By Topic

IEEE Security & Privacy

Issue 4 • Date July-Aug. 2011

Filter Results

Displaying Results 1 - 25 of 25
  • [Front cover]

    Publication Year: 2011, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (2519 KB)
    Freely Available from IEEE
  • LISA 2011 trade [advertisement]

    Publication Year: 2011, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (4700 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2011, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (1658 KB)
    Freely Available from IEEE
  • A Doctrinal Thesis

    Publication Year: 2011, Page(s):3 - 4
    Cited by:  Papers (2)
    Request permission for commercial reuse | PDF file iconPDF (300 KB) | HTML iconHTML
    Freely Available from IEEE
  • IEEE Security & Privacy masthead

    Publication Year: 2011, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (237 KB)
    Freely Available from IEEE
  • News Briefs

    Publication Year: 2011, Page(s):6 - 8
    Request permission for commercial reuse | PDF file iconPDF (211 KB) | HTML iconHTML
    Freely Available from IEEE
  • Silver Bullet Talks with John Savage

    Publication Year: 2011, Page(s):9 - 12
    Request permission for commercial reuse | PDF file iconPDF (279 KB) | HTML iconHTML
    Freely Available from IEEE
  • S&P call for papers

    Publication Year: 2011, Page(s): 13
    Request permission for commercial reuse | PDF file iconPDF (759 KB)
    Freely Available from IEEE
  • Toward Scalable Trustworthy Computing Using the Human-Physiology-Immunity Metaphor

    Publication Year: 2011, Page(s):14 - 23
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2302 KB) | HTML iconHTML

    The cybersecurity landscape consists of an ad hoc patchwork of solutions. Optimal cybersecurity is difficult for various reasons: complexity, immense data and processing requirements, resource-agnostic cloud computing, practical time-space-energy constraints, inherent flaws in "Maginot Line" defenses, and the growing number and sophistication of cyberattacks. This article defines the high-priority... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Comparison of Intrusion-Tolerant System Architectures

    Publication Year: 2011, Page(s):24 - 31
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (755 KB) | HTML iconHTML

    With the advancing sophistication of security attacks, protecting open systems is increasingly challenging. Intrusion tolerance should be part of overall in-depth security. This article compares three types of intrusion tolerant system architectures. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Building an Active Computer Security Ethics Community

    Publication Year: 2011, Page(s):32 - 40
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1370 KB) | HTML iconHTML

    In spite of significant ethical challenges faced by researchers evaluating modern threats, the computer security field has yet to grow its own active ethics community to describe and evaluate the ethical implications of its work. Modern threats such as denial-of-service (DoS) attacks, worms, viruses, phishing, and botnets underscore the need for Internet security research in an increasingly networ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Developer-Driven Threat Modeling: Lessons Learned in the Trenches

    Publication Year: 2011, Page(s):41 - 47
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3652 KB) | HTML iconHTML

    This article describes EMC/s real-world experiences with threat modeling, including major challenges encountered, lessons learned, and a description of the company's current developer-driven approach.Threat modeling is a conceptual exercise in which we analyze a system's architecture or design to find security flaws and reduce architectural risk. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Embracing the Kobayashi Maru: Why You Should Teach Your Students to Cheat

    Publication Year: 2011, Page(s):48 - 51
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (791 KB) | HTML iconHTML

    Every day, security professionals face off against adversaries who don't play by the rules. Traditional information security education programs further compound the problem by forcing students to behave in a flawlessly ethical manner. As an alternative, this article suggests techniques for fostering creativity and an adversary mindset in information security students through carefully structured c... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trust Management in the Pervasive Computing Era

    Publication Year: 2011, Page(s):52 - 55
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1005 KB) | HTML iconHTML

    The study of trust should be multidisciplinary. This primarily means including computing and information science on one hand, and psychology on the other. Although some research projects have already employed multidisciplinary approaches, they've rarely included all the necessary ingredients. Furthermore, the core of the trust phenomenon is often overlooked. In addition, to complement current quan... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Was Stuxnet an Act of War? Decoding a Cyberattack

    Publication Year: 2011, Page(s):56 - 59
    Cited by:  Papers (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (719 KB) | HTML iconHTML

    Violations of privacy online threaten an individual's sense of security-and relate to the problem of protecting human security in cyberspace. In the cyber and noncyber realms, prospects for human security are shaped by policies designed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Room at the Bottom: Authenticated Encryption on Slow Legacy Networks

    Publication Year: 2011, Page(s):60 - 63
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (679 KB) | HTML iconHTML

    The author proposes a streamwise model for online encryption for slow legacy networks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security as if People Mattered

    Publication Year: 2011, Page(s):64 - 67
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1304 KB) | HTML iconHTML

    Computer security and usability are challenging problems that are often interrelated. In harmonizing security and usability, it isn't enough to consider how human factors can be leveraged in support of security. Instead, it's important to take a user-centered perspective, and consider how best to support people in attaining their goals when they use computer systems. This article approaches this p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mobile Attacks and Defense

    Publication Year: 2011, Page(s):68 - 70
    Cited by:  Papers (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1891 KB) | HTML iconHTML

    In this paper smartphones are discussed. Today's smartphone are more common than computers. In fact, smart phones are simply computers with extra hardware-namely, a GSM (Global System for Mobile Communications) radio and a baseband processor to control it. These extra features are great, but with the power they provide, there's also a threat. Today, smartphones are becoming targets of attackers in... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Failure-Based Discipline of Trustworthy Information Systems

    Publication Year: 2011, Page(s):71 - 75
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2220 KB) | HTML iconHTML

    Complex system failures is an everyday risk and occurrence, avoided only by dumb luck or the most cautious and restrained planning. The sheer complexity of most systems, including those involving or controlled by a digital information system, has far surpassed the point at which we can consider failures-particularly maliciously induced failures- as abnormal events. This reality calls to investigat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reading: From Paper to Pixels

    Publication Year: 2011, Page(s):76 - 79
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1585 KB) | HTML iconHTML

    What, if anything, will be the role of publishers in a world in which books are formatted by their authors, distributed electronically, and read online? The success of e-books has spawned a boom in self-publishing, with the possibility that just as musicians now depend not on recording contracts but self-promotion for concert revenues, authors will depend on direct sales to readers rather than hav... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities

    Publication Year: 2011, Page(s):80 - 84
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (376 KB) | HTML iconHTML

    The software industry would benefit from more emphasis on avoiding security mistakes in the first place. That means security requirements analysis and architecting and designing security in, an approach that's currently rare but that provides substantial benefits. The most common approaches to the latent (generally called 0-day) vulnerability problem fall into one of two categories: Do nothing. Wa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Attack surface inflation

    Publication Year: 2011, Page(s):85 - 86
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (284 KB) | HTML iconHTML

    The attack surface, a term familiar to most readers of S&P, has been a focus of effort for the bet ter part of a decade now. It's an easy concept to grasp and one not limited to information security. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Eisenhower revisited

    Publication Year: 2011
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (461 KB) | HTML iconHTML

    Information security is fast becoming a cyber-industrial complex, and as we know, complex systems have notable side effects. The potential for the disastrous rise of misplaced power exists and will persist View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • S & P Subscribe [advertisement]

    Publication Year: 2011, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (2614 KB)
    Freely Available from IEEE
  • IEEE Paid Advertisement

    Publication Year: 2011, Page(s): c4
    Request permission for commercial reuse | PDF file iconPDF (1213 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu