that the amount of distortion to the data is proportionate to the risk involved in disclosing a particular data set to a particular data recipient. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • XTS: A Mode of AES for Encrypting Hard Disks

    Publication Year: 2010, Page(s):68 - 69
    Cited by:  Papers (4)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (310 KB) | HTML iconHTML

    The IEEE Security in Storage Working Group (SISWG) has developed the XTS mode of the Advanced Encryption Standard (AES) that the IEEE 1619-2007 standard defines. (XTS stands for XEX-based tweaked codebook mode with ciphertext stealing.) This mode works within the constraints of hard disks while keeping the security that the AES algorithm provides. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cyber-Threat Proliferation: Today's Truly Pervasive Global Epidemic

    Publication Year: 2010, Page(s):70 - 73
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (879 KB) | HTML iconHTML

    During the past year, people around the globe have been captivated-and in some cases, paralyzed-by concerns regarding the spread of the H1N1 flu virus (also known as the swine flu). The powerful strain Tom Kellermann CoreSecurity proves that infectious disease can circumvent the many types of borders we've established in architecting our respective societies. Simultaneously, despite the fact that ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Next Malware Battleground: Recovery After Unknown Infection

    Publication Year: 2010, Page(s):74 - 76
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1783 KB) | HTML iconHTML

    For more than two decades, attackers and malware authors have battled defensive users and administrators for control of computing resources. Unfortunately, the defenders aren't winning the fight. Systems infected with malicious code are as widespread. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Son of Carterfone: Network Neutrality or Regulation?

    Publication Year: 2010, Page(s):77 - 82
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1519 KB) | HTML iconHTML

    This paper discusses the network regulation among Internet service providers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Threat Modeling - Perhaps It's Time

    Publication Year: 2010, Page(s):83 - 86
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1073 KB) | HTML iconHTML

    Practitioners and researchers have been thinking about, making presentations on, and publishing material related to threat modeling for longer than many security practitioners performing assessments have been alive. Yet, many security managers avoid even discussing threat modeling because they perceive it as expensive and difficult. A noisy IT security space makes discerning real threat-modeling p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fratricide [on cybersecurity issues]

    Publication Year: 2010
    Request permission for commercial reuse | PDF file iconPDF (1679 KB) | HTML iconHTML
    Freely Available from IEEE
  • Jobs Board [advertisement]

    Publication Year: 2010, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (1087 KB)
    Freely Available from IEEE
  • 19th Usenix Security Symposium Advertisement

    Publication Year: 2010, Page(s): c4
    Request permission for commercial reuse | PDF file iconPDF (3302 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu