Notice
There is currently an issue with the citation download feature. Learn more

IEEE Security & Privacy

Issue 3 • May-June 2011

Filter Results

Displaying Results 1 - 25 of 27
  • [Front cover]

    Publication Year: 2011, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (10539 KB)
    Freely Available from IEEE
  • S&P call for papers

    Publication Year: 2011, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (215 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2011, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (1673 KB)
    Freely Available from IEEE
  • Resilient to the Unexpected

    Publication Year: 2011, Page(s):3 - 4
    Cited by:  Papers (1)
    Request permission for commercial reuse | PDF file iconPDF (1098 KB) | HTML iconHTML
    Freely Available from IEEE
  • IEEE Security & Privacy masthead

    Publication Year: 2011, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (236 KB)
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2011, Page(s):6 - 8
    Request permission for commercial reuse | PDF file iconPDF (164 KB) | HTML iconHTML
    Freely Available from IEEE
  • Silver Bullet Talks with Ralph Langner

    Publication Year: 2011, Page(s):9 - 14
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (528 KB) | HTML iconHTML

    Gary McGraw interviews Ralph Langner, the founder and CEO of Langner Communications, a German company focused on control system security. He has more than 20 years' experience working with computerized control systems and was the first researcher to determine that Stuxnet was a directed cyberattack against Iran. Hear the full podcast at www.computer.org/security/podcasts or www.cigital.com/silverb... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Computer Society Jobs Board [advertisement]

    Publication Year: 2011, Page(s): 15
    Request permission for commercial reuse | PDF file iconPDF (1123 KB)
    Freely Available from IEEE
  • Guest Editors' Introduction: The Science of Security

    Publication Year: 2011, Page(s):16 - 17
    Request permission for commercial reuse | PDF file iconPDF (4157 KB) | HTML iconHTML
    Freely Available from IEEE
  • Security Modeling and Analysis

    Publication Year: 2011, Page(s):18 - 25
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1027 KB) | HTML iconHTML

    Security modeling centers on identifying system behavior, including any security defenses; the system adversary's power; and the properties that constitute system security. Once a security model is clearly defined, security analysis evaluates whether the adversary, interacting with the system, can defeat the desired security properties. Although the authors illustrate security analysis using model... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On Adversary Models and Compositional Security

    Publication Year: 2011, Page(s):26 - 32
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (588 KB) | HTML iconHTML

    A unified view of a wide range of adversary classes and composition principles for reasoning about security properties of systems are cornerstones of a science of security. They provide a systematic basis for security analysis by explaining and predicting attacks on systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Provable Security in the Real World

    Publication Year: 2011, Page(s):33 - 41
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (629 KB) | HTML iconHTML

    Provable security plays an important role in the design and analysis of systems using cryptography. However, protocols can be vulnerable to attacks outside the scope of the existing formal analyses. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure Software Installation on Smartphones

    Publication Year: 2011, Page(s):42 - 48
    Cited by:  Papers (19)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1297 KB) | HTML iconHTML

    This overview of iOS, Android, BlackBerry, and Symbian security frameworks includes a novel classification of third-party-application installation models. It also discusses how controlled app marketplaces fit in the smartphone security ecosystem. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Stuxnet: Dissecting a Cyberwarfare Weapon

    Publication Year: 2011, Page(s):49 - 51
    Cited by:  Papers (110)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1012 KB) | HTML iconHTML

    Last year marked a turning point in the history of cybersecurity-the arrival of the first cyber warfare weapon ever, known as Stuxnet. Not only was Stuxnet much more complex than any other piece of malware seen before, it also followed a completely new approach that's no longer aligned with conven tional confidentiality, integrity, and availability thinking. Con trary to initial belief, Stuxnet wa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Monitoring Cloud Computing by Layer, Part 2

    Publication Year: 2011, Page(s):52 - 55
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1263 KB) | HTML iconHTML

    In part I, the author briefly introduced cloud computing and a model of it that has seven layers (facility, network, hardware, OS, middleware, application, and the user). Each cloud computing deployment must have these layers, but different deployment types give control of them to different parties. Here, the author covers controls that could be implemented in the middleware, application, and user... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hacking Competitions and Their Untapped Potential for Security Education

    Publication Year: 2011, Page(s):56 - 59
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (254 KB) | HTML iconHTML

    Information security educators can learn much from the hacker community. The word "hacker" is controversial, and the idea of emulating this community is problematic to some. However, we use the term in its purest form: individuals who creatively explore technology and push it in new directions. Be cause of this imaginative, playful spirit, most hacker conferences sponsor diverse and intense compet... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Measuring Security

    Publication Year: 2011, Page(s):60 - 65
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1187 KB) | HTML iconHTML

    The field of computer and communications security begs for a foundational science to guide system design and to reveal the safety, security, and possible fragility of the complex systems we depend on today. To achieve this goal, we must devise suitable metrics for objectively comparing and evaluating the security of system designs and organizations. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy, Ethics, and Analytics

    Publication Year: 2011, Page(s):66 - 69
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (491 KB) | HTML iconHTML

    When using the analytics process, companies should consider the risks it poses to individuals' information privacy as well as develop responsible measures to accompany its use. This set of ethical standards calls on companies to adopt accountable approaches that reflect the specific risks in a given use of the analytics process. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Curse of Cryptographic Numerology

    Publication Year: 2011, Page(s):70 - 72
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1369 KB) | HTML iconHTML

    The problem of cryptographic numerology has plagued modern cryptography throughout most of its life. The basic concept is that as long as your encryption keys are at least "this big," you're fine, even if none of the surrounding infrastructure benefits from that size or even works at all. The application of cryptographic numerology conveniently directs attention from the difficult to the trivial, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Computer Society Press [advertisement]

    Publication Year: 2011, Page(s): 73
    Request permission for commercial reuse | PDF file iconPDF (543 KB)
    Freely Available from IEEE
  • Vulnerability Detection Systems: Think Cyborg, Not Robot

    Publication Year: 2011, Page(s):74 - 77
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (719 KB) | HTML iconHTML

    This paper discussed why academic research has failed to create effective vulnerability detection software and offer some suggestions on how we can reap practical benefits from future research. The reasons for this failure also help explain why this software can't be completely automatic but must in corporate human knowledge and capabilities to be effective. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Salmon, Songs, and Blankets: Creativity on the Northwest Coast

    Publication Year: 2011, Page(s):78 - 81
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (826 KB) | HTML iconHTML

    The First Nations groups in British Columbia (and nearby Native American groups in Alaska) recognized the ownership of songs and dances, and transferred them as items of value; they did so in a social system rather than a legal one. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Never Waste a Crisis

    Publication Year: 2011, Page(s):82 - 85
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (845 KB) | HTML iconHTML

    Computer security crises can be opportunities to improve a company's security and strengthen its commitment to security. Some general guidelines, along with lessons from the JBIG2 incident, can help you reach these goals. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • New Measures

    Publication Year: 2011, Page(s):86 - 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1365 KB) | HTML iconHTML

    Regular readers of this column might recall the installment that appeared in the November/ December 2010 issue, "An Index of Cybersecurity," which suggested that such an index (the ICS) would soon appear. Prophesy is now fulfilled: the ICS has begun publication at cybersecurityindex.org. It's what is called a sentiment-based index- if you're familiar with the US Consumer Confidence Index, then you... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Clouds from Both Sides

    Publication Year: 2011, Page(s): 88
    Cited by:  Papers (1)
    Request permission for commercial reuse | PDF file iconPDF (226 KB) | HTML iconHTML
    Freely Available from IEEE

Aims & Scope

IEEE Security & Privacy’s primary objective is to stimulate and track advances in security, privacy, and dependability and present these advances in a form that can be useful to a broad cross-section of the professional community—ranging from academic researchers to industry practitioners. It provides articles with both a practical and research bent by the top thinkers in the field of security and privacy, along with case studies, surveys, tutorials, columns, and in-depth interviews and podcasts for the information security industry.
 

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Ahmad-Reza Sadeghi
Technische Universität Darmstadt
ahmad.sadeghi@trust.tu-darmstadt.de