By Topic

IEEE Security & Privacy

Issue 3 • May-June 2012

Filter Results

Displaying Results 1 - 25 of 26
  • [Front cover]

    Publication Year: 2012, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (4918 KB)
    Freely Available from IEEE
  • Usenix 2012

    Publication Year: 2012, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (2185 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2012, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (5841 KB)
    Freely Available from IEEE
  • A Key to the Castle

    Publication Year: 2012, Page(s): 3
    Request permission for commercial reuse | PDF file iconPDF (642 KB) | HTML iconHTML
    Freely Available from IEEE
  • [Masthead]

    Publication Year: 2012, Page(s): 4
    Request permission for commercial reuse | PDF file iconPDF (137 KB)
    Freely Available from IEEE
  • Security Analytics and Measurements

    Publication Year: 2012, Page(s):5 - 8
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (329 KB) | HTML iconHTML

    The magazine's founding editor in chief, George Cybenko, and his first successor, Carl E. Landwehr, provide perspectives on the need for measuring security and the meaning of those measurements in the context of adversarial dynamics. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Silver Bullet Talks with Giovanni Vigna

    Publication Year: 2012, Page(s):9 - 11
    Request permission for commercial reuse | PDF file iconPDF (530 KB) | HTML iconHTML
    Freely Available from IEEE
  • Security, Privacy, and Policy Roundup

    Publication Year: 2012, Page(s):12 - 13
    Request permission for commercial reuse | PDF file iconPDF (627 KB) | HTML iconHTML
    Freely Available from IEEE
  • Guest editors' introduction: Software Assurance for the Masses

    Publication Year: 2012, Page(s):14 - 15
    Request permission for commercial reuse | PDF file iconPDF (2095 KB) | HTML iconHTML
    Freely Available from IEEE
  • Transitioning Parfait into a Development Tool

    Publication Year: 2012, Page(s):16 - 23
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2454 KB) | HTML iconHTML

    The Parfait static-code-analysis tool started as a research project at Sun Labs (now Oracle Labs) to address runtime and precision shortcomings of C and C++ static-code-analysis tools. After developers started to see and verify the research outcomes, they made further requests to ensure the tool would be easy to use and integrate. This helped transition Parfait from a research artifact to a develo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Software Industry's "Clean Water Act" Alternative

    Publication Year: 2012, Page(s):24 - 31
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2805 KB) | HTML iconHTML

    With water, we trust that qualities harmful to its intended use aren't present. To avoid a regulatory solution to problems with contaminants that endanger software's intended use, the industry needs to implement processes and technical methods for examining software for the contaminants that are most dangerous given its intended use. By finding systematic and verifiable ways to identify remove, an... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SAVI: Static-Analysis Vulnerability Indicator

    Publication Year: 2012, Page(s):32 - 39
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2593 KB) | HTML iconHTML

    Open source software presents new opportunities for software acquisition but introduces risks. The selection of open source applications should take into account both features and security risks. Risks include security vulnerabilities, of which published vulnerabilities are only the tip of the iceberg. Having an application's source code lets us look deeper at its security. SAVI (Static-Analysis V... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Measuring the Value of Static-Analysis Tool Deployments

    Publication Year: 2012, Page(s):40 - 47
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1645 KB) | HTML iconHTML

    For optimum success, static-analysis tools must balance the ability to find important defects against the risk of false positive reports. A human must interpret each reported warning to determine if any action is warranted, and the criteria for judging warnings can vary significantly depending on the analyst's role, the security risk, the nature of the defect, the deployment environment, and many ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Static Analyzers: Seat Belts for Your Code

    Publication Year: 2012, Page(s):48 - 52
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1567 KB) | HTML iconHTML

    Just as seat belt use is widespread, static analysis should be part of ethical software development. Because security must be designed in, static analysis should occur early in software development to reduce vulnerabilities or, even better, provide feedback to educate software developers and reinforce good practices, minimizing vulnerable constructs ever getting in the code. Even as industry migra... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Static Analysis in Motion

    Publication Year: 2012, Page(s):53 - 56
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3111 KB) | HTML iconHTML

    As part of this special issue on static analysis, guest editor Brian Chess put together a roundtable discussion with leaders in the field. Here, they discuss their views on where static analysis is today and what's required to make it an effective part of creating secure and reliable software. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Blaming Noncompliance Is Too Convenient: What Really Causes Information Breaches?

    Publication Year: 2012, Page(s):57 - 63
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (437 KB) | HTML iconHTML Multimedia Media

    Information breaches demand a vigorous response from organizations. The traditional response is to institute policies to constrain and control employee behavior. Information security policies inform employees about appropriate uses of information technology in an organization. Unfortunately, limited evidence exists that such policies effectively reduce confidentiality breaches or information loss.... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detecting Targeted Malicious Email

    Publication Year: 2012, Page(s):64 - 71
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (765 KB) | HTML iconHTML

    Targeted malicious emails (TME) for computer network exploitation have become more insidious and more widely documented in recent years. Beyond spam or phishing designed to trick users into revealing personal information, TME can exploit computer networks and gather sensitive information. They can consist of coordinated and persistent campaigns that can span years. A new email-filtering technique ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Resilience: What Is It, and How Much Do We Want?

    Publication Year: 2012, Page(s):72 - 75
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (244 KB) | HTML iconHTML

    The word “resilience” is increasingly popular to designate some properties we want from systems. When we use this word, do we all mean the same concept? Or the same set of multiple concepts? How do we know when we've achieved it, or them, or a certain amount of them? To design systems, write contracts, or manage organizations, we need some common view about all this. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • NICE: Creating a Cybersecurity Workforce and Aware Public

    Publication Year: 2012, Page(s):76 - 79
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1780 KB) | HTML iconHTML

    The National Initiative for Cybersecurity Education (NICE) aims to create an operational, sustainable, and continually improving program for cybersecurity awareness, education, training, and workforce development. As part of the initiative, the NICE Cybersecurity Workforce Framework aims to codify cybersecurity talent; define the cybersecurity workforce in common terms; and tie the workforce's var... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hardware-Anchored Security Based on SRAM PUFs, Part 1

    Publication Year: 2012, Page(s):80 - 83
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3280 KB) | HTML iconHTML

    Physical unclonable functions (PUFs) originate in intrinsic properties extracted from devices and objects for the purpose of identification. A special type of silicon PUFs called SRAM (static RAM) PUFs can help make integrated circuits securer. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Clouds Roll By

    Publication Year: 2012, Page(s):84 - 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (270 KB) | HTML iconHTML

    Technology changes have driven us first away from centralized computer services and now back toward centralization. Security and reliability are likely to improve as expertise is also centralized and fewer demands are placed on the relatively inexperienced individual users. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Developing Secure Products in the Age of Advanced Persistent Threats

    Publication Year: 2012, Page(s):88 - 92
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1204 KB) | HTML iconHTML

    Advanced persistent threats (APTs) are making technology providers reconsider their security assumptions for secure product development. This article suggests an industry roadmap for rethinking product security in the face of APTs. It also describes steps EMC has taken to implement this roadmap and strengthen its product development practices. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ICS Update

    Publication Year: 2012, Page(s):93 - 95
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1037 KB) | HTML iconHTML

    The natal announcement for the Index of Cyber Security (ICS) first appeared in these pages one year ago. As we promised at the outset, its first birthday marked the time for a review. The ICS is composed from a survey of expert sentiment-that is to say, it asks a set of respondents what they think. Sentiment-based indices have a long history and wide acceptance; two (US) examples are the Consumer ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fighting the Last War

    Publication Year: 2012, Page(s): 96
    Request permission for commercial reuse | PDF file iconPDF (519 KB) | HTML iconHTML
    Freely Available from IEEE
  • Magazine Subscribe [Advertisement]

    Publication Year: 2012, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (3800 KB)
    Freely Available from IEEE

Aims & Scope

IEEE Security & Privacy’s primary objective is to stimulate and track advances in security, privacy, and dependability and present these advances in a form that can be useful to a broad cross-section of the professional community—ranging from academic researchers to industry practitioners. It provides articles with both a practical and research bent by the top thinkers in the field of security and privacy, along with case studies, surveys, tutorials, columns, and in-depth interviews and podcasts for the information security industry.
 

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Ahmad-Reza Sadeghi
Technische Universität Darmstadt
ahmad.sadeghi@trust.tu-darmstadt.de