By Topic

IEEE Security & Privacy

Issue 6 • Nov.-Dec. 2012

Filter Results

Displaying Results 1 - 25 of 28
  • Front Cover

    Publication Year: 2012, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (1328 KB)
    Freely Available from IEEE
  • Computing Now Expanded Website [Advertisement]

    Publication Year: 2012, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (29495 KB)
    Freely Available from IEEE
  • Table of Contents

    Publication Year: 2012, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (1209 KB)
    Freely Available from IEEE
  • Giving Back

    Publication Year: 2012, Page(s):3 - 4
    Request permission for commercial reuse | PDF file iconPDF (968 KB) | HTML iconHTML
    Freely Available from IEEE
  • Masthead

    Publication Year: 2012, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (235 KB)
    Freely Available from IEEE
  • Security, Privacy, Policy, and Dependability Roundup

    Publication Year: 2012, Page(s):6 - 8
    Request permission for commercial reuse | PDF file iconPDF (663 KB) | HTML iconHTML
    Freely Available from IEEE
  • Silver Bullet Talks with Howard Schmidt

    Publication Year: 2012, Page(s):9 - 12
    Request permission for commercial reuse | PDF file iconPDF (425 KB) | HTML iconHTML
    Freely Available from IEEE
  • Ten Years On, How Are We Doing? (Spoiler Alert: We Have No Clue)

    Publication Year: 2012, Page(s):13 - 16
    Cited by:  Papers (1)
    Request permission for commercial reuse | PDF file iconPDF (440 KB) | HTML iconHTML
    Freely Available from IEEE
  • Lost Treasures

    Publication Year: 2012, Page(s):17 - 19
    Request permission for commercial reuse | PDF file iconPDF (712 KB) | HTML iconHTML
    Freely Available from IEEE
  • A Contemporary Look at Saltzer and Schroeder's 1975 Design Principles

    Publication Year: 2012, Page(s):20 - 25
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1247 KB) | HTML iconHTML

    In 1975, Jerome Saltzer and Michael Schroeder published "The Protection of Information in Computer Systems," which outlined a series of design principles for secure systems. Some principles, like separation of privilege and least privilege, have become staples of information security practice. Other principles, like simplicity and complete mediation, have failed to thrive. Attempts to codify infor... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Lessons from VAX/SVS for High-Assurance VM Systems

    Publication Year: 2012, Page(s):26 - 35
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (640 KB) | HTML iconHTML

    The authors take a look back at VAX/SVS, a high-assurance virtual machine monitor (VMM) project from the 1980s, extracting its most pertinent lessons, including reference monitor architectural principles, approaches to verifiable and tamperproof access control, the benefits of layering, the impacts of minimization and verification, and the reasons behind its cancellation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Suppose We Got a Do-Over: A Revolution for Secure Computing

    Publication Year: 2012, Page(s):36 - 39
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (581 KB) | HTML iconHTML

    Although visionaries think of breakthrough ideas long before the rest of us, they often think of them before there's technology ready to handle them. Would Multics or the Lisp Machine still have achieved little market success if today's VLSI technology had been ready when they were designed? Forty years ago, there were many things we wanted our computers to do (but few transistors with which to do... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How Certification Systems Fail: Lessons from the Ware Report

    Publication Year: 2012, Page(s):40 - 44
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (766 KB) | HTML iconHTML

    The 1970 Security Controls for Computer Systems report, which helped shape computer systems' standard evaluation criteria, can shed light on current certification systems' shortcomings. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Integrating Historical Security Jewels in Information Assurance Education

    Publication Year: 2012, Page(s):45 - 50
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (600 KB) | HTML iconHTML

    Information assurance (IA) programs are becoming increasingly viable options for computer science and IT students in universities across the US. Although the sophistication of and number of attacks on the cyber domain increase every year, the foundational principles that IA professionals need to learn to advance security and implement new technology remain stable. This article looks at jewels of s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Call for Papers and IEEE Computer Society Information

    Publication Year: 2012, Page(s): 51
    Request permission for commercial reuse | PDF file iconPDF (348 KB)
    Freely Available from IEEE
  • Quality Measures in Biometric Systems

    Publication Year: 2012, Page(s):52 - 62
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1596 KB) | HTML iconHTML

    Biometric technology has been increasingly deployed in the past decade, offering greater security and convenience than traditional methods of personal recognition. Although biometric signals' quality heavily affects a biometric system's performance, prior research on evaluating quality is limited. Quality is a critical issue in security, especially in adverse scenarios involving surveillance camer... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Is Everything We Know about Password Stealing Wrong?

    Publication Year: 2012, Page(s):63 - 69
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (228 KB) | HTML iconHTML

    US Federal Reserve Regulation E guarantees that consumers are made whole when their bank passwords are stolen. The implications lead to several interesting conclusions. First, emptying accounts is extremely hard: transferring money in a way that is irreversible can generally only be done in a way that cannot later be repudiated. Password-enabled transfers can always be repudiated, which explains t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security and Interoperable-Medical-Device Systems, Part 2: Failures, Consequences, and Classification

    Publication Year: 2012, Page(s):70 - 73
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (200 KB) | HTML iconHTML

    Interoperable medical devices (IMDs) face threats due to the increased attack surface presented by interoperability and the corresponding infrastructure. Introducing networking and coordination functionalities fundamentally alters medical systems' security properties. Understanding the threats is an important first step in eventually designing security solutions for such systems. Part 2 of this tw... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Engineering Assurance at the Undergraduate Level

    Publication Year: 2012, Page(s):74 - 77
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (752 KB) | HTML iconHTML

    What would it take for undergraduate computer engineering and computer science programs to routinely produce graduates who can design computer systems that are assured to operate securely? To help answer that question, Syracuse University piloted the undergraduate Cyber Engineering Semester, which aimed to equip undergraduates with three key capabilities. The first was the ability to reason rigoro... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Academic Impact at the Federal Trade Commission

    Publication Year: 2012, Page(s):78 - 82
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (530 KB) | HTML iconHTML

    How does academic privacy and security research result in real-world privacy protection or enhancement? This isn't just an issue of broader research impact but a fundamental scientific research question. A major means to accomplish impact is through existing regulation and oversight institutions. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Magazine Subscribe [Advertisement]

    Publication Year: 2012, Page(s): 83
    Request permission for commercial reuse | PDF file iconPDF (1464 KB)
    Freely Available from IEEE
  • Return-Oriented Programming

    Publication Year: 2012, Page(s):84 - 87
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (519 KB) | HTML iconHTML

    Attackers able to compromise the memory of a target machine can change its behavior and usually gain complete control over it. Despite the ingenious prevention and protection mechanisms that have been implemented in modern operating systems, memory corruption attacks still account for a big share of the security breaches afflicting software systems. This article describes a growing attack trend th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Folk Security

    Publication Year: 2012, Page(s):88 - 90
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (278 KB) | HTML iconHTML

    One of the most important, and most overlooked, ways that we learn is by "social learning" by hearing stories from our friends. Stories are a valuable and underutilized tool for helping people learn how to make better and more secure decisions. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Training an Army of Security Ninjas

    Publication Year: 2012, Page(s):91 - 93
    Cited by:  Papers (1)
    Request permission for commercial reuse | PDF file iconPDF (131 KB) | HTML iconHTML
    Freely Available from IEEE
  • Progress Is Infectious

    Publication Year: 2012, Page(s):94 - 95
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (379 KB) | HTML iconHTML

    Models in network science, public health, and immunology can and should inspire developments in cybersecurity but could also inspire nefarious players. It would be wise to explore this in future research sooner rather than later. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

IEEE Security & Privacy’s primary objective is to stimulate and track advances in security, privacy, and dependability and present these advances in a form that can be useful to a broad cross-section of the professional community—ranging from academic researchers to industry practitioners. It provides articles with both a practical and research bent by the top thinkers in the field of security and privacy, along with case studies, surveys, tutorials, columns, and in-depth interviews and podcasts for the information security industry.
 

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Ahmad-Reza Sadeghi
Technische Universität Darmstadt
ahmad.sadeghi@trust.tu-darmstadt.de