By Topic

IEEE Security & Privacy

Issue 2 • Date March-April 2012

Filter Results

Displaying Results 1 - 25 of 28
  • [Front cover]

    Publication Year: 2012, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (4542 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2012, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (4165 KB)
    Freely Available from IEEE
  • Can We Be Too Careful?

    Publication Year: 2012, Page(s):3 - 5
    Request permission for commercial reuse | PDF file iconPDF (1266 KB) | HTML iconHTML
    Freely Available from IEEE
  • [Masthead]

    Publication Year: 2012, Page(s): 6
    Request permission for commercial reuse | PDF file iconPDF (135 KB)
    Freely Available from IEEE
  • Reflecting on Some Past Predictions

    Publication Year: 2012, Page(s):7 - 10
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1201 KB) | HTML iconHTML

    Are computer security experts good futurists? This article examines some of the predictions from 2002 from practitioners, researchers, and corporate managers, and then assesses how well they did at guessing the state of security in 2012. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Silver Bullet Talks with Neil Daswani

    Publication Year: 2012, Page(s):11 - 14
    Request permission for commercial reuse | PDF file iconPDF (785 KB) | HTML iconHTML
    Freely Available from IEEE
  • Security, Privacy, and Policy Roundup

    Publication Year: 2012, Page(s):15 - 17
    Request permission for commercial reuse | PDF file iconPDF (1284 KB) | HTML iconHTML
    Freely Available from IEEE
  • Guest Editors' Introduction

    Publication Year: 2012, Page(s):19 - 23
    Request permission for commercial reuse | PDF file iconPDF (1969 KB) | HTML iconHTML
    Freely Available from IEEE
  • Security Education against Phishing: A Modest Proposal for a Major Rethink

    Publication Year: 2012, Page(s):24 - 32
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1866 KB) | HTML iconHTML

    When tempted by a good deal online, users don't focus on security warnings; rather, they look for signs to confirm a site's trustworthiness. User education needs to focus on challenging and correcting the misconceptions that guide current behavior. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Holistically Building the Cybersecurity Workforce

    Publication Year: 2012, Page(s):33 - 39
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1378 KB) | HTML iconHTML

    This article proposes a holistic approach to developing the cybersecurity workforce based on careful integration of workforce development strategies into a plan that involves educators, career professionals, employers, and policymakers. Observations of the healthcare model, along with the findings of a recent workshop on cybersecurity education, suggest some practical steps for such an approach. C... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Basing Cybersecurity Training on User Perceptions

    Publication Year: 2012, Page(s):40 - 49
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1573 KB) | HTML iconHTML

    The authors investigated users' understanding of online security by conducting in-depth interviews to identify correct perceptions, myths, and potential misperceptions. Participants were aware of and concerned with online and computer security but lacked a complete skill set to protect their computer systems, identities, and information online. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Educating Cyber Professionals: A View from Academia, the Private Sector, and Government

    Publication Year: 2012, Page(s):50 - 53
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1172 KB) | HTML iconHTML

    How do we solve the workforce problem? Guest editor Mischel Kwon brought together a group of people from government, private-sector, and academic backgrounds to discuss the challenges in educating cyber professionals. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Collective Defense: Applying the Public-Health Model to the Internet

    Publication Year: 2012, Page(s):54 - 59
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1757 KB) | HTML iconHTML

    Governments, enterprises, and consumers face myriad technically advanced and persistent computer threats. Commonly available cyberdefenses such as firewalls, antivirus software, and automatic updates for security patches help reduce the risk from threats. However, they're inadequate because many consumers sometimes ignore the guidance provided or engage in other unsafe actions (such as downloading... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Microsoft vs. Apple: Resilience against Distributed Denial-of-Service Attacks

    Publication Year: 2012, Page(s):60 - 64
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (921 KB) | HTML iconHTML

    Both Microsoft's Windows 7 and Apple's Snow Leopard operating systems claim to provide users with a safer and more reliable environment, but no work has evaluated and compared their resilience against common DDoS attack traffic. The authors compare the effect of this type of attack traffic on both systems installed on the same iMac hardware platform under the same network attack conditions. In par... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The IEEE Symposium on Security and Privacy Is Moving to San Francisco

    Publication Year: 2012, Page(s):65 - 66
    Request permission for commercial reuse | PDF file iconPDF (793 KB)
    Freely Available from IEEE
  • It's Time for Trustworthy Systems

    Publication Year: 2012, Page(s):67 - 70
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1584 KB) | HTML iconHTML

    The time for truly trustworthy systems, backed by machine checked formal proof and analysis, has arrived. Over the past few decades, advances in formal verification and analysis technologies mean that these tools can now scale sufficiently to cover the entire software trusted computing base of appropriately designed real world systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Menlo Report

    Publication Year: 2012, Page(s):71 - 75
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1509 KB) | HTML iconHTML

    On 28 December 2011, the US Department of Homeland Security, Science and Technology, Cyber Security Division released "The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research" to the Federal Register to elicit the public's feedback. In this article, the authors briefly describe the road to this milestone, summarize the report and its companion document, and d... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Lightweight Cryptography for RFID Tags

    Publication Year: 2012, Page(s):76 - 79
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (578 KB) | HTML iconHTML

    At first glance, combining the terms "cryptography" and "lightweight" might invite you to think about a lack of security. However, here the combination refers to suitable cryptography for limited devices for which trade offs between performance, security, and cost are highly important. The constraints could be computing power, memory, bandwidth, or vulnerability to attacks. Lightweight cryptograph... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Unintended Consequences: Digital Evidence in Our Legal System

    Publication Year: 2012, Page(s):80 - 83
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1934 KB) | HTML iconHTML

    The legal and judicial communities have minimal, if any, background necessary to understand the nature of digital evidence and use it appropriately. Given accumulated examples of egregious outcomes resulting from this condition, the authors conclude that no less than the credibility of the justice system is at stake if we, as a technical community, sit idly by. Examples of projects at the Universi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Security Challenges of Client-Side Just-in-Time Engines

    Publication Year: 2012, Page(s):84 - 86
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (204 KB) | HTML iconHTML

    Any added complexity in a software system will increase the possible program states, introducing a larger attack surface and the possibility of more exploitable flaws. JIT engines, however, alter the environment in which they execute in far more interesting ways, not only through implementation flaws but also by their fundamental operation modes. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Patch for Postel's Robustness Principle

    Publication Year: 2012, Page(s):87 - 91
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1445 KB) | HTML iconHTML

    Jon Postel's Robustness Principle- "Be conservative in what you do, and liberal in what you accept from others"- played a fundamental role in how Internet protocols were designed and implemented. Its influence went far beyond direct application by Internet Engineering Task Force (IETF) designers, as generations of programmers learned from examples of the protocols and server implementations it had... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Jobs board [advertisement]

    Publication Year: 2012, Page(s): 92
    Request permission for commercial reuse | PDF file iconPDF (10493 KB)
    Freely Available from IEEE
  • Can Users Control Online Behavioral Advertising Effectively?

    Publication Year: 2012, Page(s):93 - 96
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1267 KB) | HTML iconHTML

    Online behavioral advertising (OBA) is the increasingly widespread practice of targeting users with specific online ads on the basis of a user's previous online behavior. Advertisers pay a premium for targeted ads because users are more likely to make purchases after viewing relevant ads. On the other hand, whereas some users might appreciate seeing more relevant advertisements, many say they find... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Driving Secure Software Development Experience in a Diverse Product Environment

    Publication Year: 2012, Page(s):97 - 101
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (597 KB) | HTML iconHTML

    Siemens' central security team drives secure software development across a diverse product portfolio. From factory automation to wind turbines, Siemens builds security in by activities including standardizing roles and responsibilities, threat and risk analysis, and product security risk management across Siemens' 15,000 software developers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Numbers Worth Having

    Publication Year: 2012, Page(s):102 - 103
    Request permission for commercial reuse | PDF file iconPDF (379 KB) | HTML iconHTML
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu